|
|
@ -48,15 +48,23 @@ export -f apache_publish_dir |
|
|
|
|
|
|
|
|
|
|
|
apache_vhost_create() { |
|
|
|
local type="$1" cfg="$2" custom_rules vhost_statement creds |
|
|
|
local type="$1" cfg="$2" protocols="$3" dest="$4" custom_rules vhost_statement creds |
|
|
|
|
|
|
|
export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" |
|
|
|
|
|
|
|
protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1 |
|
|
|
if [ -z "$protocols" ]; then |
|
|
|
protocols=$(__vhost_cfg_normalize_protocol "$cfg") || return 1 |
|
|
|
fi |
|
|
|
|
|
|
|
domain=$(get_domain "$cfg") && relation-set domain "$domain" |
|
|
|
|
|
|
|
if is_protocol_enabled https "$protocols"; then |
|
|
|
if [ -z "$domain" ]; then |
|
|
|
err "You must specify a domain for ssl to work." |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 |
|
|
|
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1 |
|
|
|
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1 |
|
|
|
redirect=$(e "$cfg" | cfg-get-value 'redirect-to-ssl' 2>/dev/null) || true |
|
|
|
if is_protocol_enabled http "$protocols"; then |
|
|
|
redirect=${redirect:-true} |
|
|
@ -90,18 +98,21 @@ $(if [ "$custom_rules" ]; then |
|
|
|
else |
|
|
|
relation-set protocol http |
|
|
|
fi |
|
|
|
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg") || { |
|
|
|
vhost_statement=$(apache_vhost_statement "$type" "$protocols" "$cfg" "$domain") || { |
|
|
|
err "Failed to get vhost statement for type $type on ${protocols:1:-1}" |
|
|
|
return 1 |
|
|
|
} |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
relation-set domain "$domain" |
|
|
|
|
|
|
|
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$domain.conf" || return 1 |
|
|
|
dest=${dest:-$domain} |
|
|
|
if [ -z "$dest" ]; then |
|
|
|
err "Please set either a domain or set a destination file." |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
echo "$vhost_statement" | file_put "$APACHE_CONFIG_LOCATION/$dest.conf" || return 1 |
|
|
|
|
|
|
|
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true |
|
|
|
if [ "$creds" ]; then |
|
|
|
apache_passwd_file "$cfg" || return 1 |
|
|
|
apache_passwd_file "$cfg" "$dest"|| return 1 |
|
|
|
fi |
|
|
|
|
|
|
|
if is_protocol_enabled https "$protocols"; then |
|
|
@ -262,8 +273,7 @@ ssl_get_plugin_fun() { |
|
|
|
|
|
|
|
|
|
|
|
ssl_fallback_vars() { |
|
|
|
local cfg="$1" ssl_cfg="$2" cert key ca_cert domain |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" cert key ca_cert domain |
|
|
|
|
|
|
|
if __vhost_cfg_ssl_cert=$(echo "$ssl_cfg" | shyaml get-value cert 2>/dev/null); then |
|
|
|
__vhost_cfg_SSL_CERT_LOCATION=/etc/ssl/certs/${domain}.pem |
|
|
@ -306,8 +316,7 @@ $volumes |
|
|
|
} |
|
|
|
|
|
|
|
ssl_plugin_cert-provider_vars() { |
|
|
|
local cfg="$1" ssl_cfg="$2" |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
local cfg="$1" ssl_cfg="$2" value="$3" domain="$4" |
|
|
|
|
|
|
|
__vhost_cfg_SSL_CERT_LOCATION=/etc/letsencrypt/live/${domain}/cert.pem |
|
|
|
__vhost_cfg_SSL_KEY_LOCATION=/etc/letsencrypt/live/${domain}/privkey.pem |
|
|
@ -344,12 +353,12 @@ services: |
|
|
|
|
|
|
|
|
|
|
|
apache_passwd_file() { |
|
|
|
local cfg="$1" creds |
|
|
|
local cfg="$1" dest="$2" creds |
|
|
|
include parse || true |
|
|
|
|
|
|
|
## XXXvlab: called twice... no better way to do this ? |
|
|
|
creds=$(e "$cfg" | cfg-get-value creds 2>/dev/null) || true |
|
|
|
password_path=$(password-path-get "$cfg") |
|
|
|
password_path=$(password-path-get "$dest") |
|
|
|
first= |
|
|
|
if ! [ -e "$CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path" ]; then |
|
|
|
debug "No file $CONFIGSTORE/$MASTER_TARGET_SERVICE_NAME$password_path, creating password file." || true |
|
|
@ -369,16 +378,16 @@ apache_passwd_file() { |
|
|
|
|
|
|
|
## Produce the full statements depending on relation-get informations |
|
|
|
apache_vhost_statement() { |
|
|
|
local type="$1" protocols="$2" cfg="$3" \ |
|
|
|
local type="$1" protocols="$2" cfg="$3" domain="$4" \ |
|
|
|
vhost_statement |
|
|
|
