Starting the httpd configuration shell scripts

diff --git a/conf/mailleur.conf b/conf/mailleur.conf
index 0da43101635832ff74dab00a9539193f3b6832f5..c4d36921aa613bbec5b620d90b305e3ce85b01ed 100644 (file)
--- a/conf/mailleur.conf
+++ b/conf/mailleur.conf
@@ -39,8 +39,11 @@ CA_VERIFY_SRV=0      #to check PEER/client remote certificate
 #CA_CERT_SRV="/etc/certbot/mailleur/mailleur-fullchain.pem"
 #CA_KEY_SRV="/etc/certbot/mailleur/mailleur-key.pem"
 #If certificate are self signed (default installation)
-CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem"
-CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem"
+#CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem"
+#CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem"
+#Symbolic link set at installation
+CA_CERT_SRV="/etc/mailleur/pki/mailleur-cert.pem"
+CA_KEY_SRV="/etc//mailleur/pki/mailleur-key.pem"
 #------------------------------------------------
 #Defining CLIENT mode Certificate data
 CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt"
@@ -49,8 +52,11 @@ CA_VERIFY_CLT=0      #to check PEER/server remote certificate
 #CA_CERT_CLT="/etc/certbot/mailleur/mailleur-fullchain.pem"
 #CA_KEY_CLT="/etc/certbot/mailleur/mailleur-key.pem"
 #If certificate are self signed (default installation)
-CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem"
-CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem"
+#CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem"
+#CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem"
+#Symbolic link set at installation
+CA_CERT_CLT="/etc/mailleur/pki/mailleur-cert.pem"
+CA_KEY_CLT="/etc/mailleur/pki/mailleur-key.pem"
 #------------------------------------------------
 #Configured for Postgresql database
 #DB_TYPE can be either POSTGRESQL,MYSQL, default POSTGRESQL

diff --git a/mailleur.spec.in b/mailleur.spec.in
index c7f659c036346f01f3e2ffddb6b92b636bec1db5..42ece7efdedb2d766f9298938ddeeecd6cdfd5c4 100644 (file)
--- a/mailleur.spec.in
+++ b/mailleur.spec.in
@@ -18,6 +18,7 @@ Source0               :       %{name}-@@VERSION@@.tar.gz
 BuildRequires  :       postgresql
 
 Requires       :       bash
+Requires       :       bind-utils
 Requires       :       cpp
 Requires       :       dovecot
 Requires       :       httpd
@@ -59,7 +60,8 @@ search about email exchange within time and transaction context.
 %{_libexecdir}/%{name}/bin-utils/feeder
 %attr(0754,root,root) %{_libdir}/%{name}/shell/*.sh
 %attr(0754,root,root) %{_libdir}/%{name}/support/addconfig.sh
-%attr(0754,root,root) %{_libdir}/%{name}/support/crdb.sh
+%attr(0754,root,root) %{_libdir}/%{name}/support/do_database.sh
+%attr(0754,root,root) %{_libdir}/%{name}/support/do_httpd.sh
 %attr(0754,root,root) %{_libdir}/%{name}/support/dummy-cert.sh
 %attr(0754,root,root) %{_libdir}/%{name}/support/starting.sh
 %attr(0754,root,root) %config(noreplace) %{_libdir}/%{name}/support/do_dns_tlsa.sh

diff --git a/support/crdb.sh b/support/do_database.sh
similarity index 100%
rename from support/crdb.sh
rename to support/do_database.sh

