diff --git a/apacheconfig b/apacheconfig
index ec52ddf..6f824b6 100755
--- a/apacheconfig
+++ b/apacheconfig
@@ -16,6 +16,19 @@ OPTIONS
Créer un nouveau répertoire de configuration pour un hôte
-d, --destdir DESTDIR[=$TEMPLATECTL_NAME]
Nom du répertoire local de configuration.
+ -f,--full
+ --partial
+ Indiquer respectivement que la configuration est complète ou partielle.
+ Avec la configuration complète, le serveur peut être complètement
+ configuré avec tous les fichiers présents. Avec la configuration
+ partielle, uniquement les informations spécifiques à un service en
+ particulier sont disponibles.
+ Cette option est utilisée avec --create. Par défaut, la configuration
+ est partielle.
+ Pour le moment, la seule différence est que --full crée un fichier de
+ configuration nommé .apacheconfig alors que --partial crée un fichier
+ nommé apacheconfig.conf qui est visible et donc découvrable et éditable
+ plus facilement
-t, --template [OPT]
Gérer les fichiers du répertoire local avec templatectl. La valeur de
@@ -46,9 +59,12 @@ OPTIONS
Lors du déploiement de la configuration, les valeurs des variables
dynamiques sont remplacées dans les fichiers destination.
Les arguments qui restent sont passés tels quels à apache_autoconf
+ -N, --network-config
+ Mettre aussi à jour la configuration réseau.
-r, --certsdir CERTSDIR
Spécifier le cas échéant le répertoire contenant les certificats à
- déployer. Cet argument est requis si le répertoire certsconf/ existe.
+ déployer. Cet argument est requis si le répertoire certsconf/ existe,
+ sauf si les certificats sont déjà déployés.
--localhosts
Créer dans le fichier /etc/hosts tous les noms d'hôte ayant un suffixe
@@ -63,24 +79,45 @@ OPTIONS
-S, --one-site SITE
Ne déployer que le fichier de site spécifié. Cette option est utilisée
avec --deploy ou --localhosts et est utile pour le développement et les
- tests."
+ tests.
+
+ -k, --new-site HOST.TLD
+ Créer une définition pour un nouveau site à partir des fichiers du
+ répertoires templates/
+ -K, --new-site-templatedir TEMPLATEDIR
+ Spécifier le répertoire source pour les templates de site utilisés par
+ l'option --new-site. Par défaut, utiliser le répertoire templates/ situé
+ dans le répertoire de configuration.
+ Si TEMPLATEDIR est un nom simple sans séparateur de chemin '/' et qu'un
+ répertoire templates/TEMPLATEDIR existe, alors prendre ce répertoire-là
+ comme source.
+ --new-site-force
+ Avec --new-site, utiliser le nom d'hôte fourni même s'il n'est pas
+ pleinement qualifié"
}
action=
destdir=
-nohideconfig=
+nohideconfig=auto
templateopt=
+FULLCONF=
+netconf=
aac_certsdir=
bits=
oneconf=
onemodule=
onesite=
+site_host=
+site_templdir=
+site_force=
args=(
--help '$exit_with display_help'
-c,--create action=create
-d:,--destdir: destdir=
--no-hideconfig nohideconfig=1
--hideconfig nohideconfig=
+ -f,--full FULLCONF=1
+ --partial FULLCONF=
-t::,--template:: '$set@ templateopt; action=template'
--help-template '$templateopt=-help; action=template'
-l,--list '$templateopt=l; action=template'
@@ -96,15 +133,23 @@ args=(
-8,--jessie '$array_add TEMPLATECTL_VARS sysver=jessie'
--bits: bits=
-u,--update,--deploy action=deploy
+ -N,--network-config netconf=1
-r:,--certsdir: aac_certsdir=
--localhosts action=localhosts
-C:,--one-conf: oneconf=
-M:,--one-module: onemodule=
-S:,--one-site: onesite=
+ -k:,--new-site: '$action=new-site; set@ site_host'
+ -K:,--new-site-templatedir: site_templdir=
+ --new-site-force site_force=
)
parse_args "$@"; set -- "${args[@]}"
-apacheconfig_loadconf "$destdir" || die
+if [ "$nohideconfig" == auto ]; then
+ [ -n "$FULLCONF" ] && nohideconfig= || nohideconfig=1
+fi
+
+apacheconfig_loadconf "$destdir" "$nohideconfig" || die
apacheconfig_sysinfos "$sysname" "$sysdist" "$sysver" "$bits"
################################################################################
@@ -128,7 +173,7 @@ if [ "$action" == create ]; then
ask_yesno "Le fichier $(ppath "$config") sera écrasé. Voulez-vous continuer?" O || die
rm -f "$config" || die
fi
- templatectl -d "$destdir" --config "$config" --no-load-vars -m --write-vars
+ templatectl -d "$destdir" --config "$config" ${nohideconfig:+--no-hide-config} --no-load-vars -m --write-vars
################################################################################
elif [ "$action" == template ]; then
@@ -142,7 +187,9 @@ elif [ "$action" == deploy -o "$action" == localhosts ]; then
[ -d "$destdir" ] || die "$destdir: répertoire introuvable"
args=(
- -d "$destdir" --$action ${aac_certsdir:+-r "$aac_certsdir"}
+ -d "$destdir" --$action
+ ${netconf:+--network-config}
+ ${aac_certsdir:+-r "$aac_certsdir"}
${oneconf:+--one-conf "$oneconf"}
${onemodule:+--one-module "$onemodule"}
${onesite:+--one-site "$onesite"}
@@ -160,11 +207,113 @@ elif [ "$action" == deploy -o "$action" == localhosts ]; then
apacheconfig_deploy \
"$destdir" "$aac_certsdir" \
"$config" "$oneconf" "$onemodule" "$onesite" \
- "$custom_sysinfos" "$sysname" "$sysdist" "$sysver" "$bits" || die
+ "$custom_sysinfos" "$sysname" "$sysdist" "$sysver" "$bits" \
+ "$netconf" || die
eend
elif [ "$action" == localhosts ]; then
etitle "Mise à jour de /etc/hosts"
apacheconfig_deploy_localhosts "$destdir" "$aac_certsdir" "$onesite" || die
eend
fi
+
+################################################################################
+elif [ "$action" == new-site ]; then
+ host="$site_host"
+ templdir="$site_templdir"
+ if [[ "$templdir" != */* ]] && [ -d "$destdir/templates/$templdir" ]; then
+ templdir="$destdir/templates/$templdir"
+ elif [ -z "$templdir" ]; then
+ templdir="$destdir/templates"
+ fi
+ [ -d "$templdir" ] || die "$templdir: répertoire introuvable"
+ force="$site_force"
+
+ clrtempl=
+ ssltempl=
+ certstempl=
+ wwwtempl=
+ array_from_lines templs "$(list_files "$templdir" "*SITE.conf")"
+ [ ${#templs[*]} -gt 0 ] && clrtempl="${templs[0]}"
+ array_from_lines templs "$(list_files "$templdir" "*SITE.ssl.conf")"
+ [ ${#templs[*]} -gt 0 ] && ssltempl="${templs[0]}"
+ array_from_lines templs "$(list_files "$templdir" "*SITE-certs.conf")"
+ [ ${#templs[*]} -gt 0 ] && certstempl="${templs[0]}"
+ array_from_lines templs "$(list_dirs "$templdir" "*SITE")"
+ [ ${#templs[*]} -gt 0 ] && wwwtempl="${templs[0]}"
+
+ found=
+ for i in "$clrtempl" "$ssltempl" "$certstempl" "$wwwtempl"; do
+ [ -n "$i" ] && { found=1; break; }
+ done
+ [ -n "$found" ] || die "Aucun template disponible"
+
+ if [ -z "$force" ] && [[ "$host" != *.* ]]; then
+ die "$host n'est pas un nom d'hôte pleinement qualifié"
+ fi
+
+ etitle "$host"
+ hostname="${host%%.*}"
+ clrconf="${clrtempl/SITE/$hostname}"
+ sslconf="${ssltempl/SITE/$hostname}"
+ certsconf="${certstempl/SITE/$hostname}"
+ wwwdir="${wwwtempl/SITE/$hostname}"
+
+ mkdir -p "$destdir/certsconf"
+ mkdir -p "$destdir/sites"
+
+ sedscript="\
+s/SITE.TLD/$host/g
+s/SITE/$hostname/g"
+
+ if [ -z "$clrtempl" ]; then
+ :
+ elif [ ! -f "$templdir/$clrtempl" ]; then
+ ewarn "Le fichier $(ppath "$templdir/$clrtempl") n'existe pas. La copie ne sera pas complète"
+ elif [ -f "$destdir/sites/$clrconf" ]; then
+ ewarn "Le fichier sites/$clrconf existe déjà. Il ne sera pas écrasé."
+ else
+ estep "sites/$clrconf"
+ sed "$sedscript" "$templdir/$clrtempl" >"$destdir/sites/$clrconf" || die
+ fi
+
+ if [ -z "$ssltempl" ]; then
+ :
+ elif [ ! -f "$templdir/$ssltempl" ]; then
+ ewarn "Le fichier $(ppath "$templdir/$ssltempl") n'existe pas. La copie ne sera pas complète"
+ elif [ -f "$destdir/sites/$sslconf" ]; then
+ ewarn "Le fichier sites/$sslconf existe déjà. Il ne sera pas écrasé."
+ else
+ estep "sites/$sslconf"
+ sed "$sedscript" "$templdir/$ssltempl" >"$destdir/sites/$sslconf" || die
+ fi
+
+ if [ -z "$certstempl" ]; then
+ :
+ elif [ ! -f "$templdir/$certstempl" ]; then
+ ewarn "Le fichier $(ppath "$templdir/$certstempl") n'existe pas. La copie ne sera pas complète"
+ elif [ -f "$destdir/certsconf/$certsconf" ]; then
+ ewarn "Le fichier certsconf/$certsconf exite déjà. Il ne sera pas écrasé."
+ else
+ estep "certsconf/$certsconf"
+ sed "$sedscript" "$templdir/$certstempl" >"$destdir/certsconf/$certsconf" || die
+ fi
+
+ if [ -z "$wwwtempl" ]; then
+ :
+ elif [ ! -d "$templdir/$wwwtempl" ]; then
+ ewarn "Le répertoire $(ppath "$templdir/$wwwtempl") n'existe pas. La copie ne sera pas complète"
+ elif [ -d "$destdir/$wwwdir" ]; then
+ ewarn "Le répertoire $wwwdir existe déjà. Il ne sera pas écrasé."
+ else
+ estep "$wwwdir"
+ cpdirnovcs "$templdir/$wwwtempl" "$destdir/$wwwdir" || die
+ sed -i "$sedscript" "$destdir/$wwwdir/.udir" || die
+ fi
+
+ eend
+
+ if [ -n "$wwwtempl" ]; then
+ eimportant "Ne pas oublier le cas échéant de mettre à jour HTDMAPPINGS dans $(ppath "$config") e.g.
