From ba0522461dd100dfdb16869b40b41003561b05e6 Mon Sep 17 00:00:00 2001 From: anthony Date: Fri, 6 Jul 2012 16:08:34 -0700 Subject: [PATCH] VPC : configure apache2 for each guest network --- .../config/etc/init.d/cloud-early-config | 21 +++++++++++++++++++ .../debian/config/opt/cloud/bin/vpc_acl.sh | 1 - .../config/opt/cloud/bin/vpc_guestnw.sh | 12 ----------- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 236abbd2729..a7f9b702e62 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -394,6 +394,26 @@ setup_sshd(){ [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config } + +setup_vpc_apache2() { + log_it "Setting up apache web server for VPC" + chkconfig apache2 off + rm -f /etc/apache2/conf.d/vhost*.conf + [ -f /etc/apache2/sites-available/default ] && echo "" >/etc/apache2/sites-available/default + [ -f /etc/apache2/sites-available/default-ssl ] && echo "">/etc/apache2/sites-available/default-ssl + [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf + [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf + [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security + + # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ + [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf + + echo "Options -Indexes" > /var/www/html/.htaccess +} + + setup_apache2() { log_it "Setting up apache web server" local ip=$1 @@ -611,6 +631,7 @@ EOF echo "$ETH0_IP $NAME" >> /etc/hosts setup_sshd $ETH0_IP + setup_vpc_apache2 enable_svc dnsmasq 1 enable_svc haproxy 1 diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh index 4ebed3abdf9..8a207e880be 100755 --- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh +++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh @@ -89,7 +89,6 @@ acl_chain_for_guest_network () { sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev 2>/dev/null # outbound sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null - sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null } diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh index ee9960c6253..7331c53ea67 100755 --- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh +++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh @@ -65,18 +65,6 @@ setup_apache2() { sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf - if [ -e "/etc/apache2/sites-enabled/000-default" ] - then - sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/000-default - fi - if [ -e "/etc/apache2/sites-enabled/default-ssl" ] - then - sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/default-ssl - fi - if [ -e "/etc/apache2/ports.conf" ] - then - sed -i -e "s/^#*/#/g" /etc/apache2/ports.conf - fi service apache2 restart sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT }