8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber#!/sbin/sh
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber#
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn# CDDL HEADER START
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber#
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn# The contents of this file are subject to the terms of the
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn# Common Development and Distribution License (the "License").
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn# You may not use this file except in compliance with the License.
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn#
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
dc76ac7ab5295b8ad40ac57c51e03da4dbd28479Serge Hallyn# or http://www.opensolaris.org/os/licensing.
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# See the License for the specific language governing permissions
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# and limitations under the License.
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber#
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# When distributing Covered Code, include this CDDL HEADER in each
198b363fff1de9afcee2f26b9aa847316f589afeSerge Hallyn# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# If applicable, add the following below this CDDL HEADER, with the
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# fields enclosed by brackets "[]" replaced with your own identifying
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# information: Portions Copyright [yyyy] [name of copyright owner]
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber#
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber# CDDL HEADER END
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin#
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin#
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin#
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin. /lib/svc/share/smf_include.sh
a5c28c86f56835fa3e0915558e05390dd0a79580Aleksandr Mezin. /lib/svc/share/ipf_include.sh
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberAPACHE_HOME=/usr/apache2/2.2
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberCONF_FILE=/etc/vpanels/httpd.conf
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberPIDFILE=/var/run/apache2/httpd.pid
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberTEMPLATE="/etc/vpanels/httpd_conf.templ"
dc76ac7ab5295b8ad40ac57c51e03da4dbd28479Serge HallynAPACHE_CONF="/var/run/httpd.conf"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberSERVER_PG="httpd"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberLISTEN_PORTS=""
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane Graber
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberCAT="/usr/bin/cat"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberCMP="/usr/bin/cmp"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberCP="/usr/bin/cp"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberECHO="usr/bin/echo"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberGREP="/usr/bin/grep"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberMKDIR="/usr/bin/mkdir"
8da250dad4b11c4983031742a83fb8f358044fe0Stéphane GraberMV="/usr/bin/mv"
RM="/usr/bin/rm"
SED="/usr/bin/sed"
SORT="/usr/bin/sort"
SVCPROP="/usr/bin/svcprop"
TR="/usr/bin/tr"
UNIQ="/usr/bin/uniq"
vhost_is_enabled()
{
enabled=`$SVCPROP -p ${1}/enabled ${SMF_FMRI}`
if [ "$enabled" = "false" ]; then
return 1;
else
return 0;
fi
}
#
# Add the given port to LISTEN_PORTS
#
add_listen_port()
{
LISTEN_PORTS="${LISTEN_PORTS} ${1}"
}
# Create additional module directives from vhost configurations. Modules
# additions are in server config context so this methods has to run
# before any call to generate_vhost()
#
process_modules()
{
mods=`mktemp /tmp/apache_mod.XXXXXX`
if [ -z "$mods" ]; then
exit 1
fi
# Get a list of enabled virtual host.
list="$SERVER_PG"
for vhost in $1
do
vhost_is_enabled $vhost && list="$list $vhost"
done
for pg in $list
do
modules=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/module" | \
awk ' { printf("%s ", $1) }'`
for module in $modules
do
set -- `$SVCPROP -p $module ${SMF_FMRI}`
if echo "$1" | grep "MODULE:" >/dev/null 2>&1; then
modname=`echo $1 | cut -f2 -d ':'`
file=$2
else
modname=`echo $2 | cut -f2 -d ':'`
file=$1
fi
echo "LoadModule $modname $file" >>$mods
done
done
if [ -f $mods ]; then
$CAT $mods | $SORT -u >$mods
$CAT $mods >>$APACHE_CONF
echo "">>$APACHE_CONF
fi
}
# Put additional mime definitions into vhost configurations
#
process_mimes()
{
pg=$1
mimes=`$SVCPROP $SMF_FMRI | /usr/xpg4/bin/grep "^$pg\/mime" | \
awk ' { printf("%s ", $1) }'`
for mime in $mimes
do
Mimetype=""
ext=""
set -- `$SVCPROP -p $mime $SMF_FMRI`
for arg in "$@"
do
if echo "$arg" | grep "MIME:" >/dev/null 2>&1; then
Mimetype=`echo $arg | cut -f2 -d ':'`
else
ext="$ext $arg"