+ HTDMAPPINGS=($wwwdir)"
+ fi
fi
diff --git a/lib/ulib/apache.tools b/lib/ulib/apache.tools
index 722b6e5..eaa8d8e 100644
--- a/lib/ulib/apache.tools
+++ b/lib/ulib/apache.tools
@@ -5,28 +5,101 @@
##@require sysinfos
##@require apache
uprovide apache.tools
-urequire base sysinfos apache
+urequire base sysinfos template apache
-function __apache_resolvcert() {
+function __apache_rc_destdir() {
+ [ -z "$3" ] && set_var "${1:-certsdir}" "$(get_APACHESSLCERTSDIR_prefix)"
+ [ -z "$4" ] && set_var "${2:-keysdir}" "$(get_APACHESSLKEYSDIR_prefix)"
+}
+
+function __apache_rc_loadconf() {
[ -n "$__rc_dir" ] || __rc_dir="$(dirname "$__rc_conf")"
eval "$(
source "$__rc_conf"
- set_var_cmd __rc_cert "$cert"
- set_var_cmd __rc_key "$key"
- set_var_cmd __rc_ca "$ca"
+ echo_setv __rc_cert "$cert"
+ echo_setv __rc_key "$key"
+ echo_setv __rc_ca "$ca"
)"
[ -n "$__rc_cert" ] && __rc_cert="$(abspath "$__rc_cert" "$__rc_dir")"
[ -n "$__rc_key" ] && __rc_key="$(abspath "$__rc_key" "$__rc_dir")"
[ -n "$__rc_ca" ] && __rc_ca="$(abspath "$__rc_ca" "$__rc_dir")"
}
-function __apache_checkvars() {
+function __apache_rc_resolveprefix() {
+ local __prefix __cert __key
+ local __certsdir="$1" __keysdir="$2"
+ __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir"
+
+ if [ -z "$__rc_cert" ]; then
+ # si pas de certificat, alors générer un préfixe pour chercher les
+ # fichiers
+ setx __prefix=basename "$__rc_conf"
+ __prefix="${__prefix%certs.conf}"
+ elif [ ! -f "$__rc_cert" ]; then
+ # si le fichier source n'existe pas, vérifier s'il existe dans la
+ # destination
+ setx __cert=basename "$__rc_cert"
+ setx __key=basename "$__rc_key"
+ if [ -f "$__certsdir/$__cert" -a -f "$__keysdir/$__key" ]; then
+ # parfait, les fichiers existent déjà à l'endroit prévu
+ :
+ else
+ # construire un préfixe avec le nom du fichier
+ __prefix="$__cert"
+ if [ "${__prefix%.pem}" != "$__prefix" ]; then
+ __prefix="${__prefix%.pem}"
+ elif [ "${__prefix%.crt}" != "$__prefix" ]; then
+ __prefix="${__prefix%.crt}"
+ fi
+ if [ -n "${__prefix//[0-9]/}" ]; then
+ # enlever le suffixe numérique, uniquement si le nom ne contient
+ # pas que des chiffres
+ while [ -n "$__prefix" -a "${__prefix%[0-9]}" != "$__prefix" ]; do
+ __prefix="${__prefix%[0-9]}"
+ done
+ fi
+ fi
+ fi
+
+ if [ -n "$__prefix" ]; then
+ local -a __certs
+ array_from_lines __certs "$(list_files "$__certsdir" "$__prefix*" | LANG=C sort -r)"
+ if [ ${#__certs[*]} -gt 0 ]; then
+ __cert="${__certs[0]}"
+ __key="${__cert%.*}.key"
+ __rc_cert="$__rc_dir/$__cert"
+ __rc_key="$__rc_dir/$__key"
+ fi
+ fi
+}
+
+function __apache_rc_checkfiles() {
+ local destdir="$1"; shift
+ local file
+ for file in "$@"; do
+ [ -n "$file" ] || continue
+ [ -f "$file" ] && continue
+ if [ -n "$destdir" -a -f "$destdir/$(basename "$file")" ]; then
+ [ -z "$__apache_rc_quiet" ] && ewarn "$file: fichier introuvable
+Le fichier existant $destdir/$(basename "$file") sera utilisé"
+ continue
+ fi
+ eerror "$file: fichier introuvable"
+ return 1
+ done
+ return 0
+}
+
+function __apache_rc_checkvars() {
+ local __certsdir="$1" __keysdir="$2"
+ __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir"
+
if [ -n "$__rc_cert" -a -z "$__rc_key" ]; then
local __rc_name __rc_ext
splitname "$__rc_cert" __rc_name __rc_ext
if [ "$__rc_ext" == "crt" -o "$__rc_ext" == "pem" ]; then
__rc_key="$__rc_name.key"
- enote "La clé privée n'a pas été spécifiée. La valeur $(ppath "$__rc_key") sera utilisée"
+ [ -z "$__apache_rc_quiet" ] && enote "La clé privée n'a pas été spécifiée. La valeur $(ppath "$__rc_key") sera utilisée"
else
eerror "Impossible de trouver la clé privée correspondant au certificat $(ppath "$__rc_cert")"
return 1
@@ -36,30 +109,31 @@ function __apache_checkvars() {
eerror "Vous devez spécifier le certificat à installer"
return 1
elif [ -z "$__rc_cert" ]; then
- eattention "Seul le certificat autorité a été spécifié."
+ [ -z "$__apache_rc_quiet" ] && eattention "Seul le certificat autorité a été spécifié."
elif [ -z "$__rc_ca" ]; then
- ewarn "Aucun certificat autorité n'a pas été spécifié. Cela ne peut marcher que si le certificat est autosigné"
+ [ -z "$__apache_rc_quiet" ] && ewarn "Aucun certificat autorité n'a pas été spécifié. Cela ne peut marcher que si le certificat est autosigné"
fi
- local i
- for i in "$__rc_cert" "$__rc_key" "$__rc_ca"; do
- [ -n "$i" ] || continue
- [ -f "$i" ] || {
- eerror "$i: Fichier introuvable"
- return 1
- }
- done
+ __apache_rc_checkfiles "$__certsdir" "$__rc_ca" "$__rc_cert" || return 1
+ __apache_rc_checkfiles "$__keysdir" "$__rc_key" || return 1
+ return 0
}
function apache_resolvecert() {
# Calculer l'emplacement des certificats correspondant aux arguments $1 et
# $2 (qui correspondent aux options --conf et --dir de apache_addcert()),
# puis initialiser les variables $3(=cert), $4(=key) et $5(=ca)
+ # Si ces valeurs sont déjà calculées, on peut fournir $6=certsdir et
+ # $7=keysdir
local __rc_conf="$1" __rc_dir="$2"
local __rc_cert __rc_key __rc_ca
- __apache_resolvcert
- __apache_checkvars || return 1
+ local __certsdir="$6" __keysdir="$7"
+ __apache_rc_destdir __certsdir __keysdir "$__certsdir" "$__keysdir"
+
+ __apache_rc_loadconf
+ __apache_rc_resolveprefix "$__certsdir" "$__keysdir"
+ __apache_rc_checkvars "$__certsdir" "$__keysdir" || return 1
set_var "${3:-cert}" "$__rc_cert"
set_var "${4:-key}" "$__rc_key"
set_var "${5:-ca}" "$__rc_ca"
@@ -93,29 +167,33 @@ OPTIONS
eval "$(utools_local)"
local action=install
- local certsconf certsdir cert key ca
+ local certsconf certssrcdir cert key ca
local __out_cert __out_key __out_ca
parse_opts "${PRETTYOPTS[@]}" \
--help '$exit_with __apache_addcert_display_help' \
-C:,--conf: certsconf= \
- -d:,--dir: certsdir= \
+ -d:,--dir: certssrcdir= \
--out-cert: '$set@ __out_cert; action=dump' \
--out-key: '$set@ __out_key; action=dump' \
--out-ca: '$set@ __out_ca; action=dump' \
@ args -- "$@" && set -- "${args[@]}" || die "$args"
+ local certsdir keysdir
+ __apache_rc_destdir certsdir keysdir
+
local __rc_conf __rc_dir
local __rc_cert __rc_key __rc_ca
if [ -n "$certsconf" ]; then
__rc_conf="$certsconf"
- __rc_dir="$certsdir"
- __apache_resolvconf
- __apache_checkvars || return 1
+ __rc_dir="$certssrcdir"
+ __apache_rc_loadconf
+ __apache_rc_resolveprefix "$certsdir" "$keysdir"
+ __apache_rc_checkvars "$certsdir" "$keysdir" || return 1
else
__rc_cert="$1"
__rc_key="$2"
__rc_ca="$3"
- __apache_checkvars || return 1
+ __apache_rc_checkvars "$certsdir" "$keysdir" || return 1
fi
cert="$__rc_cert"
key="$__rc_key"
@@ -129,9 +207,7 @@ OPTIONS
ask_yesno "Voulez-vous continuer?" O || return 1
urequire install
- etitle "Installation des certificats"
- certsdir="$(get_APACHESSLCERTSDIR_prefix)"
- keysdir="$(get_APACHESSLKEYSDIR_prefix)"
+ etitled "Copie des fichiers"
if [ ! -d "$certsdir" ]; then
mkdir -p "$certsdir" || return 1
chmod 755 "$certsdir" || return 1
@@ -140,38 +216,36 @@ OPTIONS
mkdir -p "$keysdir" || return 1
chmod 710 "$keysdir" || return 1
fi
- if [ -n "$cert" ]; then
- copy_replace "$cert" "$certsdir" || return 1
- chmod 644 "$certsdir/$(basename "$cert")" || return 1
- copy_replace "$key" "$keysdir" || return 1
- chmod 640 "$keysdir/$(basename "$key")" || return 1
+ if [ -n "$cert" -a -f "$cert" ]; then
+ if copy_update "$cert" "$certsdir"; then
+ chmod 644 "$certsdir/$(basename "$cert")" || return 1
+ fi
+ if copy_update "$key" "$keysdir"; then
+ chmod 640 "$keysdir/$(basename "$key")" || return 1
+ fi
fi
- if [ -n "$ca" ]; then
- copy_replace "$ca" "$certsdir" || return 1
- chmod 644 "$certsdir/$(basename "$ca")" || return 1
+ if [ -n "$ca" -a -f "$ca" ]; then
+ if copy_update "$ca" "$certsdir"; then
+ chmod 644 "$certsdir/$(basename "$ca")" || return 1
+ fi
fi
eend
return 0
}
-__APACHE_AUTOCONF_SUFFIXES=(d8 d)
-__APACHE_AUTOCONF_SUFFIX_d8=(-d debian -v jessie+)
-__APACHE_AUTOCONF_SUFFIX_d=(-d debian)
-function __apache_autoconf_check_suffix() {
- array_contains __APACHE_AUTOCONF_SUFFIXES "$1" || return 1
- local sysinfos="__APACHE_AUTOCONF_SUFFIX_${1}[@]"
- check_sysinfos --vars sysname sysdist sysver bits "${!sysinfos}"
-}
-function __apache_autoconf_filter_suffix_files() {
- grep -vF ..
