diff options
author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-07-08 06:38:07 +0000 |
---|---|---|
committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-07-08 06:38:07 +0000 |
commit | 211c686bc6d05d8d05e5490b9a9f612619461abc (patch) | |
tree | bb8f56afb24f2b52ea92598babff7d94fd70da10 /sca-cpp/trunk/modules/http | |
parent | f6a51224cc350c7d3b42b15051a9c074cce48b5d (diff) |
More changes to get both single and mass dynamic virtual hosting working with HTTP and HTTPS.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@961589 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | sca-cpp/trunk/modules/http/Makefile.am | 2 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 35 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 50 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/http/httpd.hpp | 29 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/ssl-ca-conf (renamed from sca-cpp/trunk/modules/http/httpd-ca-conf) | 0 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/ssl-cert-conf (renamed from sca-cpp/trunk/modules/http/httpd-cert-conf) | 15 |
6 files changed, 105 insertions, 26 deletions
diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am index 795137b6ca..f25ef170c9 100644 --- a/sca-cpp/trunk/modules/http/Makefile.am +++ b/sca-cpp/trunk/modules/http/Makefile.am @@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE} incl_HEADERS = *.hpp incldir = $(prefix)/include/modules/http -dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart httpd-ca-conf httpd-cert-conf httpd-ssl-conf +dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf moddir=$(prefix)/modules/http curl_test_SOURCES = curl-test.cpp diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index a6ba048f67..70c0b295af 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -30,13 +30,7 @@ htdocs=`readlink -f $4` user=`id -un` group=`id -gn` modules_prefix=`cat $here/httpd-modules.prefix` -if [ "$5" = "vhost" ]; then - vhost="VirtualDocumentRoot $htdocs/domains/%1/" - maxr="MaxRequestsPerChild 1" -else - vhost="#VirtualDocumentRoot $htdocs/domains/%1/" - maxr="#MaxRequestsPerChild 1" -fi +vhost=$5 mkdir -p $root mkdir -p $root/logs @@ -123,19 +117,34 @@ Options FollowSymLinks Allow from all </Location> -# Setup HTTP virtual host +# Setup HTTP virtual hosts Listen $port -<VirtualHost _default_:$port> + +<VirtualHost *:$port> ServerName http://$host:$pport UseCanonicalName Off -UseCanonicalPhysicalPort Off +</VirtualHost> + +EOF +# Generate mass dynamic virtual hosting configuration +if [ "$vhost" = "vhost" ]; then + +cat >>$root/conf/httpd.conf <<EOF # Setup mass dynamic virtual hosting -$vhost +NameVirtualHost *:$port + +<VirtualHost *:$port> +ServerName http://vhost.$host:$pport +ServerAlias *.$host +UseCanonicalName Off +VirtualDocumentRoot $htdocs/domains/%1/ </VirtualHost> -# Isolate dynamic virtual hosts -$maxr +# Isolate virtual host based requests +MaxRequestsPerChild 1 EOF +fi + diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 04ca61dba0..f6082dea14 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -28,6 +28,7 @@ if [ "$sslpport" = "" ]; then fi htdocs=`readlink -f $4` httpd_prefix=`cat $here/httpd.prefix` +vhost=$5 # Extract organization name from our CA certificate org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'` @@ -51,19 +52,31 @@ SSLMutex "file:$root/logs/ssl_mutex" SSLRandomSeed startup builtin SSLRandomSeed connect builtin -# HTTPS virtual host +# Setup HTTPS virtual hosts Listen $sslport -<VirtualHost _default_:$sslport> + +SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateFile "$root/conf/server.crt" +SSLCertificateKeyFile "$root/conf/server.key" + +<VirtualHost *:$sslport> ServerName https://$host:$sslpport UseCanonicalName Off -UseCanonicalPhysicalPort Off # Enable SSL +Include conf/ssl-vhost.conf +</VirtualHost> + +# Route all wiring through HTTPS +SCAWiringServerName https://$host:$sslpport + +EOF + +# Generate VirtualHost SSL configuration +cat >$root/conf/ssl-vhost.conf <<EOF +# Enable SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL -SSLCACertificateFile "$root/conf/ca.crt" -SSLCertificateFile "$root/conf/server.crt" -SSLCertificateKeyFile "$root/conf/server.key" BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # Logging @@ -88,12 +101,35 @@ AuthType Basic AuthName "$host" AuthUserFile "$root/conf/httpd.passwd" Require valid-user -</location> +</Location> + +EOF + +# Generate mass dynamic virtual hosting configuration +if [ "$vhost" = "vhost" ]; then + +cat >>$root/conf/httpd.conf <<EOF +# Setup mass dynamic virtual hosting +NameVirtualHost *:$sslport +SSLStrictSNIVHostCheck Off +<VirtualHost *:$sslport> +ServerName https://vhost.$host:$sslpport +ServerAlias *.$host +UseCanonicalName Off +VirtualDocumentRoot $htdocs/domains/%1/ + +# Enable SSL +SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateFile "$root/conf/vhost.crt" +SSLCertificateKeyFile "$root/conf/vhost.key" +Include conf/ssl-vhost.conf </VirtualHost> EOF +fi + # Create test users for HTTP basic authentication $httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp index bd4f6e8ada..05403a5897 100644 --- a/sca-cpp/trunk/modules/http/httpd.hpp +++ b/sca-cpp/trunk/modules/http/httpd.hpp @@ -100,6 +100,35 @@ const string serverName(request_rec* r) { } /** + * Return the host name for a server. + */ +const string hostName(const server_rec* s) { + return s->server_hostname != NULL? s->server_hostname : "localhost"; +} + +/** + * Return the host name from an HTTP request. + */ +const string hostName(request_rec* r) { + const char* hn = ap_get_server_name(r); + return hn != NULL? hn : (r->server->server_hostname != NULL? r->server->server_hostname : "localhost"); +} + +/** + * Return the first subdomain name in a host name. + */ +const string subdomain(const string& host) { + return substr(host, 0, find(host, '.')); +} + +/** + * Return true if a request is targeting a virtual host. + */ +const bool isVirtualHostRequest(const server_rec* s, request_rec* r) { + return serverName(r) != serverName(s); +} + +/** * Return the content type of a request. */ const char* optional(const char* s) { diff --git a/sca-cpp/trunk/modules/http/httpd-ca-conf b/sca-cpp/trunk/modules/http/ssl-ca-conf index c5a3f8e894..c5a3f8e894 100755 --- a/sca-cpp/trunk/modules/http/httpd-ca-conf +++ b/sca-cpp/trunk/modules/http/ssl-ca-conf diff --git a/sca-cpp/trunk/modules/http/httpd-cert-conf b/sca-cpp/trunk/modules/http/ssl-cert-conf index b6dc8ebd6f..a7a1103d1a 100755 --- a/sca-cpp/trunk/modules/http/httpd-cert-conf +++ b/sca-cpp/trunk/modules/http/ssl-cert-conf @@ -21,16 +21,21 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` host=$2 +if [ "$3" != "" ]; then + certname=$3 +else + certname="server" +fi # Don't regenerate the certificate if it already exists -if [ -f $root/conf/server.crt ]; then +if [ -f $root/conf/$certname.crt ]; then return 0 fi # Generate openssl configuration mkdir -p $root/conf umask 0007 -cat >$root/conf/openssl-cert.conf <<EOF +cat >$root/conf/openssl-cert-$certname.conf <<EOF [ req ] default_bits = 1024 encrypt_key = no @@ -48,11 +53,11 @@ emailAddress = root@$host EOF # Generate a certificate request -openssl req -new -config $root/conf/openssl-cert.conf -out $root/conf/server-req.crt -keyout $root/conf/server.key +openssl req -new -config $root/conf/openssl-cert-$certname.conf -out $root/conf/$certname-req.crt -keyout $root/conf/$certname.key # Generate a certificate, signed with our test certification authority certificate -openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/server.crt -infiles $root/conf/server-req.crt +openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/$certname.crt -infiles $root/conf/$certname-req.crt # Export it to PKCS12 format, that's the format Web browsers want to import -openssl pkcs12 -export -passout pass: -out $root/conf/server.p12 -inkey $root/conf/server.key -in $root/conf/server.crt -certfile $root/conf/ca.crt +openssl pkcs12 -export -passout pass: -out $root/conf/$certname.p12 -inkey $root/conf/$certname.key -in $root/conf/$certname.crt -certfile $root/conf/ca.crt |