paramecio/apache
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added support to mod_md with letsencrypt

Browse source
This commit is contained in:
Antonio de la Rosa 2024-09-03 23:33:42 +02:00
parent 52669ad169
commit 5883de45dd
4 changed files with 73 additions and 183 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/install_apache.py
View file

@ -9,7 +9,7 @@ linux.json_log('Installing Apache server', error=0, status=0, progress=0, no_pro
debian_package='apache2 logrotate socat curl'
redhat_package='httpd mod_ssl openssl tar socat policycoreutils-python-utils wget';
redhat_package='httpd mod_ssl mod_md openssl tar socat policycoreutils-python-utils wget';
linux_package={'debian' : debian_package, 'ubuntu' : debian_package, 'fedora' : redhat_package, 'almalinux' : redhat_package, 'rocky' : redhat_package, 'arch' : 'apache'}
@ -86,7 +86,7 @@ if linux_distro=='rocky' or linux_distro=='almalinux' or linux_distro=='fedora':
if linux_distro=='ubuntu' or linux_distro=='debian':
activate_modules={'debian' : "sudo a2enmod ssl rewrite proxy proxy_fcgi headers"}
activate_modules={'debian' : "sudo a2enmod ssl rewrite proxy proxy_fcgi headers md"}
activate_modules['ubuntu']=create_vhost_file['debian'];
@ -105,8 +105,14 @@ if linux_distro=='arch':
load_proxy_fcgi={'arch': ['#LoadModule proxy_fcgi_module modules\/mod_proxy_fcgi.so', "LoadModule proxy_fcgi_module modules\/mod_proxy_fcgi.so", '/etc/httpd/conf/httpd.conf']}
load_proxy_fcgi['arch'].append(['#LoadModule md_module modules\/mod_md.so', 'LoadModule md_module modules\/mod_md.so', '/etc/httpd/conf/httpd.conf'])
linux.sed(load_proxy_fcgi)
load_proxy_md['arch'].append(['#LoadModule md_module modules\/mod_md.so', 'LoadModule md_module modules\/mod_md.so', '/etc/httpd/conf/httpd.conf'])
linux.sed(load_proxy_md)
#Options Indexes FollowSymLinks
quit_indexes={'arch': ['Options Indexes FollowSymLinks', 'Options FollowSymLinks', '/etc/httpd/conf/httpd.conf']}
@ -129,4 +135,6 @@ linux_service={'debian' : 'apache2', 'ubuntu' : 'apache2', 'fedora' : 'httpd', '
linux.systemd_service('restart', linux_service)
linux.systemd_service('enable', linux_service)
linux.json_log('Apache server installed successfully!', error=0, status=0, progress=100, no_progress=0)