-}
function __apache_autoconf_setup() {
if ! check_sysinfos --vars sysname sysdist sysver bits -s linux64 linux32 linux -d debian; then
- eerror "apache_autoconf n'est supporté que sur Debian linux"
+ eerror "$(get_sysinfos_desc): système non supporté. debian linux est requis"
return 1
fi
- urequire install
+ urequire debian install
+ if [ -z "$__apache_autoconf_no_require_apache" ]; then
+ pkg_check apache2 || {
+ eerror "apache2 non installé. impossible de continuer"
+ return 1
+ }
+ fi
compute_apache_prefixes
return 0
}
@@ -193,24 +267,8 @@ function __apache_autoconf_fillcopy() {
# script sed $FILLSCRIPT. Le fichier temporaire $FILLTEMP est utilisé pour
# le remplacement des valeurs. $3 contient le cas échéant des commandes sed
# supplémentaires
- # Si des fichiers suffixes existent, ne faire la copie que si un fichier
- # approprié correspondant au système courant est trouvé
local src="$1" dest="$2" sedscript="$3" perms="${4:-go+rX}"
- # vérifier les fichiers suffixe
- local suffix have_suffix found_suffix
- for suffix in "${__APACHE_AUTOCONF_SUFFIXES[@]}"; do
- if [ -f "$src..$suffix" ]; then
- have_suffix=1
- if __apache_autoconf_check_suffix "$suffix"; then
- found_suffix=1
- src="$src..$suffix"
- break
- fi
- fi
- done
- [ -n "$have_suffix" -a -z "$found_suffix" ] && return 1
-
# valeurs à remplacer dans le fichier
local var found_var
for var in "${FILLVARS[@]}"; do
@@ -225,14 +283,16 @@ $sedscript" <"$src" >"$FILLTEMP"
src="$FILLTEMP"
fi
- copy_update "$src" "$dest" "$perms"
+ copy_update "$src" "$dest" "$perms" && return
+ estepn "$(basename -- "$dest")"
+ return 1
}
__APACHE_AUTOCONF_HELP="\
--confdir CONFDIR
Spécifier l'emplacement des fichiers de configuration apache ainsi que des
- fichiers 'confs.conf', 'modules.conf' et 'sites.conf'. Par défaut, prendre
- le répertoire local DESTDIR.
+ fichiers 'syspkgs.conf', 'confs.conf', 'modules.conf' et 'sites.conf'. Par
+ défaut, prendre le répertoire local DESTDIR.
--confsdir CONFSDIR
Spécifier l'emplacement des fichiers des configuration. Par défaut, utiliser
DESTDIR/confs si ce répertoire existe.
@@ -264,7 +324,7 @@ function apache_autoconf() {
local autoconfdir certsdir confdir confsdir oneconf modulesdir onemodule
local sitesdir onesite cgibindir wwwdir certsconfdir rrdir onecms
local sysname sysdist sysver bits
- local destconfsdir a2xconf
+ local netconf destconfsdir a2xconf
local restart=1
parse_opts "${PRETTYOPTS[@]}" \
--help '$exit_with __display_apache_autoconf_help' \
@@ -288,6 +348,7 @@ function apache_autoconf() {
-7,--wheezy sysver=wheezy \
-8,--jessie sysver=jessie \
--bits: bits= \
+ --network-config netconf=1 \
@ args -- "$@" && set -- "${args[@]}" || die "$args"
if [ -n "$sysname" -o -n "$sysdist" -o -n "$sysver" ]; then
@@ -298,13 +359,13 @@ function apache_autoconf() {
sysver=("${MYSYSVER[@]}")
bits="$MYBITS"
fi
- __apache_autoconf_setup || return 1
- if __apache_autoconf_check_suffix d8; then
+ __apache_autoconf_no_require_apache= __apache_autoconf_setup || return 1
+ if check_sysinfos --vars sysname sysdist sysver bits -d debian -v jessie+; then
confdefault=000-default.conf
confdefaultssl=default-ssl.conf
destconfsdir="$APACHECONFDIR/conf-available"
a2xconf=1
- elif __apache_autoconf_check_suffix d; then
+ elif check_sysinfos --vars sysname sysdist sysver bits -d debian; then
confdefault=default
confdefaultssl=default-ssl
destconfsdir="$APACHECONFDIR/conf.d"
@@ -340,6 +401,19 @@ function apache_autoconf() {
local -a FILLVARS; local FILLSCRIPT FILLTEMP
__apache_autoconf_fillxxx "$@"
+ # Installation des packages système
+ if [ -f "$confdir/syspkgs.conf" ]; then
+ local -a syspkgs
+ local syspkg
+ array_from_lines syspkgs "$(<"$confdir/syspkgs.conf" filter_conf)"
+ if ! pkg_check "${syspkgs[@]}"; then
+ etitle "Installation de paquets système"
+ estep "${syspkgs[@]}"
+ pkg_install "${syspkgs[@]}" || return 1
+ eend
+ fi
+ fi
+
# Copie des certificats
local modified rehash conf
if [ -d "$certsconfdir" ]; then
@@ -350,17 +424,10 @@ function apache_autoconf() {
array_addu FILLVARS ca
etitle "Installation des certificats"
+ [ -n "$certsdir" -a ! -d "$certsdir" ] && ewarn "$certsdir: répertoire invalide"
array_lsfiles certsconfs "$certsconfdir" "*.conf"
for certsconf in "${certsconfs[@]}"; do
- if [ -z "$certsdir" ]; then
- eerror "CERTSDIR est requis si --certsconfdir est spécifié"
- return 1
- elif [ ! -d "$certsdir" ]; then
- eerror "$certsdir: répertoire invalide"
- return 1
- fi
- apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1
- apache_addcert -y "$cert" "$key" "$ca"
+ apache_addcert -y -C "$certsconf" -d "$certsdir" "$cert" "$key" "$ca" || return 1
modified=1
done
array_lsfiles certspems "$certsconfdir" "*.crt" "*.pem"
@@ -378,11 +445,9 @@ function apache_autoconf() {
local -a confs
local conf
etitle "Installation des configurations"
- array_from_lines confs "$(list_files "$confsdir" "*.conf" | __apache_autoconf_filter_suffix_files)"
+ array_from_lines confs "$(list_files "$confsdir" "*.conf")"
for conf in "${confs[@]}"; do
[ -z "$oneconf" -o "$conf" == "$oneconf" ] || continue
-
- estep "$conf"
__apache_autoconf_fillcopy \
"$confsdir/$conf" \
"$destconfsdir/$conf" && modified=1
@@ -395,11 +460,9 @@ function apache_autoconf() {
local -a confs
local conf
etitle "Installation des configurations des modules"
- array_from_lines confs "$(list_files "$modulesdir" "*.conf" | __apache_autoconf_filter_suffix_files)"
+ array_from_lines confs "$(list_files "$modulesdir" "*.conf")"
for conf in "${confs[@]}"; do
[ -z "$onemodule" -o "$conf" == "$onemodule" ] || continue
-
- estep "$conf"
__apache_autoconf_fillcopy \
"$modulesdir/$conf" \
"$APACHECONFDIR/mods-available/$conf" && modified=1
@@ -409,12 +472,12 @@ function apache_autoconf() {
# Règles de réécriture
if [ -d "$rrdir" -a -z "$onecms" ]; then
+ # legacy... remplacé par des fichiers de règles directement dans le répertoire de configuration
local -a confs
local conf
etitle "Installation des règles de réécriture"
array_from_lines confs "$(list_files "$rrdir" "RewriteRules*.conf")"
for conf in "${confs[@]}"; do
- estep "$conf"
__apache_autoconf_fillcopy \
"$rrdir/$conf" \
"$APACHECONFDIR/$conf" && modified=1
@@ -426,9 +489,9 @@ function apache_autoconf() {
local -a enablesites disablesites
if [ -d "$sitesdir" -a \( -z "$onecms" -o -n "$onesite" \) ]; then
local -a confs
- local conf confname destconf certsconf
+ local conf confname destconf certsconf sedscript copied
etitle "Installation des sites"
- array_from_lines confs "$(list_files "$sitesdir" "*.conf" | __apache_autoconf_filter_suffix_files)"
+ array_from_lines confs "$(list_files "$sitesdir" "*.conf")"
for confname in "${confs[@]}"; do
conf="$sitesdir/$confname"
[ -z "$onesite" -o "$confname" == "$onesite" ] || continue
@@ -449,27 +512,44 @@ function apache_autoconf() {
*) destconf="$confname";;
esac
+ copied=
if [ -n "$certsconf" ]; then
certsconf="$certsconfdir/$certsconf"
if [ -f "$certsconf" ]; then
- apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1
- __apache_autoconf_fillcopy \
- "$conf" \
- "$APACHEAVSITESDIR/$destconf" "\
+ __apache_rc_quiet=1 apache_resolvecert "$certsconf" "$certsdir" cert key ca || return 1
+ if [ -n "$cert" -a -n "$key" ]; then
+ sedscript="\
s#@@cert@@#$APACHESSLCERTSDIR/$(basename "$cert")#g
-s#@@key@@#$APACHESSLKEYSDIR/$(basename "$key")#g
-s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g
-"
+s#@@key@@#$APACHESSLKEYSDIR/$(basename "$key")#g"
+ if [ -n "$ca" ]; then
+ sedscript="$sedscript
+s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g"
+ else
+ sedscript="$sedscript
+/@@ca@@/s/^/#/g"
+ fi
+ __apache_autoconf_fillcopy \
+ "$conf" \
+ "$APACHEAVSITESDIR/$destconf" "$sedscript"
+ copied=1
+ else
+ eerror "$(ppath "$certsconf"): définition des certificats introuvable
+Le fichier de configuration $confname a été ignoré"
+ fi
else
- eerror "$(ppath "$certsconf"): fichier introuvable. Il a été ignoré"
+ eerror "$(ppath "$certsconf"): fichier introuvable
+Le fichier de configuration $confname a été ignoré"
fi
else
__apache_autoconf_fillcopy \
"$conf" \
"$APACHEAVSITESDIR/$destconf"
+ copied=1
+ fi
+ if [ -n "$copied" ]; then
+ enablesites=("${enablesites[@]}" "$destconf")
+ modified=1
fi
- enablesites=("${enablesites[@]}" "$destconf")
- modified=1
done
eend
fi
@@ -478,16 +558,28 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g
if [ -d "$confdir" -a -z "$onecms" ]; then
local -a confs
local conf
+
etitle "Configuration de base"
- array_add ignores confs.conf modules.conf sites.conf
- array_from_lines confs "$(list_files "$confdir" | __apache_autoconf_filter_suffix_files)"
+ array_add ignores syspkgs.conf confs.conf modules.conf sites.conf network.conf
+ array_from_lines confs "$(list_files "$confdir")"
for conf in "${confs[@]}"; do
array_contains ignores "$conf" && continue
- estep "$conf"
__apache_autoconf_fillcopy \
"$confdir/$conf" \
"$APACHECONFDIR/$conf" && modified=1
done
+
+ array_from_lines confs "$(list_files "$confdir" "*rewrite*.rules")"
+ if [ ${#confs[*]} -gt 0 ]; then
+ etitle "Règles de réécriture"
+ for conf in "${confs[@]}"; do
+ [ -f "$APACHECONFDIR/$conf" ] || continue
+ estep "$conf"
+ legacy_mkRewriteRules "$APACHECONFDIR/$conf" && modified=1
+ done
+ eend
+ fi
+
if [ -f "$confdir/confs.conf" -a -n "$a2xconf" ]; then
local -a confs
local conf
@@ -564,9 +656,30 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g
fi
# Contenu web
- if [ -d "$wwwdir" -a -z "$onecms" ]; then
- etitle "Installation des fichiers du serveur web"
- cpdirnovcs "$wwwdir" "$HTDOCSDIR"
+ if [ -z "$onecms" ]; then
+ etitled "Installation des fichiers du serveur web"
+ if is_defined HTDMAPPINGS; then
+ local htdmapping src dest
+ for htdmapping in "${HTDMAPPINGS[@]}"; do
+ splitpair "$htdmapping" dest src
+ [ -n "$dest" ] || dest=html
+ case "$dest" in
+ html) [ -n "$src" ] || src=www;;
+ *) [ -n "$src" ] || src="$dest";;
+ esac
+ withpath "$src" || src="$confdir/$src"
+ withpath "$dest" || dest="$HTDOCSBASE/$dest"
+ estep "$src --> $dest"
+ cpdirnovcs "$src" "$dest"
+ # par défaut, le propriétaire est root. est-ce nécessaire?
