mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
9aa7d4e818
- Removes old/dead files - Refactors file path/location, backward compatible to filepaths in systemvm.isoa - Fixes failures around apache2
213 lines
6.8 KiB
Bash
Executable File
213 lines
6.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
help() {
|
|
printf " -c use customized key/cert\n"
|
|
printf " -k path of private key\n"
|
|
printf " -p path of certificate of public key\n"
|
|
printf " -t path of certificate chain\n"
|
|
printf " -u path of root ca certificate \n"
|
|
}
|
|
|
|
|
|
config_httpd_conf() {
|
|
local ip=$1
|
|
local srvr=$2
|
|
cp -f /etc/httpd/conf/httpd.conf.orig /etc/httpd/conf/httpd.conf
|
|
sed -i -e "s/Listen.*:80$/Listen $ip:80/" /etc/httpd/conf/httpd.conf
|
|
echo "<VirtualHost $ip:443> " >> /etc/httpd/conf/httpd.conf
|
|
echo " DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
|
|
echo " ServerName $srvr" >> /etc/httpd/conf/httpd.conf
|
|
echo " SSLEngine on" >> /etc/httpd/conf/httpd.conf
|
|
echo " SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/httpd.conf
|
|
echo " SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >> /etc/httpd/conf/httpd.conf
|
|
echo " SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
|
|
echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
|
|
}
|
|
|
|
config_apache2_conf() {
|
|
local ip=$1
|
|
local srvr=$2
|
|
cp -f /etc/apache2/sites-available/default.orig /etc/apache2/sites-available/default
|
|
cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
|
|
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
|
|
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
|
|
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
|
|
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
|
|
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
|
|
if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
|
|
then
|
|
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl
|
|
fi
|
|
|
|
SSL_FILE="/etc/apache2/sites-available/default-ssl"
|
|
PATTERN="RewriteRule ^\/upload\/(.*)"
|
|
CORS_PATTERN="Header set Access-Control-Allow-Origin"
|
|
if [ -f $SSL_FILE ]; then
|
|
if grep -q "$PATTERN" $SSL_FILE ; then
|
|
echo "rewrite rules already exist in file $SSL_FILE"
|
|
else
|
|
echo "adding rewrite rules to file: $SSL_FILE"
|
|
sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE
|
|
sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE
|
|
sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE
|
|
sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE
|
|
fi
|
|
if grep -q "$CORS_PATTERN" $SSL_FILE ; then
|
|
echo "cors rules already exist in file $SSL_FILE"
|
|
else
|
|
echo "adding cors rules to file: $SSL_FILE"
|
|
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE
|
|
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE
|
|
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE
|
|
fi
|
|
fi
|
|
|
|
}
|
|
|
|
copy_certs() {
|
|
local certdir=$(dirname $0)/certs
|
|
local mydir=$(dirname $0)
|
|
if [ -d $certdir ] && [ -f $customPrivKey ] && [ -f $customPrivCert ] ; then
|
|
mkdir -p /etc/httpd/ssl/keys && mkdir -p /etc/httpd/ssl/certs && cp $customprivKey /etc/httpd/ssl/keys && cp $customPrivCert /etc/httpd/ssl/certs
|
|
return $?
|
|
fi
|
|
if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then
|
|
cp $customCertChain /etc/httpd/ssl/certs
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
copy_certs_apache2() {
|
|
local certdir=$(dirname $0)/certs
|
|
local mydir=$(dirname $0)
|
|
if [ -f $customPrivKey ] && [ -f $customPrivCert ] ; then
|
|
cp $customPrivKey /etc/ssl/private/cert_apache.key && cp $customPrivCert /etc/ssl/certs/cert_apache.crt
|
|
fi
|
|
if [ ! -z "$customCertChain" ] && [ -f "$customCertChain" ] ; then
|
|
cp $customCertChain /etc/ssl/certs/cert_apache_chain.crt
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
|
|
cflag=
|
|
cpkflag=
|
|
cpcflag=
|
|
cccflag=
|
|
customPrivKey=$(dirname $0)/certs/realhostip.key
|
|
customPrivCert=$(dirname $0)/certs/realhostip.crt
|
|
customCertChain=
|
|
customCACert=
|
|
publicIp=
|
|
hostName=
|
|
keyStore=$(dirname $0)/certs/realhostip.keystore
|
|
defaultJavaKeyStoreFile=/etc/ssl/certs/java/cacerts
|
|
defaultJavaKeyStorePass="changeit"
|
|
aliasName="CPVMCertificate"
|
|
storepass="vmops.com"
|
|
while getopts 'i:h:k:p:t:u:c' OPTION
|
|
do
|
|
case $OPTION in
|
|
c) cflag=1
|
|
;;
|
|
k) cpkflag=1
|
|
customPrivKey="$OPTARG"
|
|
;;
|
|
p) cpcflag=1
|
|
customPrivCert="$OPTARG"
|
|
;;
|
|
t) cccflag=1
|
|
customCertChain="$OPTARG"
|
|
;;
|
|
u) ccacflag=1
|
|
customCACert="$OPTARG"
|
|
;;
|
|
i) publicIp="$OPTARG"
|
|
;;
|
|
h) hostName="$OPTARG"
|
|
;;
|
|
?) help
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
if [ -z "$publicIp" ] || [ -z "$hostName" ]
|
|
then
|
|
help
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$cflag" == "1" ]
|
|
then
|
|
if [ "$cpkflag$cpcflag" != "11" ]
|
|
then
|
|
help
|
|
exit 1
|
|
fi
|
|
if [ ! -f "$customPrivKey" ]
|
|
then
|
|
printf "private key file does not exist\n"
|
|
exit 2
|
|
fi
|
|
|
|
if [ ! -f "$customPrivCert" ]
|
|
then
|
|
printf "public certificate does not exist\n"
|
|
exit 3
|
|
fi
|
|
|
|
if [ "$cccflag" == "1" ]
|
|
then
|
|
if [ ! -f "$customCertChain" ]
|
|
then
|
|
printf "certificate chain does not exist\n"
|
|
exit 4
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ -d /etc/apache2 ]
|
|
then
|
|
copy_certs_apache2
|
|
else
|
|
copy_certs
|
|
fi
|
|
|
|
if [ $? -ne 0 ]
|
|
then
|
|
echo "Failed to copy certificates"
|
|
exit 2
|
|
fi
|
|
|
|
if [ -f "$customCACert" ]
|
|
then
|
|
keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt
|
|
keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customCACert
|
|
keytool -importkeystore -srckeystore $defaultJavaKeyStoreFile -destkeystore $keyStore -srcstorepass $defaultJavaKeyStorePass -deststorepass $storepass -noprompt
|
|
fi
|
|
|
|
if [ -d /etc/apache2 ]
|
|
then
|
|
config_apache2_conf $publicIp $hostName
|
|
systemctl restart apache2
|
|
else
|
|
config_httpd_conf $publicIp $hostName
|
|
fi
|