-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathwebconf
More file actions
executable file
·201 lines (172 loc) · 4.77 KB
/
webconf
File metadata and controls
executable file
·201 lines (172 loc) · 4.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#!/bin/bash
# auto create virtual config for apache from domains in webroot
# to use:
# - # mkdir /var/www/foobar.com
# - # echo "Hello World" >/var/www/foobar.com/index.html
# - # webconf
# - the virtual conf to support foobar.com is built and apache reloaded
# - Insure foobar.com A record points to IP of the server
# - Access foobar.com with web browser
# - ...
# - Profit
# Special triggers:
# /var/www/foobar.pass - htpasswd style htdigest authentication
# /var/www/foobar.allow - list of IP addresses one per line, bypass pw auth
# /var/www/foobar.options - add "indexes" to allow auto indexes, etc
# this really has to be run as root
[ `whoami` != 'root' ] && exec sudo env PATH=$PATH $0
APACHE="apache2"
CONFDIR="/etc/apache2/sites-enabled"
NOBODY="www-data"
if [ -f /etc/redhat-release ]
then
APACHE="httpd"
CONFDIR="/etc/httpd/conf.d"
NOBODY="apache"
else
# when running apache2, enable needful
if [ ! -f /etc/apache2/mods-enabled/ssl.conf ]
then
echo "APACHE2: Enabling SSL"
a2enmod ssl
fi
fi
WEBROOT="/var/www"
DEFAULT="/var/www/html"
which which > /dev/null || install-packages which
which letsencrypt >/dev/null || install-packages letsencrypt
install-packages $APACHE
install-packages php
[ ! -d "$WEBROOT" ] && echo ERROR: $WEBROOT not found && exit
[ ! -d "$DEFAULT" ] && echo ERROR: $DEFAULT not found && exit
[ ! -d "$CONFDIR" ] && echo ERROR: $CONFDIR not found && exit
cd $WEBROOT
# purely convenience mechanism (/www/domain.com = www.domain.com)
[ ! -h /www ] && ln -s $WEBROOT /www
cat <<---- >$CONFDIR/virtual.conf
#
# Created by webconf (http://github.com/stgnet/bin)
# Do not edit
#
ExtendedStatus on
#
# Default ($DEFAULT) - requests not matching a virtual host will go here
#NameVirtualHost *:80
#NameVirtualHost *:443
<VirtualHost *:80 *:443>
ServerAdmin root@$HOSTNAME
DocumentRoot $DEFAULT
# ServerName *
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from all
</Location>
</VirtualHost>
---
ls -1 |while read DOMAIN
do
expr index "$DOMAIN" "." >/dev/null || continue
[ ! -d "$DOMAIN" ] && continue
USER=`ls -ld $DOMAIN |cut -d ' ' -f 3`
[ "$USER" == "root" ] && USER="$NOBODY"
VIRTUAL=""
if [ -f /etc/httpd/conf.d/suphp.conf ]
then
VIRTUAL="
suPHP_Engine off
AddHandler php5-script .php
"
if [ "$USER" != "$NOBODY" ]
then
VIRTUAL="
suPHP_Engine on
suPHP_UserGroup $USER $USER
AddHandler x-httpd-php .php
suPHP_AddHandler x-httpd-php
"
fi
fi
DOCROOT="$PWD/$DOMAIN"
[ -h "$DOCROOT" ] && DOCROOT="`readlink -f $DOCROOT`"
if [[ $DOCROOT != *$PWD* ]]
then
[ -f /selinux/enforce -a `cat /selinux/enforce` != 0 ] && echo "WARNING: $DOCROOT is not in $PWD and SELINUX is enabled!!!"
fi
[ ! -d "$DOCROOT" ] && continue
echo "Creating virtual config for $DOMAIN => $DOCROOT"
[ -f $WEBROOT/$DOMAIN.virtual ] && VIRTUAL="$VIRTUAL`cat $WEBROOT/$DOMAIN.virtual`
"
DIRECTORY=""
for ERRORFILE in $DOCROOT/error[45][0-9][0-9].*
do
if [ -f "$ERRORFILE" ]
then
ERRORDOC="${ERRORFILE##*/}"
ERRORCODE="${ERRORDOC#error}"
ERRORCODE="${ERRORCODE%.*}"
DIRECTORY="$DIRECTORY ErrorDocument $ERRORCODE /$ERRORDOC
"
fi
done
if [ -f "$WEBROOT/$DOMAIN.pass" ]
then
if [ -f "$WEBROOT/$DOMAIN.allow" ]
then
cat $WEBROOT/$DOMAIN.allow | while read ALLOW
do
DIRECTORY="$DIRECTORY Allow from $ALLOW
"
done
fi
DIRECTORY="$DIRECTORY AuthType Basic
AuthName \"Restricted Area\"
AuthUserFile $WEBROOT/$DOMAIN.pass
Require valid-user
Satisfy any
"
fi
[ -f $WEBROOT/$DOMAIN.options ] && DIRECTORY="$DIRECTORY Options `cat $WEBROOT/$DOMAIN.options`
"
[ -f $WEBROOT/$DOMAIN.directives ] && DIRECTORY="$DIRECTORY `cat $WEBROOT/$DOMAIN.directives`
"
SSL=""
if [ ! -d /etc/letsencrypt/live/$DOMAIN ]
then
certbot certonly -v -n --webroot -w $DOCROOT -d $DOMAIN,www.$DOMAIN --agree-tos --email 'scott@stg.net' || echo "certbot failed"
fi
if [ -d /etc/letsencrypt/live/$DOMAIN ]
then
SSL="$SSL SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/$DOMAIN/chain.pem
"
fi
cat <<---- >>$CONFDIR/virtual.conf
#
# $DOMAIN => $DOCROOT
#
<VirtualHost *:80 *:443>
ServerName ${DOMAIN%%.*}
Redirect 301 / http://$DOMAIN
</VirtualHost>
<VirtualHost *:80 *:443>
ServerAdmin webmaster@$HOSTNAME
DocumentRoot $DOCROOT
ServerName $DOMAIN
ServerAlias www.$DOMAIN
$SSL
$VIRTUAL
<Directory $DOCROOT>
Order deny,allow
Allow from all
$DIRECTORY
</Directory>
</VirtualHost>
---
done
# cat <$CONFDIR/virtual.conf
## special restart sequence to insure restart finishes if run FROM httpd
#bash -c 'sleep 3;trap echo SIGTERM;service $APACHE stop;sleep 1;service $APACHE start || service $APACHE status >/dev/tty' >/dev/null &
apache2ctl configtest && systemctl restart $APACHE