+ #chown -R www-data: "$dest"
+ done
+ elif [ -d "$wwwdir" ]; then
+ estep "$wwwdir --> $HTDOCSDIR"
+ cpdirnovcs "$wwwdir" "$HTDOCSDIR"
+ # par défaut, le propriétaire est root. est-ce nécessaire?
+ #chown -R www-data: "$HTDOCSDIR"
+ fi
eend
fi
@@ -587,6 +700,30 @@ s#@@ca@@#$APACHESSLCERTSDIR/$(basename "$ca")#g
eend
fi
+ # Mettre à jour la configuration réseau
+ if [ -z "$onecms" -a -n "$netconf" -a -f "$confdir/network.conf" ]; then
+ local -a ips brs; local host etc_networks
+ eval "$(
+ source "$confdir/network.conf"
+ set_array_cmd ips
+ set_array_cmd brs
+ echo_setv host "$host"
+ echo_setv etc_networks "$etc_networks"
+ )"
+ etitled "Vérification de la configuration du réseau"
+ if [ -n "$FULLCONF" ]; then
+ if [ ${#ips[*]} -gt 0 -o ${#brs[*]} -gt 0 -o -n "$hosts" ]; then
+ network_config "$host" ips brs && modified=1
+ fi
+ [ -n "$etc_networks" ] && network_update_etc_networks "$etc_networks"
+ else
+ if [ ${#ips[*]} -gt 0 ]; then
+ network_config_partial ips && modified=1
+ fi
+ fi
+ eend
+ fi
+
if [ -n "$modified" ]; then
[ -n "$rehash" ] && elinedots "Hashage des certificats" c_rehash
if [ -n "$restart" ]; then
@@ -604,7 +741,7 @@ function apache_autoconf_localhosts() {
--one-site: onesite= \
@ args -- "$@" && set -- "${args[@]}" || die "$args"
- __apache_autoconf_setup || return 1
+ __apache_autoconf_no_require_apache=1 __apache_autoconf_setup || return 1
# Configuration
autoconfdir="$1"; shift
@@ -711,27 +848,48 @@ function __template_updatef_dhost() {
[ -n "$ips" ] || __template_set_var ips ""
}
-# toujours placer une variable dépendante AVANT la variable maitre
+# syntaxe: var[:depvars,...][=desc]
APACHECONFIG_TEMPLATE_STATIC_VARS=(
- hostname aliases host
- certsdir caname
+ host:hostname,aliases="hôte pour lequel ce template a été créé.
+# les variables hostname et aliases sont automatiquement générées.
+# utiliser @@dhost@@ pour déployer dynamiquement avec le nom d'hôte courant."
+ certsdir="répertoire par défaut contenant les certificats à déployer"
+ caname="nom de l'autorité par défaut"
)
APACHECONFIG_TEMPLATE_DYNAMIC_VARS=(
- ips_namevirtualhosts ips_listens ips
- dhostname daliases dhost
- admin configdir
+ ips:ips_namevirtualhosts,ips_listens="liste d'adresses de la forme ip[:port], séparées par un espace.
+# ces adresses sont celles sur lesquelles apache doit écouter. ce paramètre n'a
+# de sens que sur squeeze. en effet, la configuration par défaut sur jessie rend
+# ce paramétrage inutile."
+ dhost:dhostname,daliases="hôte pour lequel les fichiers doivent être déployés.
+# les variables dhostname et daliases sont automatiquement générées.
+# cette variable n'a besoin d'être modifiée que si host=@@dhost@@ ci-dessous"
+ admin="mail de l'administrateur du serveur"
+ configdir="répertoire dans lequel le template a été généré"
+)
+APACHECONFIG_TEMPLATE_NOWRITE_VARS=(configdir)
+APACHECONFIG_TEMPLATE_USER_VARS=(
+ FULLCONF="Est-on en mode configuration complète?"
+ HTDMAPPINGS="Mapping des répertoires destination dans /var/www vers le répertoire local, e.g. html:www"
)
-APACHECONFIG_TEMPLATE_NOWRITE_VARS=(hostname aliases dhostname daliases configdir)
+function __apacheconfig_initsrcdirs() {
+ if check_sysinfos "$@" -d debian -v jessie+; then
+ TEMPLATECTL_SRCDIRS=(apacheconfig.d8)
+ else
+ TEMPLATECTL_SRCDIRS=(apacheconfig)
+ fi
+}
function apacheconfig_initvars() {
DEFAULT_ADMIN=supervision-gdrsi@listes.univ-reunion.fr
DEFAULT_CERTSDIR=1507-renater
DEFAULT_CANAME=1507-DigiCertCA.crt
set_defaults apacheconfig
- TEMPLATE_STATIC_VARS=("${APACHECONFIG_TEMPLATE_STATIC_VARS[@]}")
- TEMPLATE_DYNAMIC_VARS=("${APACHECONFIG_TEMPLATE_DYNAMIC_VARS[@]}")
TEMPLATE_NOWRITE_VARS=("${APACHECONFIG_TEMPLATE_NOWRITE_VARS[@]}")
+ template_build_vars TEMPLATE_STATIC_VARS TEMPLATE_NOWRITE_VARS "${APACHECONFIG_TEMPLATE_STATIC_VARS[@]}"
+ template_build_vars TEMPLATE_DYNAMIC_VARS TEMPLATE_NOWRITE_VARS "${APACHECONFIG_TEMPLATE_DYNAMIC_VARS[@]}"
+ template_build_vars TEMPLATE_USER_VARS "" "${APACHECONFIG_TEMPLATE_USER_VARS[@]}"
__TEMPLATE_DEFAULTF_host=__template_defaultf_host
__TEMPLATE_UPDATEF_host=__template_updatef_host
__TEMPLATE_DEFAULTF_ips=__template_defaultf_ips
@@ -740,7 +898,7 @@ function apacheconfig_initvars() {
__TEMPLATE_UPDATEF_dhost=__template_updatef_dhost
TEMPLATECTL_NAME=apacheconfig
- TEMPLATECTL_SRCDIRS=(apacheconfig)
+ __apacheconfig_initsrcdirs
TEMPLATECTL_CONFIG="$TEMPLATECTL_NAME"
TEMPLATECTL_DEFAULTS=(
admin="$DEFAULT_ADMIN"
@@ -751,11 +909,14 @@ function apacheconfig_initvars() {
}
function apacheconfig_loadconf() {
- local config modified
- local destdir="$1" autocreate
+ local config modified autocreate
+ local destdir="$1" nohideconfig="$2"
+
+ # valeurs par défaut
+ is_defined HTDMAPPINGS || HTDMAPPINGS=(html:www)
__template_set_destdir destdir autocreate "$TEMPLATECTL_NAME" || return 1
- setx config=templatectl_config "$destdir"
+ setx config=templatectl_config "$destdir" ${nohideconfig:+nohideconfig}
modified=
templatectl_loadvars "$config" && modified=1
@@ -779,7 +940,8 @@ function apacheconfig_sysinfos() {
__template_set_var sysname "$sysname"
__template_set_var sysdist "$sysdist"
__template_set_var sysver "$sysver"
- #check_sysinfos --vars sysname sysdist sysver bits "${templatectl_suffix[@]}
+ # mettre à jour la source en fonction du système cible
+ __apacheconfig_initsrcdirs --vars sysname sysdist sysver bits
upvars sysname "$sysname" sysdist "$sysdist" sysver "$sysver" bits "$bits" \
custom_sysinfos "$custom_sysinfos"
@@ -789,6 +951,7 @@ function apacheconfig_deploy() {
local destdir="$1" certsdir="$2"; shift; shift
local config="$1" oneconf="$2" onemodule="$3"; onesite="$4"; shift; shift; shift; shift
local custom_sysinfos="$1" sysname="$2" sysdist="$3" sysver="$4" bits="$5"; shift; shift; shift; shift; shift
+ local netconf="$1"; shift
local -a args
args=(--ignore "$(basename -- "$config")")
@@ -796,6 +959,7 @@ function apacheconfig_deploy() {
[ -n "$onemodule" ] && array_add args --one-module "$(basename -- "$onemodule")"
[ -n "$onesite" ] && array_add args --one-site "$(basename -- "$onesite")"
[ -n "$custom_sysinfos" ] && array_add args --sysname "$sysname" --sysdist "$sysdist" --sysver "$sysver" --bits "$bits"
+ [ -n "$netconf" ] && array_add args --network-config
array_add args "$destdir" "$certsdir"
for __name in "${TEMPLATE_DYNAMIC_VARS[@]}"; do
array_add args "$__name=${!__name}"
@@ -803,6 +967,21 @@ function apacheconfig_deploy() {
apache_autoconf "${args[@]}" "$@"
}
+function apacheconfig_qs() {
+ # fonction pour simplifier l'utilisation de apacheconfig_deploy pour un
+ # répertoire spécifique
+ # $1=destdir $2=certsdir $3=netconf
+ local destdir="$1" certsdir="$2" netconf="$3"
+ local config modified destdir autocreate
+ apacheconfig_initvars
+ apacheconfig_loadconf "$1"
+ apacheconfig_deploy \
+ "$destdir" "$2" \
+ "$config" "" "" "" \
+ "" "" "" "" "" \
+ "$3"
+}
+
function apacheconfig_localhosts() {
local destdir="$1" certsdir="$2"; shift; shift
local onesite="$1"; shift
@@ -815,3 +994,241 @@ function apacheconfig_localhosts() {
done
apache_autoconf_localhosts "${args[@]}" "$@"
}
+
+function __mrr_joinurl() {
+ # joindre chaque élément de $1..@ par /, en évitant les slashes en double
+ local i url
+ for i in "$@"; do
+ [ -n "$i" ] || continue
+ if [ -n "$url" ]; then
+ url="${url%/}/${i#/}"
+ else
+ url="$i"
+ fi
+ done
+ [ -n "$url" ] && echo "$url"
+}
+function __mrr_has_proxy() {
+ # vérifier que les options $1 contiennent 'P'
+ local -a options
+ array_split options "$1" ","
+ array_contains options P
+}
+function legacy_mkRewriteRules() {
+ # $1=infile, $2=thishost, $3=outfile, $4=htmlfile, $5=proxy_enabled?
