From 16624934c8165044d0e31fc19992d46bec8da6b6 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Mon, 25 Aug 2025 06:58:14 -0400 Subject: [PATCH] Starting the httpd configuration shell scripts --- conf/mailleur.conf | 14 +++- mailleur.spec.in | 4 +- support/{crdb.sh => do_database.sh} | 0 support/do_httpd.sh | 109 ++++++++++++++++++++++++++++ support/starting.sh | 18 ++++- 5 files changed, 139 insertions(+), 6 deletions(-) rename support/{crdb.sh => do_database.sh} (100%) create mode 100755 support/do_httpd.sh diff --git a/conf/mailleur.conf b/conf/mailleur.conf index 0da4310..c4d3692 100644 --- a/conf/mailleur.conf +++ b/conf/mailleur.conf @@ -39,8 +39,11 @@ CA_VERIFY_SRV=0 #to check PEER/client remote certificate #CA_CERT_SRV="/etc/certbot/mailleur/mailleur-fullchain.pem" #CA_KEY_SRV="/etc/certbot/mailleur/mailleur-key.pem" #If certificate are self signed (default installation) -CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem" -CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem" +#CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem" +#CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem" +#Symbolic link set at installation +CA_CERT_SRV="/etc/mailleur/pki/mailleur-cert.pem" +CA_KEY_SRV="/etc//mailleur/pki/mailleur-key.pem" #------------------------------------------------ #Defining CLIENT mode Certificate data CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt" @@ -49,8 +52,11 @@ CA_VERIFY_CLT=0 #to check PEER/server remote certificate #CA_CERT_CLT="/etc/certbot/mailleur/mailleur-fullchain.pem" #CA_KEY_CLT="/etc/certbot/mailleur/mailleur-key.pem" #If certificate are self signed (default installation) -CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem" -CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem" +#CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem" +#CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem" +#Symbolic link set at installation +CA_CERT_CLT="/etc/mailleur/pki/mailleur-cert.pem" +CA_KEY_CLT="/etc/mailleur/pki/mailleur-key.pem" #------------------------------------------------ #Configured for Postgresql database #DB_TYPE can be either POSTGRESQL,MYSQL, default POSTGRESQL diff --git a/mailleur.spec.in b/mailleur.spec.in index c7f659c..42ece7e 100644 --- a/mailleur.spec.in +++ b/mailleur.spec.in @@ -18,6 +18,7 @@ Source0 : %{name}-@@VERSION@@.tar.gz BuildRequires : postgresql Requires : bash +Requires : bind-utils Requires : cpp Requires : dovecot Requires : httpd @@ -59,7 +60,8 @@ search about email exchange within time and transaction context. %{_libexecdir}/%{name}/bin-utils/feeder %attr(0754,root,root) %{_libdir}/%{name}/shell/*.sh %attr(0754,root,root) %{_libdir}/%{name}/support/addconfig.sh -%attr(0754,root,root) %{_libdir}/%{name}/support/crdb.sh +%attr(0754,root,root) %{_libdir}/%{name}/support/do_database.sh +%attr(0754,root,root) %{_libdir}/%{name}/support/do_httpd.sh %attr(0754,root,root) %{_libdir}/%{name}/support/dummy-cert.sh %attr(0754,root,root) %{_libdir}/%{name}/support/starting.sh %attr(0754,root,root) %config(noreplace) %{_libdir}/%{name}/support/do_dns_tlsa.sh diff --git a/support/crdb.sh b/support/do_database.sh similarity index 100% rename from support/crdb.sh rename to support/do_database.sh diff --git a/support/do_httpd.sh b/support/do_httpd.sh new file mode 100755 index 0000000..3857483 --- /dev/null +++ b/support/do_httpd.sh @@ -0,0 +1,109 @@ +#! /usr/bin/bash +#----------------------------------------------------------------- +#Shell script to add local information to configuration file +#----------------------------------------------------------------- +#loading the variable value +. /etc/mailleur/mailleur.conf +#----------------------------------------------------- +#Updating clement httpd configuration file +export hostipv4=`dig \`uname -n\` A +noall +short`; +export hostipv6=`dig \`uname -n\` AAAA +noall +short`; +if [ -z "$domain" ] ; then + export domain=`dnsdomainname` + fi + +#to make sure we have at least an hostipv4 reference +if [ -z "$hostipv4" -a -z "$hostipv6" ] ; then + export hostipv4=`grep \`uname -n\` /etc/hosts | cut -f1` + fi +#----------------------------------------------------------------- +add_web() + +{ +#updating httpd.con +sed -i \ + -e "s:#LoadModule ssl_:LoadModule ssl_:" \ + -e "s:#LoadModule rewrite:LoadModule rewrite:"\ + $BASE/etc/httpd/httpd.conf + +#converting '.' to '\.' +reldom=`echo $domain | sed -e "s/\\./\\\\\\./g"` + +cat >> /etc/httpd/conf.d/$APPNAME.conf < + ServerName `hostname` + ServerAlias $APPNAME.$domain + ServerAlias localhost.localdomain + ServerAdmin root@$domain + RewriteEngine on + #comment it in if you want to debug redirect + #LogLevel alert rewrite:trace3 + RewriteCond %{HTTP_HOST} ^clement\.$reldom [OR] + RewriteCond %{HTTP_HOST} ^`hostname -s`\.$reldom + RewriteRule ^(.*)$ https://`hostname -s`.$domain [R=301] + ErrorLog logs/clemerr.log + TransferLog logs/clemlog.log + + +#----------------------------------------------------------------- +#Listening on TLS port +Listen 443 +#----------------------------------------------------------------- + + ServerName `hostname` + ServerAlias $APPNAME.$domain + ServerAlias localhost.localdomain + ServerAdmin root@$domain + DocumentRoot $BASE/var/www/$APPNAME + setenv PATH_INFO $BASE/etc/$APPNAME/$APPNAME.php + Alias /base-dir/ $BASE/var/www/$APPNAME/ + Alias /reg-icons/ $BASE/var/www/$APPNAME/reg-icons/ + Alias /base-graph/ $BASE/var/www/$APPNAME/graph/ + ScriptAlias /cgi-bin/ $BASE/var/www/$APPNAME/ + + Options MultiViews FollowSymlinks ExecCGI + AllowOverride AuthConfig FileInfo Indexes Limit Options + Require all granted + + #---------------------------------------------- + #SSL + SSLEngine On + SSLCertificateKeyFile /etc/pki/$APPNAME/$APPNME-key.pem + SSLCertificateFile /etc/pki/$APPNAME/$APPNME-cert.pem + SSLProtocol +TLSv1.3 +TLSv1.2 + SSLCompression OFF + SSLHonorCipherOrder ON + #---------------------------------------------- + ErrorLog logs/clemerr-ssl.log + TransferLog logs/clemlog-ssl.log + + +#$APPNAME STOP +!EOT +} + +#----------------------------------------------------------------- +#setting name virtual +cat >> /etc/httpd/conf.d/$APPNAME.conf <