From bf2b3535b97659ff7fb6d28ff3e546ca7585a3e5 Mon Sep 17 00:00:00 2001 From: Peter Hormanns Date: Wed, 21 Jun 2017 18:46:35 +0200 Subject: [PATCH] apache template --- hsarback/src/de/hsadmin/mods/dom/Domain.java | 12 ++++++ .../mods/dom/DomainProcessorFactory.java | 1 + .../src/de/hsadmin/mods/dom/apache-vhost.vm | 38 ++++++++++++++++--- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/hsarback/src/de/hsadmin/mods/dom/Domain.java b/hsarback/src/de/hsadmin/mods/dom/Domain.java index 19aa226..aa4de48 100644 --- a/hsarback/src/de/hsadmin/mods/dom/Domain.java +++ b/hsarback/src/de/hsadmin/mods/dom/Domain.java @@ -62,6 +62,7 @@ public class Domain extends AbstractEntity { inverseJoinColumns={@JoinColumn(name="domain_option_id", referencedColumnName="domain_option_id")}) private Set domainoptions; + @AnnFieldIO(validation="([a-z0-9\\-]+\\,)*[a-z0-9\\-]+|\\*", rw=ReadWriteAccess.READWRITE) @Column(name = "valid_subdomain_names", columnDefinition = "character varying(512)") private String validSubdomainNames; @@ -190,4 +191,15 @@ public class Domain extends AbstractEntity { this.validSubdomainNames = validSubdomainNames; } + public String getServeraliases() { + String[] subs = validSubdomainNames.split(","); + StringBuffer aliases = new StringBuffer(); + for (String sub : subs) { + aliases.append(' '); + aliases.append(sub.trim()); + aliases.append('.'); + aliases.append(name); + } + return aliases.toString(); + } } diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java index 82bc63b..eb57b33 100644 --- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java +++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java @@ -267,6 +267,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory { ifOption(templateVars, query, "includes", "+IncludesNoExec", "-Includes"); ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews"); ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE); + ifOption(templateVars, query, "letsencrypt", Boolean.TRUE, Boolean.FALSE); final Processor domSetupProcessor = new CompoundProcessor( new CreateFileProcessor("/de/hsadmin/mods/dom/openssl-sna.vm", templateVars, dom, "/tmp/openssl-sna.cnf", "root", "root", "644", true), new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-generated && " diff --git a/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm b/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm index a90e852..78e98cc 100644 --- a/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm +++ b/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm @@ -5,12 +5,12 @@ ServerName ${dom.name} - ServerAlias *.${dom.name} + ServerAlias ${dom.serveraliases} ServerAdmin webmaster@${dom.name} SuexecUserGroup ${dom.user.name} ${pac.name} - PassengerEnabled on + PassengerEnabled Off PassengerUser ${dom.user.name} PassengerGroup ${pac.name} PassengerAppRoot /home/doms/${dom.name}/app/ @@ -19,21 +19,28 @@ Alias /cgi-bin/ /home/doms/${dom.name}/cgi/ Alias /fastcgi-bin/ /home/doms/${dom.name}/fastcgi/ +#if( ${letsencrypt} ) + Alias /.well-known/acme-challenge/ /var/lib/letsencrypt/webroot/${dom.name}/.well-known/acme-challenge/ +#end + PassengerEnabled Off Options -ExecCGI ${includes} ${indexes} ${multiviews} +SymLinksIfOwnerMatch + PassengerEnabled On AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews,PassengerNodejs,PassengerPython,PassengerRuby,PassengerAppEnv + PassengerEnabled Off SetHandler cgi-script Options +ExecCGI ${includes} -Indexes -MultiViews +SymLinksIfOwnerMatch + PassengerEnabled Off SetHandler fcgid-script Options +ExecCGI ${includes} -Indexes -MultiViews +SymLinksIfOwnerMatch @@ -42,7 +49,10 @@ RewriteOptions Inherit RewriteCond %{REQUEST_URI} !^/cgi-bin/ - RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ + RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ +#if( ${letsencrypt} ) + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ +#end RewriteCond %{HTTP_HOST} ^(.+)\.${dom.name}\.?(:[0-9]+)?$ [novary] RewriteCond /home/doms/${dom.name}/subs/#[[${tolower:%1} ]]# -d RewriteRule ^(.*) /home/doms/${dom.name}/subs/#[[${tolower:%1}$1 ]]# [last] @@ -50,6 +60,9 @@ #if( !${htdocsfallback} ) RewriteCond %{REQUEST_URI} !^/cgi-bin/ RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ +#if( ${letsencrypt} ) + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ +#end RewriteCond %{HTTP_HOST} ^(.+)\.${dom.name}\.?(:80)?$ [novary] RewriteCond /home/doms/${dom.name}/subs/#[[${tolower:%1} ]]# !-d RewriteRule ^(.*) - [redirect=404,last] @@ -61,12 +74,12 @@ ServerName ${dom.name} - ServerAlias *.${dom.name} + ServerAlias ${dom.serveraliases} ServerAdmin ${dom.user.name}@${dom.name} SuexecUserGroup ${dom.user.name} ${pac.name} - PassengerEnabled on + PassengerEnabled Off PassengerUser ${dom.user.name} PassengerGroup ${pac.name} PassengerAppRoot /home/doms/${dom.name}/app-ssl/ @@ -80,22 +93,29 @@ Alias /cgi-bin/ /home/doms/${dom.name}/cgi-ssl/ Alias /fastcgi-bin/ /home/doms/${dom.name}/fastcgi-ssl/ +#if( ${letsencrypt} ) + Alias /.well-known/acme-challenge/ /var/lib/letsencrypt/webroot/${dom.name}/.well-known/acme-challenge/ +#end - SSLRequireSSL On + SSLRequireSSL Off + PassengerEnabled On Options -ExecCGI ${includes} ${indexes} ${multiviews} +SymLinksIfOwnerMatch + SSLRequireSSL On AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews,PassengerNodejs,PassengerPython,PassengerRuby,PassengerAppEnv + PassengerEnabled Off SetHandler cgi-script Options +ExecCGI ${includes} -Indexes -MultiViews +SymLinksIfOwnerMatch + PassengerEnabled Off SetHandler fcgid-script Options +ExecCGI ${includes} -Indexes -MultiViews +SymLinksIfOwnerMatch @@ -105,6 +125,9 @@ RewriteCond %{REQUEST_URI} !^/cgi-bin/ RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ +#if( ${letsencrypt} ) + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ +#end RewriteCond %{HTTP_HOST} ^(.+)\.${dom.name}\.?(:[0-9]+)?$ [novary] RewriteCond /home/doms/${dom.name}/subs-ssl/#[[${tolower:%1} ]]# -d RewriteRule ^(.*) /home/doms/${dom.name}/subs-ssl/#[[${tolower:%1}$1 ]]# [last] @@ -112,6 +135,9 @@ #if( !${htdocsfallback} ) RewriteCond %{REQUEST_URI} !^/cgi-bin/ RewriteCond %{REQUEST_URI} !^/fastcgi-bin/ +#if( ${letsencrypt} ) + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ +#end RewriteCond %{HTTP_HOST} ^(.+)\.${dom.name}\.?(:443)?$ [novary] RewriteCond /home/doms/${dom.name}/subs-ssl/#[[${tolower:%1} ]]# !-d RewriteRule ^(.*) - [redirect=404,last]