+ local infile="$1" thishost="$2" outfile="$3" htmlfile="$4" proxy_enabled="$5"
+ local -a rules; local rule prefix index done current
+ local tmpinfile tmpoutfile
+ local src dest host suffix options prot proxy_acls usrc trail noslash proxy_url proxy_use
+
+ if [ -z "$infile" -o "$infile" == - ]; then
+ infile=/dev/stdin
+ elif [ -z "$outfile" ]; then
+ local outdir="$(dirname -- "$infile")"
+ outfile="$(basename -- "$infile")"
+ if [[ "$outfile" == *rewrite*.rules ]]; then
+ outfile="${outfile/rewrite/RewriteRules}"
+ outfile="${outfile/.rules/.conf}"
+ else
+ outfile="$outfile-RewriteRules.conf"
+ fi
+ outfile="$outdir/$outfile"
+ fi
+ [ -n "$outfile" -a "$outfile" != - ] || outfile=/dev/stdout
+
+ if [ -z "$thishost" -o -z "$proxy_enabled" ]; then
+ # le cas échéant, lire les paramètres manquant depuis le fichier
+ if [ "$infile" == /dev/stdin ]; then
+ ac_set_tmpfile tmpinfile
+ cat >"$tmpinfile"
+ infile="$tmpinfile"
+ fi
+ eval "$(awkrun -f <"$infile" '
+/^[^#]/ { exit 0 }
+/^#+ *host *=/ { sub(/^#+ *host *= */, ""); sub(/ *$/, ""); print "thishost=" qval($0); next }
+/^#+ *enable_proxy *=/ { sub(/^#+ *enable_proxy *= */, ""); sub(/ *$/, ""); print "proxy_enabled=" qval($0); next }
+')"
+ fi
+ [ -n "$thishost" ] || thishost="$(myhost)"
+ normyesval proxy_enabled
+
+ if [ -n "$htmlfile" ]; then
+ echo '
+
+
+
+
+'"$thishost
+
+
+$thishost
+" >"$htmlfile"
+ fi
+
+ ac_set_tmpfile tmpoutfile
+ array_from_lines rules "$(<"$infile" filter_comment)"
+ prefix=
+ for rule in "${rules[@]}"; do
+ if beginswith "$rule" ^; then
+ # Collecter les préfixe pour la règle suivante
+ prefix="${prefix:+$prefix
+}${rule#^}"
+ continue
+ elif beginswith "$rule" =; then
+ # ligne litérale
+ echo "${rule#=}" >>"$tmpoutfile"
+ continue
+ fi
+
+ local IFS=:; set -- $rule; unset IFS
+ index=1
+ done=
+ while [ -z "$done" ]; do
+ current="$1"; shift
+ while [ "${current%\\}" != "$current" ]; do
+ current="${current%\\}:$1"; shift
+ done
+ case $index in
+ 1) src="$current";;
+ 2) dest="$current";;
+ 3) host="$current";;
+ 4) suffix="$current";;
+ 5) options="$current";;
+ 6) prot="${current:-http}";;
+ 7) proxy_acls="$current";;
+ *) done=1;;
+ esac
+ index=$(($index + 1))
+ done
+
+ # mettre en forme prefix s'il est défini
+ [ -n "$prefix" ] && prefix="$prefix
+"
+
+ [ "$thishost" == "$host" ] && host=
+
+ usrc="$src"
+
+ trail=1
+ if endswith "$src" '$'; then
+ trail=
+ usrc="${src%$}"
+ fi
+
+ noslash=
+ if endswith "$suffix" '$'; then
+ noslash=1
+ suffix="${suffix%$}"
+ fi
+ if endswith "$dest" '$'; then
+ noslash=1
+ dest="${dest%$}"
+ fi
+
+ proxy_url=
+ proxy_use=
+
+ if endswith "$dest" .woa; then
+ # lien vers une application
+ if [ -n "$host" ]; then
+ # sur un autre hôte
+ if [ -n "$noslash" ]; then
+ echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(__mrr_joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc"
+ setx proxy_url __mrr_joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix"
+ else
+ echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$tmpoutfile"
+ echo "${prefix}RewriteRule ^/$src/(.*) $(__mrr_joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc/"
+ setx proxy_url __mrr_joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix/"
+ fi
+ else
+ # sur le même hôte
+ if [ -n "$noslash" ]; then
+ echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(__mrr_joinurl /cgi-bin/WebObjects "$dest" "$suffix")${trail:+\$1} [L,P${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc"
+ setx proxy_url __mrr_joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix"
+ proxy_use=1
+ else
+ echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$tmpoutfile"
+ echo "${prefix}RewriteRule ^/$src/(.*) $(__mrr_joinurl /cgi-bin/WebObjects "$dest" "$suffix" "\$1") [L,P${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc/"
+ setx proxy_url __mrr_joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix/"
+ proxy_use=1
+ fi
+ fi
+ else
+ # lien vers une url
+ if [ -n "$host" ]; then
+ # sur un autre hôte
+ if [ -n "$noslash" ]; then
+ echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(__mrr_joinurl "$prot://$host" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc"
+ setx proxy_url __mrr_joinurl "$prot://$host" "$dest" "$suffix"
+ else
+ echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$tmpoutfile"
+ echo "${prefix}RewriteRule ^/$src/(.*) $(__mrr_joinurl "$prot://$host" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc/"
+ setx proxy_url __mrr_joinurl "$prot://$host" "$dest" "$suffix/"
+ fi
+ else
+ # sur le même hôte
+ if [ -n "$noslash" ]; then
+ echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(__mrr_joinurl / "$dest" "$suffix")${trail:+\$1}${options:+ [$options]}" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc"
+ setx proxy_url __mrr_joinurl "http://$thishost" "$dest" "$suffix"
+ else
+ echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$tmpoutfile"
+ echo "${prefix}RewriteRule ^/$src/(.*) $(__mrr_joinurl / "$dest" "$suffix" "\$1")${options:+ [$options]}" >>"$tmpoutfile"
+ setx url __mrr_joinurl "http://$thishost" "$usrc/"
+ setx proxy_url __mrr_joinurl "http://$thishost" "$dest" "$suffix/"
+ fi
+ fi
+ fi
+ __mrr_has_proxy "$options" && proxy_use=1
+ if [ -n "$proxy_enabled" -a -n "$proxy_use" ]; then
+ if [ "$proxy_acls" == "None" ]; then
+ :
+ elif [ -z "$proxy_acls" ]; then
+ echo "\
+
+ AddDefaultCharset off
+ Order Deny,Allow
+ Allow from all
+" >>"$tmpoutfile"
+ else
+ echo "\
+
+ AddDefaultCharset off
+ Order Allow,Deny
+ Allow from $proxy_acls
+" >>"$tmpoutfile"
+ fi
+ fi
+
+ echo "" >>"$tmpoutfile"
+ if [ -n "$htmlfile" ]; then
+ echo "- $url
" >>"$htmlfile"
+ fi
+
+ # Réinitialiser les préfixes pour chaque règle
+ prefix=
+ done
+
+ local modified
+ if testupdated "$tmpoutfile" "$outfile"; then
+ cat "$tmpoutfile" >"$outfile"
+ modified=1
+ fi
+
+ if [ -n "$htmlfile" ]; then
+ echo '
+
+' >>"$htmlfile"
+ fi
+
+ [ -n "$tmpinfile" ] && ac_clean "$tmpinfile"
+ ac_clean "$tmpoutfile"
+ [ -n "$modified" ]
+}
diff --git a/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt b/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt
new file mode 100644
index 0000000..bd574ef
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/README-apacheconfig.txt
@@ -0,0 +1,76 @@
+# -*- coding: utf-8 mode: text -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+Ce répertoire peut contenir les fichiers et répertoires suivants, qui sont tous
+optionnels:
+
+confs.conf
+ Liste des configurations qu'il faut activer. Si un fichier de configuration
+ existe mais n'est pas mentionnée dans ce fichier, ou si ce fichier n'existe
+ pas, aucune modification n'est effectuée. Ce fichier contient une liste de
+ ligne de configuration.
+ Si une configuration est de la forme -conf, elle est désactivée. Si une
+ configuration est de la forme +conf, elle est activée. Cette syntaxe permet
+ de supporter les configurations dont le nom commencerait par '-'
+ IMPORTANT: Ce fichier n'est supporté qu'à partir de debian jessie.
+
+modules.conf
+ Liste des modules qu'il faut activer. Si un module existe mais n'est pas
+ mentionné dans ce fichier, ou si ce fichier n'existe pas, aucune
+ modification n'est effectuée.
+ Si un module est de la forme -module, il est désactivé. Si un module est de
+ la forme +module, il est activé. Cette syntaxe permet de supporter les
+ modules dont le nom commencerait par '-'
+
+sites.conf
+ Liste des sites qu'il faut activer. Si ce fichier n'existe pas, tous les
+ sites existant sont activés. Si un site existe mais ne figure pas dans ce
+ fichier, il est désactivé.
+
+confs/
+ Répertoire des configurations à installer. Les fichiers de ce répertoire
+ sont de la forme CONF.conf et sont installés dans le répertoire
+ /etc/apache2/conf-available. Il faut mentionner la configuration dans le
+ fichier confs.conf pour l'activer.
+ IMPORTANT: Ce répertoire n'est supporté qu'à partir de debian jessie.
+
+modules/
+ Répertoire des configurations de modules à installer. Les fichiers de ce
+ répertoire sont de la forme MODULE.conf et sont installés dans le répertoire
+ /etc/apache2/mods-available. Il faut mentioner le module dans le fichier
+ modules.conf pour l'activer.
+
+sites/
+ Répertoire des sites à installer. Les fichiers de ce répertoire sont de la
+ forme SITE.conf pour les sites écoutant en clair, et SITE.ssl.conf pour les
+ sites écoutant en https.
+ Pour chaque site SITE.ssl.conf, un fichier SITE-certs.conf doit exister dans
+ certsconf/. Pour chaque fichier SITE.ssl.conf, les balises @@ca@@, @@cert@@
+ et @@key@@ sont remplacés par les valeurs des variables ca, cert et key
+ définies dans le fichier correspondant SITE-certs.conf
+
+cgi-bin/
+ Répertoire des scripts cgi
+
+www/
+ Répertoire des fichiers du serveur web
+
+certsconf/
+ Répertoire qui contient la configuration pour les certificats à installer.