|
|
|
|
if is_protocol_enabled http "$protocols"; then |
|
|
|
__vhost_full_vhost_statement "$type" http "$cfg" || return 1 |
|
|
|
__vhost_full_vhost_statement "$type" http "$cfg" "$domain" || return 1 |
|
|
|
fi |
|
|
|
if is_protocol_enabled https "$protocols"; then |
|
|
|
read-0 ssl_plugin_fun ssl_cfg_value ssl_cfg_options < <(ssl_get_plugin_fun "$cfg") || return 1 |
|
|
|
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" || return 1 |
|
|
|
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg") || return 1 |
|
|
|
"$ssl_plugin_fun"_vars "$cfg" "$ssl_cfg_options" "$ssl_cfg_value" "$domain" || return 1 |
|
|
|
vhost_statement=$(__vhost_full_vhost_statement "$type" https "$cfg" "$domain") || return 1 |
|
|
|
cat <<EOF |
|
|
|
|
|
|
|
<IfModule mod_ssl.c> |
|
|
@ -509,14 +518,13 @@ EOF |
|
|
|
|
|
|
|
|
|
|
|
password-path-get() { |
|
|
|
local cfg="$1" domain |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
echo /etc/apache2/sites-enabled/${domain}.passwd |
|
|
|
local dest="$1" |
|
|
|
echo "/etc/apache2/sites-enabled/${dest}.passwd" |
|
|
|
} |
|
|
|
|
|
|
|
__vhost_creds_statement() { |
|
|
|
local cfg="$1" password_path |
|
|
|
password_path=$(password-path-get "$cfg") || return 1 |
|
|
|
local cfg="$1" dest="$2" password_path |
|
|
|
password_path=$(password-path-get "$dest") || return 1 |
|
|
|
if ! e "$cfg" | cfg-get-value creds >/dev/null 2>&1; then |
|
|
|
echo "Allow from all" |
|
|
|
return 0 |
|
|
@ -533,8 +541,7 @@ EOF |
|
|
|
|
|
|
|
|
|
|
|
__vhost_head_statement() { |
|
|
|
local cfg="$1" protocol="$2" server_aliases admin_mail |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
local cfg="$1" protocol="$2" domain="$3" server_aliases admin_mail prefix |
|
|
|
admin_mail=$(e "$1" | cfg-get-value "admin-mail" 2>/dev/null) || true |
|
|
|
server_aliases=$(e "$cfg" | cfg-get-value server-aliases 2>/dev/null) || true |
|
|
|
[ "$server_aliases" == None ] && server_aliases="" |
|
|
@ -664,7 +671,7 @@ target-get() { |
|
|
|
} |
|
|
|
|
|
|
|
__vhost_proxy_statement() { |
|
|
|
local protocol="$1" cfg="$2" |
|
|
|
local protocol="$1" cfg="$2" dest="$3" |
|
|
|
|
|
|
|
target=$(target-get "$cfg") || return 1 |
|
|
|
|
|
|
@ -684,7 +691,7 @@ __vhost_proxy_statement() { |
|
|
|
ProxyVia On |
|
|
|
ProxyPass / http://$target/ retry=0 |
|
|
|
<Location / > |
|
|
|
$(__vhost_creds_statement "$cfg" | prefix " ") |
|
|
|
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ") |
|
|
|
ProxyPassReverse / |
|
|
|
</Location> |
|
|
|
$([ "$protocol" == "https" ] && echo " SSLProxyEngine On") |
|
|
@ -699,11 +706,11 @@ EOF |
|
|
|
} |
|
|
|
|
|
|
|
__vhost_full_vhost_statement() { |
|
|
|
local type="$1" protocol="$2" cfg="$3" head_statement custom_rules content_statement |
|
|
|
local type="$1" protocol="$2" cfg="$3" domain="$4" head_statement custom_rules content_statement |
|
|
|
|
|
|
|
head_statement=$(__vhost_head_statement "$cfg" "$protocol") || return 1 |
|
|
|
head_statement=$(__vhost_head_statement "$cfg" "$protocol" "$domain") || return 1 |
|
|
|
custom_rules=$(__vhost_custom_rules "$cfg") || return 1 |
|
|
|
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg") || return 1 |
|
|
|
content_statement=$(__vhost_content_statement "$type" "$protocol" "$cfg" "${domain:-html}") || return 1 |
|
|
|
|
|
|
|
case "$protocol" in |
|
|
|
https) |
|
|
@ -733,9 +740,8 @@ EOF |
|
|
|
} |
|
|
|
|
|
|
|
__vhost_publish_dir_statement() { |
|
|
|
local protocol="$1" cfg="$2" |
|
|
|
domain=$(get_domain "$cfg") || return 1 |
|
|
|
local_path="/var/www/${domain}" |
|
|
|
local protocol="$1" cfg="$2" dest="$3" dest |
|
|
|
local_path="/var/www/${dest}" |
|
|
|
|
|
|
|
cat <<EOF |
|
|
|
## |
|
|
@ -752,7 +758,7 @@ DocumentRoot $local_path |
|
|
|
<Directory $local_path> |
|
|
|
Options Indexes FollowSymLinks MultiViews |
|
|
|
AllowOverride all |
|
|
|
$(__vhost_creds_statement "$cfg" | prefix " ") |
|
|
|
$(__vhost_creds_statement "$cfg" "$dest" | prefix " ") |
|
|
|
</Directory> |
|
|
|
|
|
|
|
EOF |
|
|
|