install/apache2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD script variables _DEFAULT_SSL_CERT _DEFAULT_SSL_KEY _SSL_SNAKEOIL_CERT _SSL_SNAKEOIL_KEY.

Browse Source
This commit is contained in:
Christoph 2017-07-01 16:37:54 +00:00
parent c355af913c
commit 1d713d024d
1 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
install_httpd-2.4.sh
View File

@ -18,6 +18,9 @@ _MOD_PERL_VERSION=2.0.10
_SEPARATE_LISTEN_DIRECTIVES=false
_SSL_SNAKEOIL_CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem"
_SSL_SNAKEOIL_KEY="/etc/ssl/private/ssl-cert-snakeoil.key"
if $_WITH_MOD_FCGID -o $_WITH_MOD_PROXY_FCGI ; then
_WITH_MOD_PHP=false
else
@ -941,6 +944,19 @@ else
fatal "Installing dependency packages for \"apache2\" failed!"
fi
#echononl "\tInstall packages 'ssl-cert', 'ssl-cert-check'.."
#echo "## - Install packages 'ssl-cert', 'ssl-cert-check'" >> ${_logdir}/main.log
#echo "## -" >> ${_logdir}/main.log
#echo "DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check" >> ${_logdir}/main.log
#DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check >> ${_logdir}/main.log 2>&1
#if [ "$?" = 0 ]; then
# echo_ok
#else
# echo_failed
# fatal "Installing 'ssl-cert', 'ssl-cert-check' failed!"
#fi
## - get sources..
## -
echo "" >> ${_logdir}/main.log
@ -1891,16 +1907,18 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
#notice=""
## - copy certification files if present..
_failed=false
_DEFAULT_SSL_CERT="${PREFIX}/conf/server-bundle.crt"
_DEFAULT_SSL_KEY="${PREFIX}/conf/server.key"
echo "" >> ${_logdir}/main.log
echo "## - Set Symlinks for default Server Key/Cert" >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echononl "\tSet Symlinks for default Server Key/Cert.."
if [ -f "/var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem" -a -f "/var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem" ]; then
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem ${PREFIX}/conf/server-bundle.crt
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem $_DEFAULT_SSL_CERT
if [[ $? -gt 0 ]];then
_failed=true
fi
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem ${PREFIX}/conf/server.key
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem $_DEFAULT_SSL_KEY
if [[ $? -gt 0 ]];then
_failed=true
fi
@ -1909,12 +1927,12 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
else
echo_ok
fi
elif [ -f /etc/ssl/certs/ssl-cert-snakeoil.pem -a -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem ${PREFIX}/conf/server-bundle.crt
elif [ -f $_SSL_SNAKEOIL_CERT -a -f $_SSL_SNAKEOIL_KEY ]; then
ln -s $_SSL_SNAKEOIL_CERT $_DEFAULT_SSL_CERT
if [[ $? -gt 0 ]];then
_failed=true
fi
ln -s /etc/ssl/private/ssl-cert-snakeoil.key ${PREFIX}/conf/server.key
ln -s $_SSL_SNAKEOIL_KEY $_DEFAULT_SSL_KEY
if [[ $? -gt 0 ]];then
_failed=true
fi
@ -1924,11 +1942,11 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
echo_ok
fi
elif [ -f $_srcdir/server-bundle.crt -a -f $_srcdir/server.key ];then
cp $_srcdir/server-bundle.crt $PREFIX/conf/
cp $_srcdir/server-bundle.crt $_DEFAULT_SSL_CERT
if [[ $? -gt 0 ]];then
_failed=true
fi
cp $_srcdir/server.key $PREFIX/conf/
cp $_srcdir/server.key $_DEFAULT_SSL_KEY
if [[ $? -gt 0 ]];then
_failed=true
fi
@ -1938,8 +1956,10 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
echo_ok
fi
else
echo_skipped
warn "SSL Connections are enabled but no (default) certificates\n\t are present. So the webserver will not start."
fi
if [[ -n "$IP_ADDRESSES" ]] && $SEPARATE_LISTEN_DIRECTIVES ; then
@ -1999,6 +2019,7 @@ EOF
echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLCipherSuite.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
@ -2016,6 +2037,7 @@ EOF
echo "## - $_file: Set SSLCertificateFile.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\\\"${PREFIX}/conf/server-bundle.crt\\\"&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLCertificateFile.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\"${PREFIX}/conf/server-bundle.crt\"&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
@ -2033,6 +2055,7 @@ EOF
echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLProxyCipherSuite.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
@ -2050,6 +2073,7 @@ EOF
echo "## - $_file: Set SSLProtocol.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLProtocol.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
@ -2067,6 +2091,7 @@ EOF
echo "## - $_file: Set SSLProxyProtocol.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLProxyProtocol.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
@ -2083,6 +2108,7 @@ EOF
echo "## - $_file: Set SSLHonorCipherOrder.." >> ${_logdir}/main.log
echo "## -" >> ${_logdir}/main.log
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
echononl "\t$_file: Set SSLHonorCipherOrder.."
sed -i$_backup_suffix -r \
-e "s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g" \
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1