+ Les fichiers de ce répertoire sont de la forme SITE-certs.conf et chacun
+ d'eux correspond à un fichier SITE.ssl.conf dans sites/
+
+RewriteRules/
+ Répertoire qui contient la configuration de réécriture. Tous les fichiers
+ RewriteRules*.conf de ce répertoire sont copiés dans /etc/apache2
+
+Tous les autres fichiers sont copiés tels quels dans /etc/apache2. Notamment,
+apache2.conf est le fichier de configuration principal d'apache et ports.conf le
+fichier de configuration des ports d'écoute.
+
+## Configuration TLS
+
+Le site https://mozilla.github.io/server-side-tls/ssl-config-generator/ contient
+des informations sur la façon de configurer ssl côté serveur pour la sécurité et
+les navigateurs modernes
+
+Voir les détails sur https://wiki.mozilla.org/Security/Server_Side_TLS
diff --git a/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf b/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf
new file mode 100644
index 0000000..2ca6ace
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/certsconf/default-certs.conf
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+# Cette variable est utilisée par la fonction refcerts() du script runs. C'est
+# le nom d'un répertoire à chercher dans RUNSMODULESPATH qui contient les
+# certificats à installer sur le serveur.
+certsdir=@@certsdir@@
+
+# Fichier contenant les certificats racines qui valident le certificat à
+# installer, ainsi que les certificats qui sont rencontrés dans le dialogue avec
+# d'autres serveurs web
+ca=@@caname@@
+
+# Certificat et clé privée à installer
+cert=
+key=
diff --git a/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir b/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir
new file mode 100644
index 0000000..eb74a9a
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/cgi-bin/.udir
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Utiliser 'udir --help-vars' pour une description de la signification des
+# variables suivantes:
+udir_desc="Fichiers à déployer sur @@host@@ dans le répertoire des cgi-bins"
+udir_note="Il est possible de déployer les modifications dans ce répertoire avec 'uinst -y'"
+udir_types=(uinst:rsync)
+uinc=release
+uinc_options=()
+uinc_args=()
+configure_variables=(dest)
+configure_dest_for=()
+config_scripts=()
+install_profiles=false
+workdir_rsync_options=()
+workdir_excludes=()
+workdir_includes=()
+copy_files=true
+rsync_options=()
+destdir=root@@@host@@:CGIBINDIR
+srcdir=.
+files=()
+owner=root:
+modes=(u=rwX,g=rX,o=rX)
+root_scripts=()
diff --git a/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi b/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi
new file mode 100755
index 0000000..dd4bf37
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/cgi-bin/test.cgi
@@ -0,0 +1,6 @@
+#!/bin/bash
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+echo "Content-Type: text/plain"
+echo ""
+echo "OK"
diff --git a/lib/ulib/templates/apacheconfig/confs.conf..d8 b/lib/ulib/templates/apacheconfig.d8/confs.conf
similarity index 100%
rename from lib/ulib/templates/apacheconfig/confs.conf..d8
rename to lib/ulib/templates/apacheconfig.d8/confs.conf
diff --git a/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf b/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf
new file mode 100644
index 0000000..d00b377
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/confs/ssl-config.conf
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+ # cf https://wiki.mozilla.org/Security/Server_Side_TLS
+
+ # Choisir un des profils. Clients les plus anciens pouvant se connecter:
+ # modern: Firefox 27, Chrome 30, Windows 7 IE 11, Edge, Opera 17, Safari 9, Android 5.0, Java 8
+ # intermediate: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
+ # old: Windows XP IE6, Java 6
+ #Define SSL_CONFIG_MODERN
+ #Define SSL_CONFIG_INTERMEDIATE
+ #Define SSL_CONFIG_OLD
+
+ # Faut-il activer HSTS?
+ #Define SSL_CONFIG_HSTS
+
diff --git a/lib/ulib/templates/apacheconfig.d8/modules.conf b/lib/ulib/templates/apacheconfig.d8/modules.conf
new file mode 100644
index 0000000..84e06fb
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/modules.conf
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Liste des modules à activer. Syntaxe:
+# module ou +module pour activer un module
+# -module pour le désactiver
diff --git a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d8 b/lib/ulib/templates/apacheconfig.d8/modules/ssl.conf
similarity index 99%
rename from lib/ulib/templates/apacheconfig/modules/ssl.conf..d8
rename to lib/ulib/templates/apacheconfig.d8/modules/ssl.conf
index d733884..c7eb837 100644
--- a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d8
+++ b/lib/ulib/templates/apacheconfig.d8/modules/ssl.conf
@@ -107,7 +107,7 @@
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
- # Configure the SSL Session Cache: First the mechanism
+ # Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
@@ -116,7 +116,7 @@
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
- # SSL engine uses internally for inter-process synchronization.
+ # SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
diff --git a/lib/ulib/templates/apacheconfig.d8/network.conf b/lib/ulib/templates/apacheconfig.d8/network.conf
new file mode 100644
index 0000000..31e2bae
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/network.conf
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Configuration du réseau sur le serveur. Ce fichier est traité différemment
+# selon le mode de configuration.
+# - En mode complet, ce fichier définit le nom d'hôte ainsi que toutes les
+# interfaces, ponts et adresses. La variable host et les tableaux ips et brs
+# sont pris en compte.
+# - En mode partiel, seuls le tableau ips est pris en compte: il est utilisé
+# pour définir des adresses ips supplémentaires à configurer sur le serveur.
+
+# Liste des adresses IPs à configurer. Chaque élément est de la forme
+# [IFACE:]dhcp ou [[IFACE][//GATEWAY]:]IP[/SUFFIX]
+ips=()
+
+# Liste des ponts à configurer. Chaque élément est de la forme BR:IFACES
+# BR est le nom du pont, e.g. br0. IFACES est une liste d'interfaces séparées
+# par une virgule. e.g. br0:eth0,eth1
+brs=()
+
+# Nom d'hôte pleinement qualifié. Si ce paramètre est spécifié, les fichiers
+# /etc/hosts, /etc/hostname et /etc/mailname sont mis à jour.
+host=
+
+# Contenu du fichier /etc/networks
+etc_networks=
diff --git a/lib/ulib/templates/apacheconfig/ports.conf..d8 b/lib/ulib/templates/apacheconfig.d8/ports.conf
similarity index 65%
rename from lib/ulib/templates/apacheconfig/ports.conf..d8
rename to lib/ulib/templates/apacheconfig.d8/ports.conf
index d858a80..92c0c92 100644
--- a/lib/ulib/templates/apacheconfig/ports.conf..d8
+++ b/lib/ulib/templates/apacheconfig.d8/ports.conf
@@ -7,16 +7,8 @@ Listen 80
Listen 443
- #NameVirtualHost IP:443
- #Listen IP:443
- #@@ips_namevirtualhosts@@
- #@@ips_listens@@
Listen 443
- #NameVirtualHost IP:443
- #Listen IP:443
- #@@ips_namevirtualhosts@@
- #@@ips_listens@@
diff --git a/lib/ulib/templates/apacheconfig.d8/rewrite.rules b/lib/ulib/templates/apacheconfig.d8/rewrite.rules
new file mode 100644
index 0000000..b445618
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/rewrite.rules
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
diff --git a/lib/ulib/templates/apacheconfig.d8/sites.conf b/lib/ulib/templates/apacheconfig.d8/sites.conf
new file mode 100644
index 0000000..0a2108b
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/sites.conf
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Liste des sites à activer. Syntaxe:
+# site ou +site pour activer un site
+# -site pour le désactiver
diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf..d8 b/lib/ulib/templates/apacheconfig.d8/sites/default.conf
similarity index 100%
rename from lib/ulib/templates/apacheconfig/sites/default.conf..d8
rename to lib/ulib/templates/apacheconfig.d8/sites/default.conf
diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d8 b/lib/ulib/templates/apacheconfig.d8/sites/default.ssl.conf
similarity index 100%
rename from lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d8
rename to lib/ulib/templates/apacheconfig.d8/sites/default.ssl.conf
diff --git a/lib/ulib/templates/apacheconfig.d8/syspkgs.conf b/lib/ulib/templates/apacheconfig.d8/syspkgs.conf
new file mode 100644
index 0000000..5efb6ae
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/syspkgs.conf
@@ -0,0 +1,9 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Liste de paquets système à installer, e.g. php5 ou libapache2-mod-jk
+# Chaque package doit être indiqué sur une ligne à part
+#libapache2-mod-jk
+#libapache2-mod-auth-cas
+#php5-mysql
+#php5-ldap
+#php5-gmp
+#php5-gd
diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf b/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf
new file mode 100644
index 0000000..2ca6ace
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE-certs.conf
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+# Cette variable est utilisée par la fonction refcerts() du script runs. C'est
+# le nom d'un répertoire à chercher dans RUNSMODULESPATH qui contient les
+# certificats à installer sur le serveur.
+certsdir=@@certsdir@@
+
+# Fichier contenant les certificats racines qui valident le certificat à
+# installer, ainsi que les certificats qui sont rencontrés dans le dialogue avec
+# d'autres serveurs web
+ca=@@caname@@
+
+# Certificat et clé privée à installer
+cert=
+key=
diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf b/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf
new file mode 100644
index 0000000..91c14d5
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE.conf
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ ServerName SITE.TLD
+ ServerAlias SITE SITE.local
+ ServerAdmin @@admin@@
+
+ DocumentRoot /var/www/SITE
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/SITE_error.log
+ CustomLog ${APACHE_LOG_DIR}/SITE_access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+
diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d b/lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf
similarity index 69%
rename from lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d
rename to lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf
index 52f4a83..1af0b69 100644
--- a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf..d
+++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE.ssl.conf
@@ -1,54 +1,27 @@
-# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
-
+# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
- ServerName @@host@@
- ServerAlias @@aliases@@
+ ServerName SITE.TLD
+ ServerAlias SITE SITE.local
ServerAdmin @@admin@@
- DocumentRoot /var/www
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
-
+ DocumentRoot /var/www/SITE
- # Pour les serveurs qui ont le module mod_WebObjects:
- # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour
- # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de
- # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier
- # mod-webobjects.conf
- # Sinon, il suffit de commenter les lignes suivantes:
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
+ ErrorLog ${APACHE_LOG_DIR}/SITE_error.log
+ CustomLog ${APACHE_LOG_DIR}/SITE_access.log combined
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
-
-
- Order allow,deny
- Allow from all
-
-
-
- Order allow,deny
- Allow from all
-
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
@@ -56,7 +29,7 @@
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
- # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile @@cert@@
@@ -99,21 +72,6 @@
#SSLVerifyClient require
#SSLVerifyDepth 10
- # Access Control:
- # With SSLRequire you can do per-directory access control based
- # on arbitrary complex boolean expressions containing server
- # variable checks and other lookup directives. The syntax is a
- # mixture between C and Perl. See the mod_ssl documentation
- # for more details.
