From 9f568eef068da175a783f96e33b18098ca99d32c Mon Sep 17 00:00:00 2001 From: Michael Hierweck Date: Fri, 21 Sep 2012 12:46:54 +0200 Subject: [PATCH] Implemented domain options: Apache vhost. --- .../mods/dom/DomainProcessorFactory.java | 54 +++++++++++++++---- .../hsadmin/mods/dom/httpd-vhost-dynamic.jtpl | 54 ++++++++----------- .../hsadmin/mods/dom/httpd-vhost-static.jtpl | 42 +++++++-------- 3 files changed, 86 insertions(+), 64 deletions(-) diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java index 7572ddd..d6df480 100644 --- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java +++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java @@ -125,6 +125,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory { new TemplateProcessor("/de/hsadmin/mods/dom/zonefile.jtpl", templateVars, zonefileTargetPath, false); Processor zonefileACLProcessor = new ShellProcessor("chown root:bind " + zonefileTargetPath + " && chmod 644 " + zonefileTargetPath); + // TODO Use templates and regenerate the file. Processor prizonesFileProcessor = new ShellProcessor("echo 'zone \"" + domName + "\" { type master; file \"pri." + domName + "\"; };' >>/etc/bind/named.pri-zones" + " && sort /etc/bind/named.pri-zones | uniq >/etc/bind/named.pri-zones.tmp" + @@ -176,8 +177,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private Processor createDNSServerRemoveProcessor(String domName) { + // TODO Use templates and regenerate the file. return new ShellProcessor("grep -v '\"sec." + domName + "\"' /etc/bind/named-hsh.conf >/etc/bind/named-hsh.conf.tmp" + - // TODO sed -e'/sec.abc.example.com/d' -i /etc/bind/named-hsh.conf " && mv /etc/bind/named-hsh.conf.tmp /etc/bind/named-hsh.conf" + " && rm /var/cache/bind/sec." + domName + " && invoke-rc.d bind9 reload"); @@ -302,18 +303,53 @@ public class DomainProcessorFactory implements EntityProcessorFactory { String linkPrefix = Integer.toString(100 - level); String pac = dom.getUser().getPac().getName(); Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname"); - query.setParameter("option", "nohtdocsfallback"); query.setParameter("domname", dom.getName()); - List result = query.getResultList(); - List> iterateMaps = new ArrayList>(); - if (!result.isEmpty()) { - iterateMaps.add(new HashMap()); + // TODO: This code should be cleaned up after switching to the velocity template engine. + query.setParameter("option", "indexes"); + if (query.getResultList().isEmpty()) { + templateVars.put("INDEXES", "+Indexes"); + } else { + templateVars.put("INDEXES", "-Indexes"); } + // TODO: This code should be cleaned up after switching to the velocity template engine. + query.setParameter("option", "includes"); + if (query.getResultList().isEmpty()) { + templateVars.put("INCLUDES", "+IncludesNoExec"); + } else { + templateVars.put("INCLUDES", "-Includes"); + } + // TODO: This code should be cleaned up after switching to the velocity template engine. + query.setParameter("option", "multiviews"); + if (query.getResultList().isEmpty()) { + templateVars.put("MULTIVIEWS", "+MultiViews"); + } else { + templateVars.put("MULTIVIEWS", "-MultiViews"); + } + // TODO: This code should be cleaned up after switching to the velocity template engine. + query.setParameter("option", "htdocsfallback"); + if (query.getResultList().isEmpty()) { + templateVars.put("HTDOCSFALLBACKHTTP", + " RewriteCond %{REQUEST_URI} !^/cgi-bin/\n" + + " RewriteCond %{REQUEST_URI} !^/fastcgi-bin/\n" + + " RewriteCond %{HTTP_HOST} ^(.+)\\.{DOM_HOSTNAME}\\.?(:80)?$ [novary]\n" + + " RewriteCond /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1} !-d\n" + + " RewriteRule ^(.*) - [redirect=404,last]"); + templateVars.put("HTDOCSFALLBACKHTTPS", + " RewriteCond %{REQUEST_URI} !^/cgi-bin/\n" + + " RewriteCond %{REQUEST_URI} !^/fastcgi-bin/\n" + + " RewriteCond %{HTTP_HOST} ^(.+)\\.{DOM_HOSTNAME}\\.?(:443)?$ [novary]\n" + + " RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} !-d\n" + + " RewriteRule ^(.*) - [redirect=404,last]"); + } else { + templateVars.put("HTDOCSFALLBACKHTTP", "\n"); + templateVars.put("HTDOCSFALLBACKHTTPS", "\n"); + } + Processor domSetupProcessor = new CompoundProcessor( createDomainDirectoriesProcessor(dom, templateVars), - new CreateFileProcessor(selectVHostTemplate(dom), templateVars, iterateMaps.iterator(), "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true), - new ShellProcessor("ls /etc/apache2/pems/" + pac + ".pem >/dev/null 2>&1 " + - "&& sed -i '/SSLCertificate.*default/d' " + "/etc/apache2/sites-available/" + domName + ".tmp" + + new CreateFileProcessor(selectVHostTemplate(dom), templateVars, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true), + new ShellProcessor("ls /etc/apache2/pems/" + pac + ".pem >/dev/null 2>&1" + + " && sed -i '/SSLCertificate.*default/d' " + "/etc/apache2/sites-available/" + domName + ".tmp" + " && (ls /etc/apache2/pems/" + pac + ".chain.pem >/dev/null 2>&1 || sed -i '/SSLCertificateChain.*" + pac + "/d' " + "/etc/apache2/sites-available/" + domName + ".tmp )" + " || sed -i '/SSLCertificate.