fi
done
ext=`echo "$ext" | sed 's/[,|\\]/ /g'`
echo "AddType $Mimetype $ext" >>$APACHE_CONF
done
}
# Create vhost configuration in APACHE_CONF for
# named vhost.
#
generate_vhost()
{
vhost_name="$1"
# Don't bother if this vhost is disabled
vhost_is_enabled $vhost || return 0
sslengine=`$SVCPROP -p ${vhost_name}/sslengine ${SMF_FMRI}`
echo "" >>$APACHE_CONF
if [ "$sslengine" = "true" ]; then
sslcert=`$SVCPROP -p ${vhost_name}/sslcert ${SMF_FMRI}`
sslkey=`$SVCPROP -p ${vhost_name}/sslkey ${SMF_FMRI}`
sslip=`$SVCPROP -p ${vhost_name}/sslip ${SMF_FMRI}`
sslport=`$SVCPROP -p ${vhost_name}/sslport ${SMF_FMRI}`
echo "Listen ${sslip}:${sslport}" >>$APACHE_CONF
echo "<VirtualHost ${sslip}:${sslport}>" >>$APACHE_CONF
echo "SSLEngine on" >>$APACHE_CONF
echo "SSLCertificateFile ${sslcert}" >>$APACHE_CONF
echo "SSLCertificateKeyFile ${sslkey}" >>$APACHE_CONF
else
port=`$SVCPROP -p ${vhost_name}/port ${SMF_FMRI}`
add_listen_port $port
echo "<VirtualHost *:${port}>" >>$APACHE_CONF
fi
process_mimes $vhost_name
docroot=`$SVCPROP -p ${vhost_name}/docroot ${SMF_FMRI}`
use_custom=`$SVCPROP -p ${vhost_name}/custom_conf ${SMF_FMRI}`
custom_file=`$SVCPROP -p ${vhost_name}/custom_file ${SMF_FMRI}`
domain=`$SVCPROP -p ${vhost_name}/domain ${SMF_FMRI}`
serve_home_dir=`$SVCPROP -p ${vhost_name}/serve_home_dir ${SMF_FMRI}`
# Create DocumentRoot directive if it's not empty. Also
# create a Directory section with default permission for
# the specified DocumentRoot directory
#
if [ "$docroot" != "\"\"" ]; then
echo "DocumentRoot ${docroot}" >>$APACHE_CONF
echo "<Directory \"${docroot}\" >" >>$APACHE_CONF
echo "Options Indexes Includes FollowSymLinks " \
"SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF
echo "AllowOverride None" >>$APACHE_CONF
echo "Order allow,deny" >>$APACHE_CONF
echo "Allow from all" >>$APACHE_CONF
echo "</Directory> " >>$APACHE_CONF
fi
if [ "$use_custom" = "true" ]; then
if [ "$custom_file" != "\"\"" ]; then
echo "Include ${custom_file}" >>$APACHE_CONF
fi
fi
if [ "$serve_home_dir" = "true" ]; then
echo "UserDir public_html" >>$APACHE_CONF
echo "<Directory /home/*/public_html>" >>$APACHE_CONF
echo " AllowOverride Options FileInfo AuthConfig Limit" >>$APACHE_CONF
echo " Options Indexes Includes FollowSymLinks " \
"SymLinksifOwnerMatch ExecCGI MultiViews" >>$APACHE_CONF
echo " <Limit GET POST OPTIONS>" >>$APACHE_CONF
echo " Order allow,deny" >>$APACHE_CONF
echo " Allow from all" >>$APACHE_CONF
echo " </Limit>" >>$APACHE_CONF
echo " <LimitExcept GET POST OPTIONS>" >>$APACHE_CONF
echo " Order deny,allow" >>$APACHE_CONF
echo " Allow from all" >>$APACHE_CONF
echo " </LimitExcept>" >>$APACHE_CONF
