#!/bin/sh # First argument of this script is the package name # Reading system configuration informations, functions and package versions. source ../sysinfos source ../functions source ../packages-list CUR_DIR=$(pwd) # Applying patches (if any) apply_patches ${1} && hv_groupadd ${APACHE_USER} && hv_useradd -c WebServer -d /dev/null -g ${APACHE_USER} -s /bin/false ${APACHE_USER} && cd ${LFS_TMP}/${1}-build && ../${1}/configure \ --enable-layout=FHS \ --enable-mods-shared=all \ --enable-ssl \ --with-z && # --enable-rewrite \ # --enable-deflate \ # --enable-dav \ make && make install && # There's a problem with the ISAPI DSO module caused from compiling with GCC-4.1.2. # Commenting out the module from the configuration: if grep "LoadModule isapi_module" /etc/apache/httpd.conf 1> /dev/null 2>&1; then sed -i -e "s/^LoadModule isapi_module/# &/" /etc/apache/httpd.conf fi && # Modifying the listening port if an alternate one is specified. if [ -n "${HTTPD_PORT}" ]; then if ! grep "Listen ${HTTPD_PORT}" /etc/apache/httpd.conf 1> /dev/null 2>&1; then # Adding alternate port to default port of 80 sed -i -e "s%$Listen 80$%\1\nListen ${HTTPD_PORT}%" /etc/apache/httpd.conf fi fi && # Modifying the configuration file to run the server as a dedicated user: sed -i \ -e "s!^$User$.*!\1 ${APACHE_USER}!g" \ -e "s!^$Group$.*!\1 ${APACHE_USER}!g" \ /etc/apache/httpd.conf && # SSL Certificates generation script cat > /etc/apache/generate-ssl-certs << "EOF" && #!/bin/sh # Creation of SSL directories for Apache cd /etc/apache && mkdir -p ssl && cd ssl && echo "-------------------------------------------------" && echo "Generation of the RSA private key" && echo "-------------------------------------------------" && openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 && echo "-------------------------------------------------" && echo "Removing pass-phrase from the private key" && echo "-------------------------------------------------" && cp server.key server.key.orig && openssl rsa -in server.key.orig -out server.key && # The unencrypted key must be readable only by root! chown root:root server.* && chmod 0400 server.* && echo "-------------------------------------------------" && echo "Generation of a Certificate Signing Request (CSR)" && echo "" && echo "Example fields:" && echo "Country name: CA" && echo "State or Province Name: Quebec" && echo "Locality Name: Montreal" && echo "Organization Name: Hugo Villeneuve" && echo "Organizational Unit Name: ." && echo "Common Name: www.hugovil.com" && echo "Email Address: webmaster@hugovil.com" && echo "" && echo "Please enter the following 'extra' attributes" && echo "to be sent with your certificate request" && echo "A challenge password []: (press enter) " && echo "An optional company name []: (press enter) " && echo "" && echo "-------------------------------------------------" && openssl req -new -key server.key -out server.csr && echo "-------------------------------------------------" && echo "Generation of a self-signed certificate" && echo "-------------------------------------------------" && openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt && exit $? EOF chmod 740 /etc/apache/generate-ssl-certs && mkdir -p /etc/apache/ssl && cp /etc/apache/extra/httpd-ssl.conf /etc/apache/ssl/ssl.conf && sed -i -e "s!^!\n Include /etc/apache/ssl/ssl.conf!" /etc/apache/httpd.conf && mkdir -p /srv/www/htdocs/ssl && chown apache:apache /srv/www/htdocs/ssl && sed -i -e "s!^DocumentRoot .*!DocumentRoot /srv/www/htdocs/ssl!" /etc/apache/ssl/ssl.conf && sed -i -e "s!^ServerName .*:443!ServerName www.${DOMAIN}:443!" /etc/apache/ssl/ssl.conf && sed -i -e "s!^ServerAdmin .*!ServerAdmin webmaster@${DOMAIN}!" /etc/apache/ssl/ssl.conf && sed -i -e "s!/etc/apache!/etc/apache/ssl!" /etc/apache/ssl/ssl.conf && # Bootscript install -v -m740 ${CUR_DIR}/bootscripts/apache /etc/rc.d/init.d && # script-name start stop bootscript_add_rc3 apache 70 20 # Return last error exit $?