diff options
Diffstat (limited to '')
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 68 |
1 files changed, 33 insertions, 35 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 118ed708be..f2f8b01614 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -20,21 +20,24 @@ # Generate a minimal HTTPD SSL configuration here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` -host=$2 -sslport=`echo $3 | awk -F "/" '{ print $1 }'` -sslpport=`echo $3 | awk -F "/" '{ print $2 }'` +conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` +host=`echo $conf | awk '{ print $6 }'` +port=`echo $conf | awk '{ print $7 }' | awk -F "/" '{ print $1 }'` +sslport=`echo $2 | awk -F "/" '{ print $1 }'` +sslpport=`echo $2 | awk -F "/" '{ print $2 }'` if [ "$sslpport" = "" ]; then sslpport=$sslport fi -htdocs=`readlink -f $4` +htdocs=`echo $conf | awk '{ print $8 }'` +htdocs=`readlink -f $htdocs` httpd_prefix=`cat $here/httpd.prefix` -vhost=$5 # Extract organization name from our CA certificate org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'` # Generate HTTPD configuration cat >>$root/conf/httpd.conf <<EOF +# Generated by: httpd-ssl-conf $* # Redirect all HTTP traffic to HTTPS <Location /> RewriteEngine on @@ -52,27 +55,20 @@ SSLMutex "file:$root/logs/ssl_mutex" SSLRandomSeed startup builtin SSLRandomSeed connect builtin -# Setup HTTPS virtual hosts +# Setup HTTPS virtual host Listen $sslport -SSLCACertificateFile "$root/conf/ca.crt" -SSLCertificateFile "$root/conf/server.crt" -SSLCertificateKeyFile "$root/conf/server.key" - <VirtualHost *:$sslport> ServerName https://$host:$sslpport -UseCanonicalName Off -# Enable SSL -Include conf/ssl-vhost.conf +Include conf/ssl-svhost.conf # Allow the server admin to view the server status <Location /server-status> SetHandler server-status HostnameLookups on Deny from All -Allow from localhost -Allow from $host +Allow from all Require user admin </Location> @@ -81,13 +77,14 @@ Require user admin # Report extended server status ExtendedStatus On -# Route all wiring through HTTPS -SCAWiringServerName https://$host:$sslpport - EOF -# Generate VirtualHost SSL configuration +# Generate HTTPS vhost configuration cat >$root/conf/ssl-vhost.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Virtual host configuration +UseCanonicalName Off + # Enable SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL @@ -119,31 +116,32 @@ Require valid-user EOF -# Generate mass dynamic virtual hosting configuration -if [ "$vhost" = "vhost" ]; then +cat >$root/conf/ssl-svhost.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Static virtual host configuration +Include conf/ssl-vhost.conf -cat >>$root/conf/httpd.conf <<EOF -# Setup mass dynamic virtual hosting -NameVirtualHost *:$sslport -SSLStrictSNIVHostCheck Off +# Configure SSL certificates +SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateChainFile "$root/conf/ca.crt" +SSLCertificateFile "$root/conf/server.crt" +SSLCertificateKeyFile "$root/conf/server.key" -<VirtualHost *:$sslport> -ServerName https://vhost.$host:$sslpport -ServerAlias *.$host -UseCanonicalName Off -VirtualDocumentRoot $htdocs/domains/%1/ +EOF -# Enable SSL +cat >$root/conf/ssl-dvhost.conf <<EOF +# Mass dynamic virtual host configuration +# Generated by: httpd-ssl-conf $* +Include conf/ssl-vhost.conf + +# Configure SSL certificates SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateChainFile "$root/conf/ca.crt" SSLCertificateFile "$root/conf/vhost.crt" SSLCertificateKeyFile "$root/conf/vhost.key" -Include conf/ssl-vhost.conf -</VirtualHost> EOF -fi - # Create test users for HTTP basic authentication $httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null |