X-Git-Url: http://gitweb.hugovil.com/?a=blobdiff_plain;f=stage3%2Fcis-apache;h=2a4fe27387013f3da4f31f981bbda2fa6cc13477;hb=b5bfb2006502b57fab234345a2393fd04e6d55ad;hp=e1eb209ec8936886fcf0b62e1b744f08aac0e41f;hpb=16cc35ba4890382ee9368a176e4f5a7fa773b7a6;p=hvlinux.git diff --git a/stage3/cis-apache b/stage3/cis-apache index e1eb209..2a4fe27 100755 --- a/stage3/cis-apache +++ b/stage3/cis-apache @@ -1,4 +1,6 @@ #!/bin/sh +set -o errexit + # First argument of this script is the package name # Reading system configuration informations, functions and package versions. @@ -6,31 +8,29 @@ source ../sysinfos source ../functions source ../packages-list -CUR_DIR=$(pwd) - # Applying patches (if any) -apply_patches ${1} && +apply_patches ${1} -hv_groupadd ${APACHE_USER} && -hv_useradd -c WebServer -d /dev/null -g ${APACHE_USER} -s /bin/false ${APACHE_USER} && +hv_groupadd ${APACHE_USER} +hv_useradd -c WebServer -d /dev/null -g ${APACHE_USER} -s /bin/false ${APACHE_USER} -cd ${LFS_TMP}/${1}-build && +cd ${LFS_TMP}/${1}-build ../${1}/configure \ --enable-layout=FHS \ --enable-mods-shared=all \ --enable-ssl \ - --with-z && + --with-z # --enable-rewrite \ # --enable-deflate \ # --enable-dav \ -make && -make install && +make +make install # There's a problem with the ISAPI DSO module caused from compiling with GCC-4.1.2. # Commenting out the module from the configuration: if grep "LoadModule isapi_module" /etc/apache/httpd.conf 1> /dev/null 2>&1; then sed -i -e "s/^LoadModule isapi_module/# &/" /etc/apache/httpd.conf -fi && +fi # Modifying the listening port if an alternate one is specified. if [ -n "${HTTPD_PORT}" ]; then @@ -38,87 +38,86 @@ if [ -n "${HTTPD_PORT}" ]; then # Adding alternate port to default port of 80 sed -i -e "s%\(Listen 80\)%\1\nListen ${HTTPD_PORT}%" /etc/apache/httpd.conf fi -fi && +fi # Modifying the configuration file to run the server as a dedicated user: sed -i \ -e "s!^\(User\).*!\1 ${APACHE_USER}!g" \ -e "s!^\(Group\).*!\1 ${APACHE_USER}!g" \ - /etc/apache/httpd.conf && + /etc/apache/httpd.conf # SSL Certificates generation script -cat > /etc/apache/generate-ssl-certs << "EOF" && +cat > /etc/apache/generate-ssl-certs << "EOF" #!/bin/sh # Creation of SSL directories for Apache -cd /etc/apache && -mkdir -p ssl && +cd /etc/apache +mkdir -p ssl -cd ssl && +cd ssl -echo "-------------------------------------------------" && -echo "Generation of the RSA private key" && -echo "-------------------------------------------------" && -openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 && +echo "-------------------------------------------------" +echo "Generation of the RSA private key" +echo "-------------------------------------------------" +openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 -echo "-------------------------------------------------" && -echo "Removing pass-phrase from the private key" && -echo "-------------------------------------------------" && -cp server.key server.key.orig && -openssl rsa -in server.key.orig -out server.key && +echo "-------------------------------------------------" +echo "Removing pass-phrase from the private key" +echo "-------------------------------------------------" +cp server.key server.key.orig +openssl rsa -in server.key.orig -out server.key # The unencrypted key must be readable only by root! -chown root:root server.* && -chmod 0400 server.