*" + pac + "/d' " + "/etc/apache2/sites-available/" + domName + ".tmp"), new ShellProcessor( diff --git a/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-dynamic.jtpl b/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-dynamic.jtpl index e8d7af6..c572834 100644 --- a/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-dynamic.jtpl +++ b/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-dynamic.jtpl @@ -17,40 +17,34 @@ Alias /fastcgi-bin/ /home/doms/{DOM_HOSTNAME}/fastcgi/ - Options -ExecCGI +IncludesNOEXEC +Indexes +MultiViews +SymLinksIfOwnerMatch + Options -ExecCGI {INCLUDES} {INDEXES} {MULTIVIEWS} +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Indexes Limit + AllowOverride AuthConfig FileInfo Indexes Limit - + SetHandler cgi-script - Options +ExecCGI -Indexes -MultiViews - + Options +ExecCGI {INCLUDES} -Indexes -MultiViews +SymLinksIfOwnerMatch + - + SetHandler fcgid-script - Options +ExecCGI -Indexes -MultiViews - + Options +ExecCGI {INCLUDES} -Indexes -MultiViews +SymLinksIfOwnerMatch + RewriteEngine On RewriteOptions Inherit RewriteCond %{REQUEST_URI} !^/cgi-bin/ - RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:80)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1} -d - RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1}$1 [last] + RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ + RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:[0-9]+)?$ [novary] + RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} -d + RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1}$1 [last] - - RewriteCond %{REQUEST_URI} !^/cgi-bin/ - RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:80)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1} !-d - RewriteRule ^(.*) - [redirect=404,last] + {HTDOCSFALLBACKHTTP} - AddType application/x-httpd-php .php .php5 .php4 .php3 Action application/x-httpd-php /fastcgi-bin/phpstub @@ -77,7 +71,7 @@ SSLRequireSSL On - Options -ExecCGI +IncludesNOEXEC +Indexes +MultiViews +SymLinksIfOwnerMatch + Options -ExecCGI {INCLUDES} {INDEXES} {MULTIVIEWS} +SymLinksIfOwnerMatch @@ -86,31 +80,25 @@ SetHandler cgi-script - Options +ExecCGI -Indexes -MultiViews + Options +ExecCGI {INCLUDES} -Indexes -MultiViews +SymLinksIfOwnerMatch SetHandler fcgid-script - Options +ExecCGI -Indexes -MultiViews + Options +ExecCGI {INCLUDES} -Indexes -MultiViews +SymLinksIfOwnerMatch RewriteEngine On RewriteOptions Inherit - + RewriteCond %{REQUEST_URI} !^/cgi-bin/ - RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:443)?$ [novary] + RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ + RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:[0-9]+)?$ [novary] RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} -d RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1}$1 [last] - - RewriteCond %{REQUEST_URI} !^/cgi-bin/ - RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:443)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} !-d - RewriteRule ^(.*) - [redirect=404,last] - - + {HTDOCSFALLBACKHTTPS} + AddType application/x-httpd-php .php .php5 .php4 .php3 Action application/x-httpd-php /fastcgi-bin/phpstub diff --git a/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-static.jtpl b/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-static.jtpl index 4a2cb1c..058b4aa 100644 --- a/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-static.jtpl +++ b/hsarback/src/de/hsadmin/mods/dom/httpd-vhost-static.jtpl @@ -14,33 +14,32 @@ DocumentRoot /home/doms/{DOM_HOSTNAME}/htdocs - Options -ExecCGI +IncludesNOEXEC +Indexes +MultiViews +SymLinksIfOwnerMatch + Options -ExecCGI {INCLUDES} {INDEXES} {MULTIVIEWS} +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Indexes Limit + AllowOverride AuthConfig FileInfo Indexes Limit - + Redirect 501 / - + - + Redirect 501 / - + RewriteEngine On RewriteOptions Inherit - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:80)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1} -d - RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1}$1 [last] + RewriteCond %{REQUEST_URI} !^/cgi-bin/ + RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ + RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:[0-9]+)?$ [novary] + RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} -d + RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1}$1 [last] - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:80)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs/${tolower:%1} !-d - RewriteRule ^(.*) - [redirect=404,last] - - + {HTDOCSFALLBACKHTTP} + @@ -61,7 +60,7 @@ SSLRequireSSL On - Options -ExecCGI +IncludesNOEXEC +Indexes +MultiViews +SymLinksIfOwnerMatch + Options -ExecCGI {INCLUDES} {INDEXES} {MULTIVIEWS} +SymLinksIfOwnerMatch @@ -74,19 +73,18 @@ Redirect 501 / - + RewriteEngine On RewriteOptions Inherit - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:443)?$ [novary] + RewriteCond %{REQUEST_URI} !^/cgi-bin/ + RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ + RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:[0-9]+)?$ [novary] RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} -d RewriteRule ^(.*) /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1}$1 [last] - - RewriteCond %{HTTP_HOST} ^(.+)\.{DOM_HOSTNAME}\.?(:443)?$ [novary] - RewriteCond /home/doms/{DOM_HOSTNAME}/subs-ssl/${tolower:%1} !-d - RewriteRule ^(.*) - [redirect=404,last] - + {HTDOCSFALLBACKHTTPS} + \ No newline at end of file