echo "</Directory>" >>$APACHE_CONF
fi
echo "ServerName ${domain}" >>$APACHE_CONF
echo "</VirtualHost>" >>$APACHE_CONF
}
get_vhost_list()
{
svccfg -s $1 listpg | awk ' {
if (($1 ~ /^vhost/) && ($2 == "application"))
printf("%s ", $1)
}'
}
gen_conf_file()
{
httpd_custom_file=`$SVCPROP -p ${SERVER_PG}/custom_file ${SMF_FMRI}`
httpd_sslengine=`$SVCPROP -p ${SERVER_PG}/sslengine ${SMF_FMRI}`
httpd_custom_conf=`$SVCPROP -p ${SERVER_PG}/custom_conf ${SMF_FMRI}`
# Generate general parameters
if [ "$httpd_custom_conf" = "true" ]; then
$RM ${CONF_FILE} >/dev/null 2>&1
ln -s ${httpd_custom_file} ${CONF_FILE}
exit 0
else
$CP $TEMPLATE $APACHE_CONF
fi
if [ "$httpd_sslengine" = "true" ]; then
echo "\n SSLEngine on" >>$APACHE_CONF
fi
# Get the list of vhost names
vhost_list=`get_vhost_list ${SMF_FMRI}`
# Add mimes for server and modules for both server and virtual hosts
process_modules "${vhost_list}"
process_mimes "${SERVER_PG}"
# Make sure root user's home directory is disabled
echo "UserDir disabled root" >>$APACHE_CONF
# Generate vhost clauses in configuration file
for vhost in $vhost_list
do
generate_vhost $vhost
done
echo >> $APACHE_CONF
# Add a "Listen <port>" line for each uniqe port
echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' |
"$SORT" | "$UNIQ" | "$SED" 's/^/Listen /' >> $APACHE_CONF
# Add a "NameVirtualHost: *:<port>" line for each duplicate port
echo "$LISTEN_PORTS" | "$TR" ' ' '\n' | "$GREP" '^[0-9][0-9]*$' |
"$SORT" | "$UNIQ" -d |
"$SED" 's/^/NameVirtualHost *:/' >> $APACHE_CONF
replace_file $CONF_FILE $APACHE_CONF
}
gen_ipf_conf()
{
FMRI=$1
ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
policy=`get_policy ${FMRI}`
echo "# $FMRI" >$ipf_file
# rules for global port
port=`$SVCPROP -p ${SERVER_PG}/port ${FMRI} 2>/dev/null`
generate_rules $FMRI $policy "tcp" "any" $port $ipf_file
# rules for virtual hosts
vhost_list=`get_vhost_list ${FMRI}`
for vhost in $vhost_list
do
ip="any"
sslengine=`$SVCPROP -p ${vhost}/sslengine ${FMRI} 2>/dev/null`
if [ "$sslengine" = "true" ]; then
ip=`$SVCPROP -p ${vhost}/sslip ${FMRI} 2>/dev/null`
port=`$SVCPROP -p ${vhost}/sslport ${FMRI} 2>/dev/null`
else
port=`$SVCPROP -p ${vhost}/port ${FMRI} 2>/dev/null`
fi
generate_rules $FMRI $policy "tcp" $ip $port $ipf_file
done
}
case "$1" in
start)
gen_conf_file
$RM -f ${PIDFILE}
$MKDIR -p /var/run/apache2
cmd="-DSSL -k start"
;;
refresh)
gen_conf_file
cmd="-k graceful"
;;
stop)
cmd="-k stop"
;;
ipfilter)
gen_ipf_conf $2
exit $SMF_EXIT_OK
;;
*)
echo "Usage: $0 {start|stop|refresh}"
exit 1
;;
esac
[ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG
exec ${APACHE_HOME}/bin/apachectl -f $CONF_FILE $cmd 2>&1