@@ -7,35 +7,42 @@ get_password ()
77 echo $( head -n 4096 /dev/urandom | tr -cd ' [:alnum:]' | head -c ${1} )
88}
99
10+ APP_HOME_DIR_TEMPLATE=" /var/www/.app-skel"
11+
12+ OPTS_APACHE_SERVER_NAME=" ${APACHE_SERVER_NAME:- $(hostname)} "
13+ OPTS_APACHE_MOD_SSL_ENABLED=" ${APACHE_MOD_SSL_ENABLED:- false} "
14+ OPTS_APACHE_LOAD_MODULES=" ${APACHE_LOAD_MODULES:- authz_user_module log_config_module expires_module deflate_module headers_module setenvif_module mime_module status_module dir_module alias_module reqtimeout_module} "
15+ OPTS_APP_HOME_DIR=" ${APP_HOME_DIR:-/ var/ www/ app} "
1016OPTS_SERVICE_USER=" ${SERVICE_USER:- app} "
1117OPTS_SERVICE_USER_GROUP=" ${SERVICE_USER_GROUP:- app-www} "
12- OPTS_SERVICE_USER_PASSWORD=" ${SERVICE_USER_PASSWORD:- $(get_password 8)} "
1318OPTS_SERVICE_USER_GROUP_PASSWORD=" ${SERVICE_USER_GROUP_PASSWORD:- $(get_password 8)} "
19+ OPTS_SERVICE_USER_PASSWORD=" ${SERVICE_USER_PASSWORD:- $(get_password 8)} "
1420OPTS_SUEXECUSERGROUP=" ${SUEXECUSERGROUP:- false} "
1521
16- OPTS_APACHE_SERVER_NAME=" ${APACHE_SERVER_NAME:- $(hostname)} "
17- OPTS_APACHE_MOD_SSL_ENABLED=" ${APACHE_MOD_SSL_ENABLED:- false} "
18-
19- if [[ ! -d ${APP_HOME_DIR} ]] && [[ -d ${APP_HOME_DIR_TEMPLATE} ]]; then
20- echo Recreate the ${APP_HOME_DIR} directory...
21- mkdir -p ${APP_HOME_DIR}
22+ if [[ ! -d ${OPTS_APP_HOME_DIR} ]] && [[ -d ${OPTS_APP_HOME_DIR_TEMPLATE} ]]; then
23+ echo " Recreate the ${OPTS_APP_HOME_DIR} directory."
24+ mkdir -p ${OPTS_APP_HOME_DIR}
2225fi
2326
24- if [[ ! -n $( find ${APP_HOME_DIR } -maxdepth 1 -type f) && [[ -d ${APP_HOME_DIR_TEMPLATE} ]]; then
25- echo Home directory ${APP_HOME_DIR} exists but is empty - populate it using ${APP_HOME_DIR_TEMPLATE} ...
26- cp -rf ${APP_HOME_DIR_TEMPLATE} /. ${APP_HOME_DIR } /
27+ if [[ -z $( find ${OPTS_APP_HOME_DIR } -maxdepth 1 -type f) && [[ -d ${APP_HOME_DIR_TEMPLATE} ]]; then
28+ echo " Home directory ${OPTS_APP_HOME_DIR} is empty - populate it using ${APP_HOME_DIR_TEMPLATE} ."
29+ cp -rf ${APP_HOME_DIR_TEMPLATE} /. ${OPTS_APP_HOME_DIR } /
2730fi
2831
2932# Document root directory is required
30- if [[ ! -d ${APP_HOME_DIR } /public_html ]]; then
31- echo ERROR: ${APP_HOME_DIR } /public_html not found.
33+ if [[ ! -d ${OPTS_APP_HOME_DIR } /public_html ]]; then
34+ echo " ERROR: ${OPTS_APP_HOME_DIR } /public_html not found."
3235 exit 1
3336fi
3437
38+ if [[ ${OPTS_APP_HOME_DIR} != /var/www/app ]]; then
39+ unlink /home/app && ln -s ${OPTS_APP_HOME_DIR} /home/app
40+ fi
41+
3542# If users need to change the vhost.conf the SSL version can be rebuilt if it is deleted
36- if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == " true" && [[ ! -f ${APP_HOME_DIR } /vhost-ssl.conf ]] && [[ -f ${APP_HOME_DIR } /vhost.conf ]]; then
37- echo Rebuilding the SSL VirtualHost configuration...
