1 #!/sbin/sh |
|
2 # |
|
3 # CDDL HEADER START |
|
4 # |
|
5 # The contents of this file are subject to the terms of the |
|
6 # Common Development and Distribution License (the "License"). |
|
7 # You may not use this file except in compliance with the License. |
|
8 # |
|
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 # or http://www.opensolaris.org/os/licensing. |
|
11 # See the License for the specific language governing permissions |
|
12 # and limitations under the License. |
|
13 # |
|
14 # When distributing Covered Code, include this CDDL HEADER in each |
|
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 # If applicable, add the following below this CDDL HEADER, with the |
|
17 # fields enclosed by brackets "[]" replaced with your own identifying |
|
18 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 # |
|
20 # CDDL HEADER END |
|
21 # |
|
22 |
|
23 # |
|
24 # Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. |
|
25 # |
|
26 |
|
27 . /lib/svc/share/smf_include.sh |
|
28 . /lib/svc/share/ipf_include.sh |
|
29 |
|
30 APACHE_HOME=/usr/apache2/2.2 |
|
31 CONF_FILE=/etc/vpanels/httpd.conf |
|
32 PIDFILE=/var/run/apache2/httpd.pid |
|
33 |
|
34 TEMPLATE="/etc/vpanels/httpd_conf.templ" |
|
35 APACHE_CONF="/var/run/httpd.conf" |
|
36 SERVER_PG="httpd" |
|
37 LISTEN_PORTS="" |
|
38 |
|
39 CAT="/usr/bin/cat" |
|
40 CMP="/usr/bin/cmp" |
|
41 CP="/usr/bin/cp" |
|
42 ECHO="usr/bin/echo" |
|
43 GREP="/usr/bin/grep" |
|
44 MKDIR="/usr/bin/mkdir" |
|
45 MV="/usr/bin/mv" |
|
46 RM="/usr/bin/rm" |
|
47 SED="/usr/bin/sed" |
|
48 SORT="/usr/bin/sort" |
|
49 SVCPROP="/usr/bin/svcprop" |
|
50 TR="/usr/bin/tr" |
|
51 UNIQ="/usr/bin/uniq" |
|
52 |
|
53 vhost_is_enabled() |
|
54 { |
|
55 enabled=`$SVCPROP -p ${1}/enabled ${SMF_FMRI}` |
|
56 if [ "$enabled" = "false" ]; then |
|
57 return 1; |
|
58 else |
|
59 return 0; |
|
60 fi |
|
61 } |
|
62 |
|
63 # |
|
64 # Add the given port to LISTEN_PORTS |
|
65 # |
|
66 add_listen_port() |
|
67 { |
|
68 LISTEN_PORTS="${LISTEN_PORTS} ${1}" |
|
69 } |
|
70 |
|
71 # Create additional module directives from vhost configurations. Modules |
|
72 # additions are in server config context so this methods has to run |
|
73 # before any call to generate_vhost() |
|
74 # |
|
75 process_modules() |
|
76 { |
|
77 mods=`mktemp /tmp/apache_mod.XXXXXX` |
|
78 if [ -z "$mods" ]; then |
|
79 exit 1 |
|
80 fi |
|
81 |
|
82 # Get a list of enabled virtual host. |
|
83 list="$SERVER_PG" |
|
84 for vhost in $1 |
|
85 do |
|
86 vhost_is_enabled $vhost && list="$list $vhost" |
|
87 done |
|
88 |
|
89 for pg in $list |
|
90 do |
|
91 modules=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/module" | \ |
|
92 awk ' { printf("%s ", $1) }'` |
|
93 |
|
94 for module in $modules |
|
95 do |
|
96 set -- `$SVCPROP -p $module ${SMF_FMRI}` |
|
97 if echo "$1" | grep "MODULE:" >/dev/null 2>&1; then |
|
98 modname=`echo $1 | cut -f2 -d ':'` |
|
99 file=$2 |
|
100 else |
|
101 modname=`echo $2 | cut -f2 -d ':'` |
|
102 file=$1 |
|
103 fi |
|
104 echo "LoadModule $modname $file" >>$mods |
|
105 |
|
106 done |
|
107 done |
|
108 |
|
109 if [ -f $mods ]; then |
|
110 $CAT $mods | $SORT -u >$mods |
|
111 $CAT $mods >>$APACHE_CONF |
|
112 echo "">>$APACHE_CONF |
|
113 fi |
|
114 } |
|
115 |
|
116 # Put additional mime definitions into vhost configurations |
|
117 # |
|
118 process_mimes() |
|
119 { |
|
120 pg=$1 |
|
121 mimes=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/mime" | \ |
|
122 awk ' { printf("%s ", $1) }'` |
|
123 |
|
124 for mime in $mimes |
|
125 do |
|