226
scripts/manage_apache.py
View file

@ -168,10 +168,57 @@ def manage():
json_return['progress']=0
json_return['message']='Preparing SSL virtualhost'
print(json.dumps(json_return))
#print(json.dumps(json_return))
#Make letsencrypt
"""
MDContactEmail antonio.delarosa@salirdelhoyo.com
MDCertificateAgreement accepted
MDomain foro.desiertoslejanos.org
SSLEngine on
"""
vhost_ssl=vhost_ssl.replace('$port', args.ssl_port)
vhost_ssl=vhost_ssl.replace('$ip', args.ip)
vhost_ssl=vhost_ssl.replace('$email', args.email)
vhost_ssl=vhost_ssl.replace('$domain', args.domain)
#ServerAlias www.$domain
vhost_ssl=vhost_ssl.replace('$ServerAlias', aliases)
vhost_ssl=vhost_ssl.replace('$rootDir', real_root_dir)
vhost_ssl=vhost_ssl.replace('$Indexes', indexes)
vhost_ssl=vhost_ssl.replace('$AllowOverride', allow_override)
vhost_ssl=vhost_ssl.replace('$apache_cmd', apache_cmd)
vhost_ssl_md=[]
vhost_ssl_md.append("MDContactEmail {}".format(args.email))
vhost_ssl_md.append("MDCertificateAgreement accepted")
vhost_ssl_md.append("MDomain {}".format(args.domain))
if debug:
#vhost_ssl_md.append("LE Test Setup")
vhost_ssl_md.append("MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory")
vhost_ssl="\n".join(vhost_ssl_md)+"\n"+vhost_ssl
vhost_ssl=vhost_ssl.replace('# SSL Options', "SSLEngine on")
if args.redirect_ssl:
print("Adding redirect http to https...")
ssl_options_http=("RewriteEngine On",
"RewriteCond %{HTTPS} !=on",
"RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]")
vhost=vhost.replace('# SSL Options', "\n".join(ssl_options_http))
vhost+="\n\n"+vhost_ssl
json_return={'error':0, 'status': 0, 'progress': 100, 'no_progress':0, 'message': 'Creating SSL Cert with Letsencrypt using mod_md...'}
print(json.dumps(json_return))
"""
ssl_debug=''
if debug:
@ -244,7 +291,7 @@ def manage():
vhost+="\n\n"+vhost_ssl
pass
"""
if type_ssl==2:
vhost_ssl=vhost_ssl.replace('$port', args.ssl_port)
vhost_ssl=vhost_ssl.replace('$ip', args.ip)
@ -294,84 +341,11 @@ def manage():
pass
# Get php version and install
"""
if args.type_cgi!=None:
if 'php' in args.type_cgi:
check_php_version(args.type_cgi, args.user)
#Add php support to virtualhost
# ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/path/to/your/documentroot/$1
# ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/path/to/socket.sock|fcgi://localhost/path/to/your/documentroot/
# ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php-8.2-hosting.sock|fcgi://localhost/var/www/sites/coesinfo/prueba.cuchulu.com/htdocs/$1
number_version=php_version[args.type_cgi].replace('php', '')
# /run\/php\/php-"+number_version.replace('.', '\.')+"-{}.sock
php_line="# PHP Options\nProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php-{}-{}.sock|fcgi://localhost{}/$1".format(number_version, args.user, real_root_dir)
#print(php_line)
vhost=vhost.replace('# PHP Options', php_line)
print('Adding php configuration to virtualhost...')
"""
#time.sleep(1)
# Add user
#err, txt=add_user(args.user)
"""
if err:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: user exists'
print(json.dumps(json_return))
sys.exit(1)
"""
"""
json_return['progress']=30
json_return['message']='Created user for this site'
print(json.dumps(json_return))
time.sleep(1)
"""
if args.operation=='add':
# Add site directory
"""
yes_chown=False
if not os.path.isdir(args.root_dir):
yes_chown=True
p=Path(real_root_dir)
try:
p.mkdir(mode=0o755, parents=True, exist_ok=False)
#Change owner
#if yes_chown:
#shutil.chown('../'+args.root_dir, args.user, args.user)
if call(("sudo chown -R {}:{} "+args.root_dir).format(args.user, args.user), shell=True, stdout=DEVNULL) > 0:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: cannot set the directory permissions'
else:
shutil.chown(real_root_dir, args.user, args.user)
except FileNotFoundError:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: cannot create the site directory'
print(json.dumps(json_return))
sys.exit(1)
"""
# Add user
@ -458,27 +432,10 @@ def manage():
# Save virtualhost
virtualhost_base='/etc/'+apache_cmd+'/vhosts.d'
"""
p=Path(virtualhost_base)
try:
p.mkdir(mode=0o755, parents=True, exist_ok=True)
except FileNotFoundError:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: cannot create the apache vhost directory'
print(json.dumps(json_return))
sys.exit(1)
"""
virtualhost_path=virtualhost_base+'/%s.conf' % (args.domain)
#virtualhost_enabled_path='/etc/'+apache_cmd+'/vhosts.d/%s.conf' % args.domain
with open(virtualhost_path, 'w') as f:
f.write(vhost)
@ -568,21 +525,6 @@ def manage():
#virtualhost_enabled_path='/etc/'+apache_cmd+'/vhosts.d/%s.conf' % args.domain
# Delete first apache configuration
"""
try:
os.unlink(virtualhost_enabled_path)
except:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: I cannot remove symbolic link of apache file config'
print(json.dumps(json_return))
exit(1)
"""
try:
os.remove(virtualhost_path)
@ -654,23 +596,9 @@ def manage():
if args.root_dir:
shutil.rmtree(args.root_dir)
#os.seteuid(0)
# Delete user of virtualhost
#err, txt=del_user(args.user)
"""
if err:
json_return['error']=1
json_return['status']=1
json_return['progress']=100
json_return['message']='Error: I cannot remove the user'
print(json.dumps(json_return))
exit(1)
"""
# Done
json_return['progress']=100
@ -680,61 +608,5 @@ def manage():
#time.sleep(1)
# Function check php version and install if necessary
def check_php_version(version, user):
linux_distro=distro.id()
if linux_distro=='debian' or linux_distro=='ubuntu':
php_packages={'php74': 'php7.4 php7.4-curl php7.4-dom php7.4-gd php7.4-xml php7.4-mbstring php7.4-zip php7.4-fileinfo php7.4-ctype php7.4-simplexml php7.4-xmlreader php7.4-xmlwriter php7.4-mysql php7.4-bz2 php7.4-intl php7.4-ldap php7.4-imap php7.4-bcmath php7.4-gmp php7.4-exif php7.4-opcache php7.4-redis php7.4-memcached php7.4-fpm', 'php80': 'php8.0 php8.0-curl php8.0-dom php8.0-gd php8.0-xml php8.0-mbstring php8.0-zip php8.0-fileinfo php8.0-ctype php8.0-simplexml php8.0-xmlreader php8.0-xmlwriter php8.0-mysql php8.0-bz2 php8.0-intl php8.0-ldap php8.0-imap php8.0-bcmath php8.0-gmp php8.0-exif php8.0-opcache php8.0-redis php8.0-memcached php8.0-fpm', 'php81': 'php8.1 php8.1-curl php8.1-dom php8.1-gd php8.1-xml php8.1-mbstring php8.1-zip php8.1 php8.1-fileinfo php8.1-ctype php8.1-simplexml php8.1-xmlreader php8.1-xmlwriter php8.1-mysql php8.1-bz2 php8.1-intl php8.1-ldap php8.1-imap php8.1-bcmath php8.1-gmp php8.1-exif php8.1-opcache php8.1-redis php8.1-memcached php8.1-fpm', 'php82': 'php8.2 php8.2-curl php8.2-dom php8.2-gd php8.2-xml php8.2-mbstring php8.2-zip php8.2 php8.2-fileinfo php8.2-ctype php8.2-simplexml php8.2-xmlreader php8.2-xmlwriter php8.2-mysql php8.2-bz2 php8.2-intl php8.2-ldap php8.2-imap php8.2-bcmath php8.2-gmp php8.2-exif php8.2-opcache php8.2-redis php8.2-memcached php8.2-fpm'}
if version in php_version:
#apt-get install php php-curl php-dom php-gd php-xml php-mbstring php-zip php-json php-fileinfo php-ctype php-simplexml php-xmlreader php-xmlwriter php-mysql php-bz2 php-intl php-ldap php-imap php-bcmath php-gmp php-exif php-opcache php-redis php-memcached
print('Checking install of php %s' % php_version[version])
number_version=php_version[version].replace('php', '')
try:
output=subprocess.check_output(['dpkg', '-l', 'php-'+number_version+'*'])
output=output.decode('utf-8')
except:
if call("sudo apt-get -y install %s && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi rewrite" % (php_packages[version]), shell=True) > 0:
print('Error, cannot install PHP...')
exit(1)
# Install php-fpm
# /etc/php/8.2/fpm/pool.d/www.conf
# sed -i 's/old-text/new-text/g' input.txt
#listen = /run/php/php8.2-fpm.sock
cmd="sudo cp /etc/php/"+number_version+"/fpm/pool.d/www.conf /etc/php/"+number_version+"/fpm/pool.d/{}.conf && sudo sed -i 's/^user = www-data/user = {}/g' /etc/php/"+number_version+"/fpm/pool.d/{}.conf && sudo sed -i 's/^group = www-data/group = {}/g' /etc/php/"+number_version+"/fpm/pool.d/{}.conf && sudo sed -i 's/\[www\]/[{}]/g' /etc/php/"+number_version+"/fpm/pool.d/{}.conf \
&& sudo sed -i 's/^listen = \/run\/php\/php"+number_version.replace('.', '\.')+"\-fpm\.sock/listen = \/run\/php\/php-"+number_version.replace('.', '\.')+"-{}.sock/g' /etc/php/"+number_version+"/fpm/pool.d/{}.conf"
cmd=cmd.format(user, user, user, user, user, user, user, user, user)
if call(cmd, shell=True) > 0:
print('Error, cannot update PHP-FPM...')
exit(1)
if call('systemctl restart php'+number_version+'-fpm.service', shell=True) > 0:
print('Error, cannot restart PHP-FPM...')
exit(1)
pass
# Reinstall php-fpm
if __name__=='__main__':
manage()

7
tasks/apache/apache/add_vhost.py
View file

@ -66,7 +66,12 @@ class ServerTask(Task):
if self.data.get('password', '')!='':
password='--password=%s' % self.data.get('password', '')
self.commands_to_execute=[['modules/apache/scripts/manage_apache.py', '--operation=add --domain=%s --email=%s --user=%s --root_dir=%s --type_cgi=%s --ip=%s --port=%s %s %s %s' % (self.data['domain'], self.data['email'], self.data['user'], self.data['root_dir'], self.data['cgi_type'], self.data['ip'], self.data['port'], password, indexes, allow_override), 'sudo']]
debug_opt=''
if 'debug' in self.data:
debug_opt='--debug'
self.commands_to_execute=[['modules/apache/scripts/manage_apache.py', '--operation=add --domain=%s --email=%s --user=%s --root_dir=%s --type_cgi=%s --ip=%s --%s --port=%s %s %s %s' % (self.data['domain'], self.data['email'], self.data['user'], self.data['root_dir'], self.data['cgi_type'], self.data['ip'], debug_opt, self.data['port'], password, indexes, allow_override), 'sudo']]
return True

7
tasks/apache/apache/edit_vhost.py
View file

@ -117,7 +117,12 @@ class ServerTask(Task):
self.commands_to_execute.append(['modules/apache/scripts/delete_php.py', '--domain=%s' % self.data['domain']])
self.commands_to_execute.append(['modules/apache/scripts/manage_apache.py', '--operation=edit --domain=%s --email=%s --user=%s --root_dir=%s --type_cgi=%s --ip=%s --port=%s --ssl=%s --ssl_port=%s --aliases=%s %s %s %s' % (self.data['domain'], self.data['email'], self.data['user'], self.data['root_dir'], self.data['cgi_type'], self.data['ip'], self.data['port'], self.data['ssl'], self.data['ssl_port'], self.data['aliases'], indexes, allow_override, redirect_ssl), 'sudo'])
debug_opt=''
if 'debug' in self.data:
debug_opt='--debug'
self.commands_to_execute.append(['modules/apache/scripts/manage_apache.py', '--operation=edit %s --domain=%s --email=%s --user=%s --root_dir=%s --type_cgi=%s --ip=%s --port=%s --ssl=%s --ssl_port=%s --aliases=%s %s %s %s' % (debug_opt, self.data['domain'], self.data['email'], self.data['user'], self.data['root_dir'], self.data['cgi_type'], self.data['ip'], self.data['port'], self.data['ssl'], self.data['ssl_port'], self.data['aliases'], indexes, allow_override, redirect_ssl), 'sudo'])
#print(self.commands_to_execute[0])
return True
"""