diff --git a/support/do_httpd.sh b/support/do_httpd.sh
new file mode 100755 (executable)
index 0000000..3857483
--- /dev/null
+++ b/support/do_httpd.sh
@@ -0,0 +1,109 @@
+#! /usr/bin/bash
+#-----------------------------------------------------------------
+#Shell script to add local information to configuration file
+#-----------------------------------------------------------------
+#loading the variable value
+. /etc/mailleur/mailleur.conf
+#-----------------------------------------------------
+#Updating clement httpd configuration file
+export hostipv4=`dig \`uname -n\` A +noall +short`;
+export hostipv6=`dig \`uname -n\` AAAA +noall +short`;
+if [ -z "$domain" ] ; then
+  export domain=`dnsdomainname`
+  fi
+
+#to make sure we have at least an hostipv4 reference
+if [ -z "$hostipv4" -a -z "$hostipv6" ] ; then
+  export hostipv4=`grep \`uname -n\` /etc/hosts | cut  -f1`
+  fi
+#-----------------------------------------------------------------
+add_web()
+
+{
+#updating httpd.con
+sed -i                                                 \
+  -e "s:#LoadModule ssl_:LoadModule ssl_:"     \
+  -e "s:#LoadModule rewrite:LoadModule rewrite:"\
+  $BASE/etc/httpd/httpd.conf
+  
+#converting '.' to '\.'
+reldom=`echo $domain | sed -e "s/\\./\\\\\\./g"`
+
+cat >> /etc/httpd/conf.d/$APPNAME.conf <<!EOT
+#$APPNAME START
+#Done by the $APPNAME first start (do_httpd.sh)
+
+<VirtualHost *:80>
+        ServerName             `hostname`
+       ServerAlias             $APPNAME.$domain
+       ServerAlias             localhost.localdomain
+        ServerAdmin            root@$domain
+       RewriteEngine           on
+       #comment it in if you want to debug redirect
+       #LogLevel                alert rewrite:trace3
+        RewriteCond            %{HTTP_HOST} ^clement\.$reldom          [OR]
+       RewriteCond             %{HTTP_HOST} ^`hostname -s`\.$reldom
+        RewriteRule            ^(.*)$ https://`hostname -s`.$domain    [R=301]
+        ErrorLog               logs/clemerr.log
+        TransferLog            logs/clemlog.log
+</VirtualHost>
+
+#-----------------------------------------------------------------
+#Listening on TLS port
+Listen  443
+#-----------------------------------------------------------------
+<VirtualHost *:443>
+        ServerName             `hostname`
+        ServerAlias            $APPNAME.$domain
+        ServerAlias            localhost.localdomain
+        ServerAdmin            root@$domain
+        DocumentRoot           $BASE/var/www/$APPNAME
+       setenv PATH_INFO        $BASE/etc/$APPNAME/$APPNAME.php
+        Alias /base-dir/       $BASE/var/www/$APPNAME/ 
+        Alias /reg-icons/      $BASE/var/www/$APPNAME/reg-icons/
+        Alias /base-graph/     $BASE/var/www/$APPNAME/graph/
+       ScriptAlias /cgi-bin/   $BASE/var/www/$APPNAME/
+        <Directory             $BASE/var/www/$APPNAME>
+                Options MultiViews FollowSymlinks ExecCGI
+                AllowOverride AuthConfig FileInfo Indexes Limit Options
+               Require all granted
+        </Directory>
+       #----------------------------------------------
+       #SSL
+       SSLEngine On
+       SSLCertificateKeyFile   /etc/pki/$APPNAME/$APPNME-key.pem
+       SSLCertificateFile      /etc/pki/$APPNAME/$APPNME-cert.pem
+       SSLProtocol             +TLSv1.3 +TLSv1.2
+       SSLCompression          OFF
+        SSLHonorCipherOrder    ON
+       #----------------------------------------------
+        ErrorLog logs/clemerr-ssl.log
+        TransferLog logs/clemlog-ssl.log
+</VirtualHost>
+
+#$APPNAME STOP
+!EOT
+}
+
+#-----------------------------------------------------------------
+#setting name virtual
+cat >> /etc/httpd/conf.d/$APPNAME.conf <<!EOT
+#$APPNAME START
+#Done by the $APPNAME first start
+#NameVirtualHost *:80
+#NameVirtualHost *:443
+#$APPNAME STOP
+!EOT
+
+#to setup the IPV4 WEB interface
+if [ -n "$hostipv4" ] ; then
+  add_web $hostipv4
+  fi
+
+#-----------------------------------------------------------------
+#to setup the IPV6 WEB interface
+if [ -n "$hostipv6" ] ; then
+  add_web $hostipv6
+  fi
+
+

diff --git a/support/starting.sh b/support/starting.sh
index 19a764d9f484eaaba396e23b961ef95ed5d8ccfa..c6b4ba3b695aeca1080bd8939faf434b898c2c41 100755 (executable)
--- a/support/starting.sh
+++ b/support/starting.sh
@@ -151,6 +151,14 @@ if [ ! -f $BEFMAIL ] ; then
   fi
 }
 
+#----------------------------------------------------------------------
+#adding httpd configuration
+#----------------------------------------------------------------------
+do_webconf()
+
+{
+/usr/lib/$APPNAME/support/do_httpd.sh
+}
 #----------------------------------------------------------------------
 #procedure to check if the config is properly done
 #----------------------------------------------------------------------
@@ -174,7 +182,7 @@ do_mkdb()
 case "$DB_TYPE" in
   "MYSQL"              |               \
   "POSTGRESQL"         )
-    /usr/lib/$APPNAME/support/crdb.sh "/tmp"
+    /usr/lib/$APPNAME/support/do_database.sh "/tmp"
      if [ $? != 0 ] ; then
        exit -1
        fi
@@ -203,6 +211,13 @@ if [ ! -f /etc/pki/$APPNAME/$APPNAME-cert.pem ] ; then
   chown $APPNAME:mail                                  \
        /etc/pki/$APPNAME/$APPNAME-cert.pem             \
        /etc/pki/$APPNAME/$APPNAME-key.pem
+  mkdir -p /etc/$APPNAME/pki/
+  ln -s                                                        \
+       /etc/pki/$APPNAME/$APPNAME-cert.pem             \
+       /etc/$APPNAME/pki/$APPNAME-cert.pem
+  ln -s                                                        \
+       /etc/pki/$APPNAME/$APPNAME-key.pem              \
+       /etc/$APPNAME/pki/$APPNAME-key.pem
   sh_success $"Preparing $APPNAME server self-signed certificate"
   fi
 }
@@ -217,6 +232,7 @@ if [ ! -f /etc/$APPNAME/config.done ] ; then
   /usr/lib/$APPNAME/support/addconfig.sh
   do_mkdb ;
   do_doveconf ;
+  do_webconf ;
   case "$OS" in 
     osukiss    )
       ;;