* && - -echo "-------------------------------------------------" && -echo "Generation of a Certificate Signing Request (CSR)" && -echo "" && -echo "Example fields:" && -echo "Country name: CA" && -echo "State or Province Name: Quebec" && -echo "Locality Name: Montreal" && -echo "Organization Name: Hugo Villeneuve" && -echo "Organizational Unit Name: ." && -echo "Common Name: www.hugovil.com" && -echo "Email Address: webmaster@hugovil.com" && -echo "" && -echo "Please enter the following 'extra' attributes" && -echo "to be sent with your certificate request" && -echo "A challenge password []: (press enter) " && -echo "An optional company name []: (press enter) " && -echo "" && -echo "-------------------------------------------------" && - -openssl req -new -key server.key -out server.csr && - -echo "-------------------------------------------------" && -echo "Generation of a self-signed certificate" && -echo "-------------------------------------------------" && -openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt && +chown root:root server.* +chmod 0400 server.* + +echo "-------------------------------------------------" +echo "Generation of a Certificate Signing Request (CSR)" +echo "" +echo "Example fields:" +echo "Country name: CA" +echo "State or Province Name: Quebec" +echo "Locality Name: Montreal" +echo "Organization Name: Hugo Villeneuve" +echo "Organizational Unit Name: ." +echo "Common Name: www.hugovil.com" +echo "Email Address: webmaster@hugovil.com" +echo "" +echo "Please enter the following 'extra' attributes" +echo "to be sent with your certificate request" +echo "A challenge password []: (press enter) " +echo "An optional company name []: (press enter) " +echo "" +echo "-------------------------------------------------" + +openssl req -new -key server.key -out server.csr + +echo "-------------------------------------------------" +echo "Generation of a self-signed certificate" +echo "-------------------------------------------------" +openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt exit $? EOF -chmod 740 /etc/apache/generate-ssl-certs && +chmod 740 /etc/apache/generate-ssl-certs -mkdir -p /etc/apache/ssl && -cp /etc/apache/extra/httpd-ssl.conf /etc/apache/ssl/ssl.conf && +mkdir -p /etc/apache/ssl +cp /etc/apache/extra/httpd-ssl.conf /etc/apache/ssl/ssl.conf -sed -i -e "s!^!\n Include /etc/apache/ssl/ssl.conf!" /etc/apache/httpd.conf && +sed -i -e "s!^!\n Include /etc/apache/ssl/ssl.conf!" /etc/apache/httpd.conf -mkdir -p /srv/www/htdocs/ssl && -chown apache:apache /srv/www/htdocs/ssl && +mkdir -p /srv/www/htdocs/ssl +chown apache:apache /srv/www/htdocs/ssl -sed -i -e "s!^DocumentRoot .*!DocumentRoot /srv/www/htdocs/ssl!" /etc/apache/ssl/ssl.conf && -sed -i -e "s!^ServerName .*:443!ServerName www.${DOMAIN}:443!" /etc/apache/ssl/ssl.conf && -sed -i -e "s!^ServerAdmin .*!ServerAdmin webmaster@${DOMAIN}!" /etc/apache/ssl/ssl.conf && -sed -i -e "s!/etc/apache!/etc/apache/ssl!" /etc/apache/ssl/ssl.conf && +sed -i -e "s!^DocumentRoot .*!DocumentRoot /srv/www/htdocs/ssl!" /etc/apache/ssl/ssl.conf +sed -i -e "s!^ServerName .*:443!ServerName www.${DOMAIN}:443!" /etc/apache/ssl/ssl.conf +sed -i -e "s!^ServerAdmin .*!ServerAdmin webmaster@${DOMAIN}!" /etc/apache/ssl/ssl.conf +sed -i -e "s!/etc/apache!/etc/apache/ssl!" /etc/apache/ssl/ssl.conf # Bootscript -install -v -m740 ${CUR_DIR}/bootscripts/apache /etc/rc.d/init.d && +install -v -m740 ${SCRDIR}/bootscripts/apache /etc/rc.d/init.d # script-name start stop bootscript_add_rc3 apache 70 20 -# Return last error exit $?