- #
- #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
- # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
- # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
- # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
- # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
- # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
- #
-
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
@@ -134,19 +92,15 @@
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
- # o StrictRequire:
- # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
- # under a "Satisfy any" situation, i.e. when it applies access is denied
- # and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
# SSL Protocol Adjustments:
@@ -174,8 +128,8 @@
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir b/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir
new file mode 100644
index 0000000..a212c72
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/templates/SITE/.udir
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Utiliser 'udir --help-vars' pour une description de la signification des
+# variables suivantes:
+udir_desc="Fichiers à déployer dans le répertoire des documents web"
+udir_note="Il est possible de déployer les modifications dans ce répertoire avec 'uinst -y'"
+udir_types=(uinst:rsync)
+uinc=release
+uinc_options=()
+uinc_args=()
+configure_variables=(dest)
+configure_dest_for=()
+config_scripts=()
+install_profiles=false
+workdir_rsync_options=()
+workdir_excludes=()
+workdir_includes=()
+copy_files=true
+rsync_options=(--delete-after)
+destdir=root@@@host@@:HTDOCSBASE/SITE
+srcdir=.
+files=()
+owner=www-data:
+modes=(u=rwX,g=rX,o=rX)
+root_scripts=()
diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico b/lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico
new file mode 100644
index 0000000..a1a0be8
Binary files /dev/null and b/lib/ulib/templates/apacheconfig.d8/templates/SITE/favicon.ico differ
diff --git a/lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png b/lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png
new file mode 100644
index 0000000..581bad1
Binary files /dev/null and b/lib/ulib/templates/apacheconfig.d8/templates/SITE/icon.png differ
diff --git a/lib/ulib/templates/apacheconfig.d8/workers.properties b/lib/ulib/templates/apacheconfig.d8/workers.properties
new file mode 100644
index 0000000..6c18ed2
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/workers.properties
@@ -0,0 +1,17 @@
+worker.list=prod,dev
+
+worker.prod.port=8009
+worker.prod.host=@@prod_host@@
+worker.prod.type=ajp13
+worker.prod.lbfactor=1
+worker.prod.connection_pool_timeout=600
+worker.prod.socket_keepalive=1
+worker.prod.socket_timeout=60
+
+worker.dev.port=8009
+worker.dev.host=@@dev_host@@
+worker.dev.type=ajp13
+worker.dev.lbfactor=1
+worker.dev.connection_pool_timeout=600
+worker.dev.socket_keepalive=1
+worker.dev.socket_timeout=60
diff --git a/lib/ulib/templates/apacheconfig.d8/www/.udir b/lib/ulib/templates/apacheconfig.d8/www/.udir
new file mode 100644
index 0000000..e10ec1c
--- /dev/null
+++ b/lib/ulib/templates/apacheconfig.d8/www/.udir
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# Utiliser 'udir --help-vars' pour une description de la signification des
+# variables suivantes:
+udir_desc="Fichiers à déployer sur @@host@@ dans le répertoire des documents web"
+udir_note="Il est possible de déployer les modifications dans ce répertoire avec 'uinst -y'"
+udir_types=(uinst:rsync)
+uinc=release
+uinc_options=()
+uinc_args=()
+configure_variables=(dest)
+configure_dest_for=()
+config_scripts=()
+install_profiles=false
+workdir_rsync_options=()
+workdir_excludes=()
+workdir_includes=()
+copy_files=true
+rsync_options=()
+destdir=root@@@host@@:HTDOCSDIR
+srcdir=.
+files=()
+owner=www-data:
+modes=(u=rwX,g=rX,o=rX)
+root_scripts=()
diff --git a/lib/ulib/templates/apacheconfig.d8/www/favicon.ico b/lib/ulib/templates/apacheconfig.d8/www/favicon.ico
new file mode 100644
index 0000000..a1a0be8
Binary files /dev/null and b/lib/ulib/templates/apacheconfig.d8/www/favicon.ico differ
diff --git a/lib/ulib/templates/apacheconfig.d8/www/icon.png b/lib/ulib/templates/apacheconfig.d8/www/icon.png
new file mode 100644
index 0000000..581bad1
Binary files /dev/null and b/lib/ulib/templates/apacheconfig.d8/www/icon.png differ
diff --git a/lib/ulib/templates/apacheconfig/RewriteRules/update.sh b/lib/ulib/templates/apacheconfig/RewriteRules/update.sh
index 03f8c10..30f374e 100755
--- a/lib/ulib/templates/apacheconfig/RewriteRules/update.sh
+++ b/lib/ulib/templates/apacheconfig/RewriteRules/update.sh
@@ -1,10 +1,6 @@
#!/bin/bash
# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
-
-source /etc/ulib &&
-urequire DEFAULTS ||
-exit 1
-OENC="$UTF8"
+source /etc/ulibauto || exit 1
PRIHOST=
PUBHOST=
diff --git a/lib/ulib/templates/apacheconfig/confs.conf b/lib/ulib/templates/apacheconfig/confs.conf
deleted file mode 100644
index e69de29..0000000
diff --git a/lib/ulib/templates/apacheconfig/modules/ssl.conf b/lib/ulib/templates/apacheconfig/modules/ssl.conf
index e69de29..f96fe64 100644
--- a/lib/ulib/templates/apacheconfig/modules/ssl.conf
+++ b/lib/ulib/templates/apacheconfig/modules/ssl.conf
@@ -0,0 +1,103 @@
+
+ # cf https://wiki.mozilla.org/Security/Server_Side_TLS
+
+ # modern configuration not supported. same as SSL_CONFIG_INTERMEDIATE below
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
+
+
+
+ # intermediate configuration, tweak to your needs
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ SSLHonorCipherOrder on
+ SSLCompression off
+ SSLSessionTickets off
+
+
+
+ # old configuration, tweak to your needs
+ SSLProtocol all -SSLv2
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
+ SSLHonorCipherOrder on
+ SSLCompression off
+ SSLSessionTickets off
+
+
+ # default debian configuration
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate.
+ # See the mod_ssl documentation for a complete list.
+ # enable only secure ciphers:
+ SSLCipherSuite HIGH:MEDIUM:!ADH
+ # Use this instead if you want to allow cipher upgrades via SGC facility.
+ # In this case you also have to use something like
+ # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
+ # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
+ #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
+ SSLProtocol all -SSLv2
+
+
+
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+# (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
+
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
+
diff --git a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d b/lib/ulib/templates/apacheconfig/modules/ssl.conf..d
deleted file mode 100644
index 9994776..0000000
--- a/lib/ulib/templates/apacheconfig/modules/ssl.conf..d
+++ /dev/null
@@ -1,103 +0,0 @@
-
- # cf https://wiki.mozilla.org/Security/Server_Side_TLS
-
- # modern configuration not supported. same as SSL_CONFIG_INTERMEDIATE below
- SSLProtocol all -SSLv2 -SSLv3
- SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
- SSLHonorCipherOrder on
-
-
-
- # intermediate configuration, tweak to your needs
- SSLProtocol all -SSLv2 -SSLv3
- SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
- SSLHonorCipherOrder on
- SSLCompression off
- SSLSessionTickets off
-
-
-
- # old configuration, tweak to your needs
- SSLProtocol all -SSLv2
- SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
- SSLHonorCipherOrder on
- SSLCompression off
- SSLSessionTickets off
-
-
- # default debian configuration
-
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.
- # See the mod_ssl documentation for a complete list.
- # enable only secure ciphers:
- SSLCipherSuite HIGH:MEDIUM:!ADH
- # Use this instead if you want to allow cipher upgrades via SGC facility.
- # In this case you also have to use something like
- # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
- # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc
- #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-
- # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
- SSLProtocol all -SSLv2
-
-
-
-
-#
-# Pseudo Random Number Generator (PRNG):
-# Configure one or more sources to seed the PRNG of the SSL library.
-# The seed data should be of good random quality.
-# WARNING! On some platforms /dev/random blocks if not enough entropy
-# is available. This means you then cannot use the /dev/random device
-# because it would lead to very long connection times (as long as
-# it requires to make more entropy available). But usually those
-# platforms additionally provide a /dev/urandom device which doesn't
-# block. So, if available, use this one instead. Read the mod_ssl User
-# Manual for more details.
-#
-SSLRandomSeed startup builtin
-SSLRandomSeed startup file:/dev/urandom 512
-SSLRandomSeed connect builtin
-SSLRandomSeed connect file:/dev/urandom 512
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-#
-# Some MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-# Pass Phrase Dialog:
-# Configure the pass phrase gathering process.
-# The filtering dialog program (`builtin' is a internal
-# terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog builtin
-
-# Inter-Process Session Cache:
-# Configure the SSL Session Cache: First the mechanism
-# to use and second the expiring timeout (in seconds).
-# (The mechanism dbm has known memory leaks and should not be used).
-#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
-SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
-SSLSessionCacheTimeout 300
-
-# Semaphore:
-# Configure the path to the mutual exclusion semaphore the
-# SSL engine uses internally for inter-process synchronization.
-SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
-
-# Allow insecure renegotiation with clients which do not yet support the
-# secure renegotiation protocol. Default: Off
-#SSLInsecureRenegotiation on
-
-# Whether to forbid non-SNI clients to access name based virtual hosts.
-# Default: Off
-#SSLStrictSNIVHostCheck On
-
diff --git a/lib/ulib/templates/apacheconfig/ports.conf b/lib/ulib/templates/apacheconfig/ports.conf
index e69de29..a6bceab 100644
--- a/lib/ulib/templates/apacheconfig/ports.conf
+++ b/lib/ulib/templates/apacheconfig/ports.conf
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default
+# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
+# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
+# README.Debian.gz
+
+NameVirtualHost *:80
+Listen *:80
+
+
+ # If you add NameVirtualHost *:443 here, you will also have to change
+ # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
+ # to
+ # Server Name Indication for SSL named virtual hosts is currently not
+ # supported by MSIE on Windows XP.
+ #NameVirtualHost IP:443
+ #Listen IP:443
+ #@@ips_namevirtualhosts@@
+ #@@ips_listens@@
+
+
+
+ #NameVirtualHost IP:443
+ #Listen IP:443
+ #@@ips_namevirtualhosts@@
+ #@@ips_listens@@
+
diff --git a/lib/ulib/templates/apacheconfig/ports.conf..d b/lib/ulib/templates/apacheconfig/ports.conf..d
deleted file mode 100644
index a6bceab..0000000
--- a/lib/ulib/templates/apacheconfig/ports.conf..d
+++ /dev/null
@@ -1,29 +0,0 @@
-# -*- coding: utf-8 mode: conf -*- vim:syntax=apache:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default
-# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
-# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
-# README.Debian.gz
-
-NameVirtualHost *:80
-Listen *:80
-
-
- # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
- # to
- # Server Name Indication for SSL named virtual hosts is currently not
- # supported by MSIE on Windows XP.
