SNI change pems structure
This commit is contained in:
parent
a4d23a58ef
commit
2c91cdc636
@ -269,11 +269,20 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
|
|||||||
ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews");
|
ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews");
|
||||||
ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE);
|
ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE);
|
||||||
final Processor domSetupProcessor = new CompoundProcessor(
|
final Processor domSetupProcessor = new CompoundProcessor(
|
||||||
new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled/" + dom.getUser().getName() + " && "
|
new CreateFileProcessor("/de/hsadmin/mods/dom/openssl-sna.cnf", templateVars, dom, "/tmp/openssl-sna.cnf", "root", "root", "644", true),
|
||||||
+ "mkdir -p $PEMS_DIR/ && "
|
new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-generated && "
|
||||||
|
+ "mkdir -p $PEMS_DIR && "
|
||||||
+ "cd $PEMS_DIR && "
|
+ "cd $PEMS_DIR && "
|
||||||
+ "( ls " + domName + ".crt || ( echo \"\" > " + domName + ".chain && "
|
+ "( ls " + domName + ".crt || ( echo \"\" > _." + domName + ".chain && "
|
||||||
+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -sha256 -subj '/CN=" + domName + "' ) ) &&"
|
+ "openssl req -x509 -newkey rsa:2048 -keyout _." + domName + ".key -out _." + domName + ".crt -days 1100 -nodes -sha256 -config /tmp/openssl-sna.cnf ) ) &&"
|
||||||
|
+ "chmod 400 _." + domName + "*"),
|
||||||
|
new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled && "
|
||||||
|
+ "mkdir -p $PEMS_DIR && "
|
||||||
|
+ "cd $PEMS_DIR && "
|
||||||
|
+ "( ls " + domName + ".crt ||"
|
||||||
|
+ " ( ln -s ../pems-generated/_." + domName + ".key " + domName + ".key"
|
||||||
|
+ " && ln -s ../pems-generated/_." + domName + ".crt " + domName + ".crt"
|
||||||
|
+ " && ln -s ../pems-generated/_." + domName + ".chain " + domName + ".chain ) ) && "
|
||||||
+ "chmod 400 " + domName + "*"),
|
+ "chmod 400 " + domName + "*"),
|
||||||
new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
|
new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
|
||||||
new ShellProcessor(
|
new ShellProcessor(
|
||||||
|
@ -90,9 +90,9 @@
|
|||||||
#end
|
#end
|
||||||
|
|
||||||
SSLEngine On
|
SSLEngine On
|
||||||
SSLCertificateFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.crt
|
SSLCertificateFile /etc/apache2/pems-enabled/${dom.name}.crt
|
||||||
SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.key
|
SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.name}.key
|
||||||
SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.chain
|
SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.name}.chain
|
||||||
|
|
||||||
DocumentRoot /home/doms/${dom.name}/htdocs-ssl
|
DocumentRoot /home/doms/${dom.name}/htdocs-ssl
|
||||||
|
|
||||||
|
12
hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf
Normal file
12
hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[req]
|
||||||
|
prompt = no
|
||||||
|
distinguished_name = req_dn
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[req_dn]
|
||||||
|
commonName = *.${dom.name}
|
||||||
|
|
||||||
|
[v3_ca]
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
extendedKeyUsage=serverAuth
|
||||||
|
subjectAltName=DNS:*.${dom.name},DNS:${dom.name}
|
Loading…
Reference in New Issue
Block a user