38- cp -pf ${APP_HOME_DIR } /vhost.conf ${APP_HOME_DIR } /vhost-ssl.conf
43+ if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == " true" && [[ ! -f ${OPTS_APP_HOME_DIR } /vhost-ssl.conf ]] && [[ -f ${OPTS_APP_HOME_DIR } /vhost.conf ]]; then
44+ echo " Rebuilding the SSL VirtualHost configuration."
45+ cp -pf ${OPTS_APP_HOME_DIR } /vhost.conf ${OPTS_APP_HOME_DIR } /vhost-ssl.conf
3946
4047 # Enable the SSL VirtualHosts configuration
4148 sed -i \
@@ -47,70 +54,72 @@ if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == "true" ]] && [[ ! -f ${APP_HOME_DIR}/vho
4754 -e ' s~#SSLCipherSuite \(.*\)$~SSLCipherSuite \1~g'
4855 -e ' s~#SSLCertificateFile \(.*\)$~SSLCertificateFile \1~g'
4956 -e ' s~#SSLCertificateKeyFile \(.*\)$~SSLCertificateKeyFile \1~g'
50- ${APP_HOME_DIR } /vhost-ssl.conf
57+ ${OPTS_APP_HOME_DIR } /vhost-ssl.conf
5158fi
5259
5360# Enable/Disable SSL support
54- if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == " true" ; then
55- echo Enabling SSL support...
61+ if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == true ]]; then
62+ echo " Enabling SSL support."
5663 cat /etc/httpd/conf.d/ssl.conf.off > /etc/httpd/conf.d/ssl.conf
5764
5865 sed -i \
5966 -e ' s~^#NameVirtualHost \*:443$~NameVirtualHost \*:443~g'
60- -e ' s~^#Include ${APP_HOME_DIR }/vhost-ssl.conf$~Include ${APP_HOME_DIR }/vhost-ssl.conf~g'
67+ -e ' s~^#Include ${OPTS_APP_HOME_DIR }/vhost-ssl.conf$~Include ${OPTS_APP_HOME_DIR }/vhost-ssl.conf~g'
6168 /etc/httpd/conf/httpd.conf
6269
6370 if [[ ! -f /etc/services-config/ssl/private/localhost.key ]] || [[ ! -f /etc/services-config/ssl/certs/localhost.crt ]]; then
64- echo Generating new certificate...
65- openssl req -x509 -nodes -newkey rsa:4096 \
66- -days 365 \
67- -subj " /C=--/ST=STATE/L=LOCALITY/O=ORGANIZATION/CN=${OPTS_APACHE_SERVER_NAME} "
68- -keyout /etc/services-config/ssl/private/localhost.key \
69- -out /etc/services-config/ssl/certs/localhost.crt
71+ echo " Generating new certificate."
72+ openssl req \
73+ -x509 \
74+ -nodes \
75+ -newkey rsa:4096 \
76+ -days 365 \
77+ -subj " /C=--/ST=STATE/L=LOCALITY/O=ORGANIZATION/CN=${OPTS_APACHE_SERVER_NAME} "
78+ -keyout /etc/services-config/ssl/private/localhost.key \
79+ -out /etc/services-config/ssl/certs/localhost.crt
7080 fi
7181
7282 openssl x509 -in /etc/services-config/ssl/certs/localhost.crt -text
7383else
74- echo Disabling SSL support...
84+ echo " Disabling SSL support."