- #NameVirtualHost IP:443
- #Listen IP:443
- #@@ips_namevirtualhosts@@
- #@@ips_listens@@
-
-
-
- #NameVirtualHost IP:443
- #Listen IP:443
- #@@ips_namevirtualhosts@@
- #@@ips_listens@@
-
diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf b/lib/ulib/templates/apacheconfig/sites/default.conf
index e69de29..0fc5304 100644
--- a/lib/ulib/templates/apacheconfig/sites/default.conf
+++ b/lib/ulib/templates/apacheconfig/sites/default.conf
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+
+ ServerName @@host@@
+ ServerAlias @@aliases@@
+ ServerAdmin @@admin@@
+
+ DocumentRoot /var/www
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Order allow,deny
+ allow from all
+
+
+ # Pour les serveurs qui ont le module mod_WebObjects:
+ # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour
+ # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de
+ # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier
+ # mod-webobjects.conf
+ # Sinon, il suffit de commenter les lignes suivantes:
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # Pour les serveurs qui ont le module mod_WebObjects:
+
+ Order allow,deny
+ Allow from all
+
+
+ Order allow,deny
+ Allow from all
+
+
diff --git a/lib/ulib/templates/apacheconfig/sites/default.conf..d b/lib/ulib/templates/apacheconfig/sites/default.conf..d
deleted file mode 100644
index 0fc5304..0000000
--- a/lib/ulib/templates/apacheconfig/sites/default.conf..d
+++ /dev/null
@@ -1,51 +0,0 @@
-# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
-
-
- ServerName @@host@@
- ServerAlias @@aliases@@
- ServerAdmin @@admin@@
-
- DocumentRoot /var/www
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
-
-
- # Pour les serveurs qui ont le module mod_WebObjects:
- # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour
- # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de
- # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier
- # mod-webobjects.conf
- # Sinon, il suffit de commenter les lignes suivantes:
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- # Pour les serveurs qui ont le module mod_WebObjects:
-
- Order allow,deny
- Allow from all
-
-
- Order allow,deny
- Allow from all
-
-
diff --git a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf b/lib/ulib/templates/apacheconfig/sites/default.ssl.conf
index e69de29..52f4a83 100644
--- a/lib/ulib/templates/apacheconfig/sites/default.ssl.conf
+++ b/lib/ulib/templates/apacheconfig/sites/default.ssl.conf
@@ -0,0 +1,190 @@
+# -*- coding: utf-8 mode: conf -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
+
+
+
+ ServerName @@host@@
+ ServerAlias @@aliases@@
+ ServerAdmin @@admin@@
+
+ DocumentRoot /var/www
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Order allow,deny
+ allow from all
+
+
+ # Pour les serveurs qui ont le module mod_WebObjects:
+ # mod_WebObjects et ScriptAlias ne peuvent pas gérer le même préfixe. Pour
+ # utiliser des cgi-bin avec WebObjects, il faut soit changer le préfixe de
+ # ScriptAlias, soit changer le préfixe de WebObjectsAlias dans le fichier
+ # mod-webobjects.conf
+ # Sinon, il suffit de commenter les lignes suivantes:
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+
+
+ ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
+
+
+ Order allow,deny
+ Allow from all
+
+
+
+ Order allow,deny
+ Allow from all
+
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile @@cert@@
+ SSLCertificateKeyFile @@key@@
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ SSLCertificateChainFile @@ca@@
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # Access Control:
+ # With SSLRequire you can do per-directory access control based
+ # on arbitrary complex boolean expressions containing server
+ # variable checks and other lookup directives. The syntax is a
+ # mixture between C and Perl. See the mod_ssl documentation
+ # for more details.
+ #
+ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
+ # and no other module can change it.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ # cf https://wiki.mozilla.org/Security/Server_Side_TLS
+
+
+ # HSTS (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+
+
+
diff --git a/lib/ulib/templates/apacheconfig/www/favicon.ico b/lib/ulib/templates/apacheconfig/www/favicon.ico
new file mode 100644
index 0000000..a1a0be8
Binary files /dev/null and b/lib/ulib/templates/apacheconfig/www/favicon.ico differ
diff --git a/lib/ulib/templates/apacheconfig/www/icon.png b/lib/ulib/templates/apacheconfig/www/icon.png
new file mode 100644
index 0000000..581bad1
Binary files /dev/null and b/lib/ulib/templates/apacheconfig/www/icon.png differ
diff --git a/mkRewriteRules b/mkRewriteRules
index b356bb4..9fcceae 100755
--- a/mkRewriteRules
+++ b/mkRewriteRules
@@ -1,7 +1,7 @@
#!/bin/bash
# -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
source "$(dirname "$0")/lib/ulib/ulib" || exit 1
-urequire DEFAULTS
+urequire DEFAULTS apache.tools
function display_help() {
uecho "$scriptname: Créer un fichier de redirections pour Apache à partir d'un certain
@@ -82,23 +82,9 @@ Dans les exemples donnés ci-dessus, $URL est l'\''url générée par la réécr
et $proxy_acls la valeur du champ proxy_acls spécifiée ci-dessus.'
}
-function joinurl() {
- # joindre chaque élément de $1..@ par /, en évitant les slashes en double
- local i url
- for i in "$@"; do
- [ -n "$i" ] || continue
- if [ -n "$url" ]; then
- url="${url%/}/${i#/}"
- else
- url="$i"
- fi
- done
- [ -n "$url" ] && echo "$url"
-}
-
proxy_enabled=
infile=
-outfile="RewriteRules.conf"
+outfile=
htmlfile=
host=
parse_opts "${PRETTYOPTS[@]}" \
@@ -109,187 +95,20 @@ parse_opts "${PRETTYOPTS[@]}" \
-w: htmlfile= \
@ args -- "$@" && set -- "${args[@]}" || die "$args"
-[ -n "$infile" ] || die "Il faut spécifier le fichier de règles"
-[ -f "$infile" ] || die "Fichier de règles non trouvé: $(ppath "$infile")"
-
thishost="$1"
-[ -n "$thishost" ] || die "Il faut spécifier l'hôte pour lequel créer le fichier de configuration"
-
-function has_proxy() {
- # vérifier que les options $1 contiennent 'P'
- local options
- array_split options "$1" ","
- array_contains options P
-}
-
-if [ -n "$htmlfile" ]; then
- echo '
-
-
-
-
-'"$thishost
-
-
-$thishost
-" >"$htmlfile"
+if [ -n "$infile" ]; then infiles=("$infile")
+else array_lsfiles infiles . "*rewrite*.rules"
fi
->"$outfile"
-array_from_lines rules "$(<"$infile" filter_comment)"
-prefix=
-for rule in "${rules[@]}"; do
- if beginswith "$rule" ^; then
- # Collecter les préfixe pour la règle suivante
- prefix="${prefix:+$prefix
-}${rule#^}"
- continue
- elif beginswith "$rule" =; then
- # ligne litérale
- echo "${rule#=}" >>"$outfile"
- continue
- fi
-
- IFS=:; set -- $rule; unset IFS
- index=1
- done=
- while [ -z "$done" ]; do
- current="$1"; shift
- while endswith "$current" "\\"; do
- current="${current%\\}:$1"; shift
- done
- case $index in
- 1) src="$current";;
- 2) dest="$current";;
- 3) host="$current";;
- 4) suffix="$current";;
- 5) options="$current";;
- 6) prot="${current:-http}";;
- 7) proxy_acls="$current";;
- *) done=1;;
- esac
- index=$(($index + 1))
- done
-
- # mettre en forme prefix s'il est défini
- [ -n "$prefix" ] && prefix="$prefix
-"
-
- if [ "$thishost" == "$host" ]; then
- host=
- fi
-
- usrc="$src"
-
- trail=1
- if endswith "$src" '$'; then
- trail=
- usrc="${src%$}"
- fi
-
- noslash=
- if endswith "$suffix" '$'; then
- noslash=1
- suffix="${suffix%$}"
- fi
- if endswith "$dest" '$'; then
- noslash=1
- dest="${dest%$}"
- fi
-
- proxy_url=
- proxy_use=
-
- if endswith "$dest" .woa; then
- # lien vers une application
- if [ -n "$host" ]; then
- # sur un autre hôte
- if [ -n "$noslash" ]; then
- echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc"
- setx proxy_url joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix"
- else
- echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile"
- echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc/"
- setx proxy_url joinurl "$prot://$host/cgi-bin/WebObjects" "$dest" "$suffix/"
- fi
- else
- # sur le même hôte
- if [ -n "$noslash" ]; then
- echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl /cgi-bin/WebObjects "$dest" "$suffix")${trail:+\$1} [L,P${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc"
- setx proxy_url joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix"
- proxy_use=1
- else
- echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile"
- echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl /cgi-bin/WebObjects "$dest" "$suffix" "\$1") [L,P${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc/"
- setx proxy_url joinurl "$prot://$thishost/cgi-bin/WebObjects" "$dest" "$suffix/"
- proxy_use=1
- fi
- fi
+[ ${#infiles[*]} -gt 0 ] || die "Il faut spécifier le fichier de règles avec -f"
+for infile in "${infiles[@]}"; do
+ if [ -f "$infile" ]; then
+ estep "$(ppath "$infile")"
+ legacy_mkRewriteRules "$infile" "$thishost" "$outfile" "$htmlfile" "$proxy_enabled"
else
- # lien vers une url
- if [ -n "$host" ]; then
- # sur un autre hôte
- if [ -n "$noslash" ]; then
- echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl "$prot://$host" "$dest" "$suffix")${trail:+\$1} [L${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc"
- setx proxy_url joinurl "$prot://$host" "$dest" "$suffix"
- else
- echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile"
- echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl "$prot://$host" "$dest" "$suffix" "\$1") [L${options:+,$options}]" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc/"
- setx proxy_url joinurl "$prot://$host" "$dest" "$suffix/"
- fi
- else
- # sur le même hôte
- if [ -n "$noslash" ]; then
- echo "${prefix}RewriteRule ^/$src${trail:+(.*)} $(joinurl / "$dest" "$suffix")${trail:+\$1}${options:+ [$options]}" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc"
- setx proxy_url joinurl "http://$thishost" "$dest" "$suffix"
- else
- echo "${prefix}RewriteRule ^/$src\$ /$src/" >>"$outfile"
- echo "${prefix}RewriteRule ^/$src/(.*) $(joinurl / "$dest" "$suffix" "\$1")${options:+ [$options]}" >>"$outfile"
- setx url joinurl "http://$thishost" "$usrc/"
- setx proxy_url joinurl "http://$thishost" "$dest" "$suffix/"
- fi
- fi
+ eerror "$(ppath "$infile"): fichier introuvable"
fi
- has_proxy "$options" && proxy_use=1
- if [ -n "$proxy_enabled" -a -n "$proxy_use" ]; then
- if [ "$proxy_acls" == "None" ]; then
- :
- elif [ -z "$proxy_acls" ]; then
- echo "\
-
- AddDefaultCharset off
- Order Deny,Allow
- Allow from all
-" >>"$outfile"
- else
- echo "\
-
- AddDefaultCharset off
- Order Allow,Deny
- Allow from $proxy_acls
-" >>"$outfile"
- fi
- fi
-
- echo "" >>"$outfile"
- if [ -n "$htmlfile" ]; then
- echo "- $url
" >>"$htmlfile"
- fi
-
- # Réinitialiser les préfixes pour chaque règle
- prefix=
+ # réinitialiser pour ne pas écraser un fichier existant
+ outfile=
+ htmlfile=
done
-
-if [ -n "$htmlfile" ]; then
- echo '
-
-' >>"$htmlfile"
-fi