apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

VPC : configure apache2 for each guest network

Browse Source
This commit is contained in:
anthony 2012-07-06 16:08:34 -07:00 committed by Anthony Xu
parent 5756a2a73b
commit ba0522461d
3 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
patches/systemvm/debian/config/etc/init.d/cloud-early-config
View File

@ -394,6 +394,26 @@ setup_sshd(){
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
} }
setup_vpc_apache2() {
log_it "Setting up apache web server for VPC"
chkconfig apache2 off
rm -f /etc/apache2/conf.d/vhost*.conf
[ -f /etc/apache2/sites-available/default ] && echo "" >/etc/apache2/sites-available/default
[ -f /etc/apache2/sites-available/default-ssl ] && echo "">/etc/apache2/sites-available/default-ssl
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
# Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
[ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
echo "Options -Indexes" > /var/www/html/.htaccess
}
setup_apache2() { setup_apache2() {
log_it "Setting up apache web server" log_it "Setting up apache web server"
local ip=$1 local ip=$1
@ -611,6 +631,7 @@ EOF
echo "$ETH0_IP $NAME" >> /etc/hosts echo "$ETH0_IP $NAME" >> /etc/hosts
setup_sshd $ETH0_IP setup_sshd $ETH0_IP
setup_vpc_apache2
enable_svc dnsmasq 1 enable_svc dnsmasq 1
enable_svc haproxy 1 enable_svc haproxy 1

1
patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
View File

@ -89,7 +89,6 @@ acl_chain_for_guest_network () {
sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev 2>/dev/null sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev 2>/dev/null
# outbound # outbound
sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
} }

12
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -65,18 +65,6 @@ setup_apache2() {
sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf
if [ -e "/etc/apache2/sites-enabled/000-default" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/000-default
fi
if [ -e "/etc/apache2/sites-enabled/default-ssl" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/default-ssl
fi
if [ -e "/etc/apache2/ports.conf" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/ports.conf
fi
service apache2 restart service apache2 restart
sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
} }