7585 > /etc/httpd/conf.d/ssl.conf
7686
7787 sed -i \
7888 -e ' s~^NameVirtualHost \*:443$~#NameVirtualHost \*:443~g'
79- -e ' s~^Include ${APP_HOME_DIR }/vhost-ssl.conf$~#Include ${APP_HOME_DIR }/vhost-ssl.conf~g'
89+ -e ' s~^Include ${OPTS_APP_HOME_DIR }/vhost-ssl.conf$~#Include ${OPTS_APP_HOME_DIR }/vhost-ssl.conf~g'
8090 /etc/httpd/conf/httpd.conf
8191fi
8292
8393# Set the service user / service group user
84- if getent passwd app && [[ ${OPTS_SERVICE_USER} != " app" ; then
94+ if getent passwd app && [[ ${OPTS_SERVICE_USER} != app ]]; then
8595 usermod -l ${OPTS_SERVICE_USER} app
8696fi
8797
88- if getent passwd app-www && [[ ${OPTS_SERVICE_USER_GROUP} != " app-www" ; then
98+ if getent passwd app-www && [[ ${OPTS_SERVICE_USER_GROUP} != app-www ]]; then
8999 usermod -l ${OPTS_SERVICE_USER_GROUP} app-www
90100fi
91101
92102# Set the Apache (run) service user/group
93- if [[ ${OPTS_SUEXECUSERGROUP} == " true" ; then
103+ if [[ ${OPTS_SUEXECUSERGROUP} == true ]]; then
94104 sed -i -e " s~^User .*$~User ${OPTS_SERVICE_USER_GROUP} ~g"
95105 -e " s~^Group .*$~Group ${OPTS_SERVICE_USER_GROUP} ~g"
96- sed -i -e ' s~#SuexecUserGroup \(.*\)$~SuexecUserGroup \1~g' ${APP_HOME_DIR } /vhost.conf
97- sed -i -e ' s~#SuexecUserGroup \(.*\)$~SuexecUserGroup \1~g' ${APP_HOME_DIR } /vhost-ssl.conf
106+ sed -i -e ' s~#SuexecUserGroup \(.*\)$~SuexecUserGroup \1~g' ${OPTS_APP_HOME_DIR } /vhost.conf
107+ sed -i -e ' s~#SuexecUserGroup \(.*\)$~SuexecUserGroup \1~g' ${OPTS_APP_HOME_DIR } /vhost-ssl.conf
98108 chown -R 502:502 /var/{www/app-bin,run/mod_fcgid}
99109else
100110 sed -i -e " s~^User .*$~User apache~g"
101111 -e " s~^Group .*$~Group apache~g"
102- sed -i -e ' s~\([^#]\)SuexecUserGroup \(.*\)$~\1#SuexecUserGroup \2~g' ${APP_HOME_DIR } /vhost.conf
103- sed -i -e ' s~\([^#]\)SuexecUserGroup \(.*\)$~\1#SuexecUserGroup \2~g' ${APP_HOME_DIR } /vhost-ssl.conf
112+ sed -i -e ' s~\([^#]\)SuexecUserGroup \(.*\)$~\1#SuexecUserGroup \2~g' ${OPTS_APP_HOME_DIR } /vhost.conf
113+ sed -i -e ' s~\([^#]\)SuexecUserGroup \(.*\)$~\1#SuexecUserGroup \2~g' ${OPTS_APP_HOME_DIR } /vhost-ssl.conf
104114 chown -R apache:apache /var/{www/app-bin,run/mod_fcgid}
105115fi
106116
107117# Update any existing instances of php-wrapper path in the Virtual Host
108- sed -i -e ' s~app/bin/php-wrapper~app-bin/php-wrapper~g' ${APP_HOME_DIR } /vhost.conf
109- sed -i -e ' s~app/bin/php-wrapper~app-bin/php-wrapper~g' ${APP_HOME_DIR } /vhost-ssl.conf
118+ sed -i -e ' s~app/bin/php-wrapper~app-bin/php-wrapper~g' ${OPTS_APP_HOME_DIR } /vhost.conf
119+ sed -i -e ' s~app/bin/php-wrapper~app-bin/php-wrapper~g' ${OPTS_APP_HOME_DIR } /vhost-ssl.conf
110120
111- echo Loading Apache modules...
112- for MODULE in ${APACHE_LOAD_MODULES}
113- do
121+ echo " Loading Apache modules."
122+ for MODULE in ${APACHE_LOAD_MODULES} ; do
114123 echo " - ${MODULE} "
115124 sed -i \
116125 -e " s~^#LoadModule ${MODULE} ~LoadModule ${MODULE} ~g"
0 commit comments