126 Mimetype="" |
|
127 ext="" |
|
128 set -- `$SVCPROP -p $mime $SMF_FMRI` |
|
129 for arg in "$@" |
|
130 do |
|
131 if echo "$arg" | grep "MIME:" >/dev/null 2>&1; then |
|
132 Mimetype=`echo $arg | cut -f2 -d ':'` |
|
133 else |
|
134 ext="$ext $arg" |
|
135 fi |
|
136 done |
|
137 ext=`echo "$ext" | sed 's/[,|\\]/ /g'` |
|
138 echo "AddType $Mimetype $ext" >>$APACHE_CONF |
|
139 done |
|
140 } |
|
141 |
|
142 # Create vhost configuration in APACHE_CONF for |
|
143 # named vhost. |
|
144 # |
|
145 generate_vhost() |
|
146 { |
|
147 vhost_name="$1" |
|
148 |
|
149 # Don't bother if this vhost is disabled |
|
150 vhost_is_enabled $vhost || return 0 |
|
151 |
|
152 sslengine=`$SVCPROP -p ${vhost_name}/sslengine ${SMF_FMRI}` |
|
153 echo "" >>$APACHE_CONF |
|
154 if [ "$sslengine" = "true" ]; then |
|
155 sslcert=`$SVCPROP -p ${vhost_name}/sslcert ${SMF_FMRI}` |
|
156 sslkey=`$SVCPROP -p ${vhost_name}/sslkey ${SMF_FMRI}` |
|
157 sslip=`$SVCPROP -p ${vhost_name}/sslip ${SMF_FMRI}` |
|
158 sslport=`$SVCPROP -p ${vhost_name}/sslport ${SMF_FMRI}` |
|
159 |
|
160 echo "Listen ${sslip}:${sslport}" >>$APACHE_CONF |
|
161 echo "<VirtualHost ${sslip}:${sslport}>" >>$APACHE_CONF |
|
162 echo "SSLEngine on" >>$APACHE_CONF |
|
163 echo "SSLCertificateFile ${sslcert}" >>$APACHE_CONF |
|
164 echo "SSLCertificateKeyFile ${sslkey}" >>$APACHE_CONF |
|
165 else |
|
166 port=`$SVCPROP -p ${vhost_name}/port ${SMF_FMRI}` |
|
167 add_listen_port $port |
|
168 echo "<VirtualHost *:${port}>" >>$APACHE_CONF |
|
169 fi |
|
170 |
|
171 process_mimes $vhost_name |
|
172 docroot=`$SVCPROP -p ${vhost_name}/docroot ${SMF_FMRI}` |
|
173 use_custom=`$SVCPROP -p ${vhost_name}/custom_conf ${SMF_FMRI}` |
|
174 custom_file=`$SVCPROP -p ${vhost_name}/custom_file ${SMF_FMRI}` |
|
175 domain=`$SVCPROP -p ${vhost_name}/domain ${SMF_FMRI}` |
|
176 serve_home_dir=`$SVCPROP -p ${vhost_name}/serve_home_dir ${SMF_FMRI}` |
|
177 |
|
178 # Create DocumentRoot directive if it's not empty. Also |
|
179 # create a Directory section with default permission for |
|
180 # the specified DocumentRoot directory |
|
181 # |
|
182 if [ "$docroot" != "\"\"" ]; then |
|
183 echo "DocumentRoot ${docroot}" >>$APACHE_CONF |
|
184 |
|
185 echo "<Directory \"${docroot}\" >" >>$APACHE_CONF |
|
186 echo "Options Indexes Includes FollowSymLinks " \ |
|
187 "SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF |
|
188 echo "AllowOverride None" >>$APACHE_CONF |
|
189 echo "Order allow,deny" >>$APACHE_CONF |
|
190 echo "Allow from all" >>$APACHE_CONF |
|
191 echo "</Directory> " >>$APACHE_CONF |
|
192 fi |
|
193 |
|
194 if [ "$use_custom" = "true" ]; then |
|
195 if [ "$custom_file" != "\"\"" ]; then |
|
196 echo "Include ${custom_file}" >>$APACHE_CONF |
|
197 fi |
|
198 fi |
|
199 |
|
200 if [ "$serve_home_dir" = "true" ]; then |
|
201 echo "UserDir public_html" >>$APACHE_CONF |
|
202 |
|
203 echo "<Directory /home/*/public_html>" >>$APACHE_CONF |
|
204 echo " AllowOverride Options FileInfo AuthConfig Limit" >>$APACHE_CONF |
|
205 echo " Options Indexes Includes FollowSymLinks " \ |
|
206 "SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF |
|
207 echo " <Limit GET POST OPTIONS>" >>$APACHE_CONF |
|
208 echo " Order allow,deny" >>$APACHE_CONF |
|
209 echo " Allow from all" >>$APACHE_CONF |
|
210 echo " </Limit>" >>$APACHE_CONF |
|
211 echo " <LimitExcept GET POST OPTIONS>" >>$APACHE_CONF |
|
212 echo " Order deny,allow" >>$APACHE_CONF |
|
213 echo " Allow from all" >>$APACHE_CONF |
|
214 echo " </LimitExcept>" >>$APACHE_CONF |
|
215 echo "</Directory>" >>$APACHE_CONF |
|
216 fi |
|
217 |
|
218 echo "ServerName ${domain}" >>$APACHE_CONF |
|
219 echo "</VirtualHost>" >>$APACHE_CONF |
|
220 } |
|
221 |
|
222 get_vhost_list() |
|
223 { |
|
224 svccfg -s $1 listpg | awk ' { |
|
225 if (($1 ~ /^vhost/) && ($2 == "application")) |
|
226 printf("%s ", $1) |
|
227 }' |
|
228 } |
|
229 |
|
230 gen_conf_file() |
|
231 { |
|
232 httpd_custom_file=`$SVCPROP -p ${SERVER_PG}/custom_file ${SMF_FMRI}` |
|
233 httpd_sslengine=`$SVCPROP -p ${SERVER_PG}/sslengine ${SMF_FMRI}` |
|
234 httpd_custom_conf=`$SVCPROP -p ${SERVER_PG}/custom_conf ${SMF_FMRI}` |
|
235 |
|
236 # Generate general parameters |
|
237 if [ "$httpd_custom_conf" = "true" ]; then |
|
238 $RM ${CONF_FILE} >/dev/null 2>&1 |
|
239 ln -s ${httpd_custom_file} ${CONF_FILE} |
|
240 exit 0 |
|
241 else |
|
242 $CP $TEMPLATE $APACHE_CONF |
|
243 fi |
|
244 |
|
245 if [ "$httpd_sslengine" = "true" ]; then |
|
246 echo "\n SSLEngine on" >>$APACHE_CONF |
|
247 fi |
|
248 |
|
249 # Get the list of vhost names |
|
250 vhost_list=`get_vhost_list ${SMF_FMRI}` |
|
251 |
|
252 # Add mimes for server and modules for both server and virtual hosts |
|
253 process_modules "${vhost_list}" |
|
254 process_mimes "${SERVER_PG}" |
|
255 |
|
256 # Make sure root user's home directory is disabled |
|
257 echo "UserDir disabled root" >>$APACHE_CONF |
|
258 |
|
259 # Generate vhost clauses in configuration file |
|
260 for vhost in $vhost_list |
|
261 do |
|
262 generate_vhost $vhost |
|
263 done |
|
264 |
|
265 echo >> $APACHE_CONF |
|
266 |
|
267 # Add a "Listen <port>" line for each uniqe port |
|
268 echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' | |
|
269 "$SORT" | "$UNIQ" | "$SED" 's/^/Listen /' >> $APACHE_CONF |
|
270 |
|
271 # Add a "NameVirtualHost: *:<port>" line for each duplicate port |
|
272 echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' | |
|
273 "$SORT" | "$UNIQ" -d | |
|
274 "$SED" 's/^/NameVirtualHost *:/' >> $APACHE_CONF |
|
275 |
|
276 replace_file $CONF_FILE $APACHE_CONF |
|
277 } |
|
278 |
|
279 gen_ipf_conf() |
|
280 { |
|
281 FMRI=$1 |
|
282 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` |
|
283 policy=`get_policy ${FMRI}` |
|
284 |
|
285 echo "# $FMRI" >$ipf_file |
|
286 # rules for global port |
|
287 port=`$SVCPROP -p ${SERVER_PG}/port ${FMRI} 2>/dev/null` |
|
288 generate_rules $FMRI $policy "tcp" "any" $port $ipf_file |
|
289 |
|
290 # rules for virtual hosts |
|
291 vhost_list=`get_vhost_list ${FMRI}` |
|
292 for vhost in $vhost_list |
|
293 do |
|
294 ip="any" |
|
295 sslengine=`$SVCPROP -p ${vhost}/sslengine ${FMRI} 2>/dev/null` |
|
296 if [ "$sslengine" = "true" ]; then |
|
297 ip=`$SVCPROP -p ${vhost}/sslip ${FMRI} 2>/dev/null` |
|
298 port=`$SVCPROP -p ${vhost}/sslport ${FMRI} 2>/dev/null` |
|
299 else |
|
300 port=`$SVCPROP -p ${vhost}/port ${FMRI} 2>/dev/null` |
|
301 fi |
|
302 generate_rules $FMRI $policy "tcp" $ip $port $ipf_file |
|
303 done |
|
304 } |
|
305 |
|
306 |
|
307 |
|
308 case "$1" in |
|
309 start) |
|
310 gen_conf_file |
|
311 $RM -f ${PIDFILE} |
|
312 $MKDIR -p /var/run/apache2 |
|
313 cmd="-DSSL -k start" |
|
314 ;; |
|
315 refresh) |
|
316 gen_conf_file |
|
317 cmd="-k graceful" |
|
318 ;; |
|
319 stop) |
|
320 cmd="-k stop" |
|
321 ;; |
|
322 ipfilter) |
|
323 gen_ipf_conf $2 |
|
324 exit $SMF_EXIT_OK |
|
325 ;; |
|
326 *) |
|
327 echo "Usage: $0 {start|stop|refresh}" |
|
328 exit 1 |
|
329 ;; |
|
330 esac |
|
331 |
|
332 [ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG |
|
333 |
|
334 exec ${APACHE_HOME}/bin/apachectl -f $CONF_FILE $cmd 2>&1 |
|