|
version 1.10, 2002/05/13 09:07:05
|
version 1.58, 2023/05/02 01:45:48
|
|
Line 1
|
Line 1
|
| <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN" |
<!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN" |
| "http://lpml.sourceforge.net/DTD/piml.dtd"> |
"http://lpml.sourceforge.net/DTD/piml.dtd"> |
| <!-- webserver.piml --> |
<!-- webserver.piml --> |
| <!-- Scott Harrison --> |
|
| |
|
| <!-- $Id$ --> |
<!-- $Id$ --> |
| |
|
|
Line 46 http://www.lon-capa.org/
|
Line 45 http://www.lon-capa.org/
|
| <files> |
<files> |
| <file> |
<file> |
| <target dist='default'>/etc/httpd/conf/httpd.conf</target> |
<target dist='default'>/etc/httpd/conf/httpd.conf</target> |
| <note>This is always expected for any version of Apache</note> |
<target dist='suse9.2 suse9.3 sles9'>/etc/httpd/httpd.conf</target> |
| |
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>/etc/apache2/default-server.conf</target> |
| |
<target dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>/etc/apache2/sites-available/loncapa</target> |
| |
<target dist='ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22'>/etc/apache2/conf-available/loncapa.conf</target> |
| |
<note>This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, Oracle Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions</note> |
| <dependencies dist='default'> |
<dependencies dist='default'> |
| /etc/httpd/conf/httpd.conf |
/etc/httpd/conf/httpd.conf |
| </dependencies> |
</dependencies> |
| <perlscript mode='fg'> |
<dependencies dist='suse9.2 suse9.3 sles9'> |
| |
/etc/httpd/httpd.conf |
| |
</dependencies> |
| |
<dependencies dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'> |
| |
/etc/apache2/sites-available/loncapa |
| |
</dependencies> |
| |
<dependencies dist='ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22'> |
| |
/etc/apache2/conf-available/loncapa.conf |
| |
</dependencies> |
| |
<dependencies dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'> |
| |
/etc/apache2/default-server.conf |
| |
</dependencies> |
| |
<perlscript mode='fg' dist="default"> |
| |
# Generated from doc/loncapafiles/webserver.piml |
| |
use Socket; |
| |
use Sys::Hostname::FQDN(); |
| |
use File::Spec; |
| |
use Cwd(); |
| |
|
| |
# For ubuntu 14 and later check for loncapa.conf in sites-available, |
| |
# and conf-available, and for symlinks in sites-enabled, and conf-enabled |
| |
if ('<DIST />' =~ /^ubuntu(\d+)$/) { |
| |
my $version = $1; |
| |
if ($version > 12) { |
| |
if (-l '/etc/apache2/conf-enabled/loncapa.conf') { |
| |
my $linkfname = readlink('/etc/apache2/conf-enabled/loncapa.conf'); |
| |
if ($linkfname ne '') { |
| |
$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/conf-enabled')); |
| |
} |
| |
unless ($linkfname eq '/etc/apache2/conf-available/loncapa.conf') { |
| |
unlink('/etc/apache2/conf-enabled/loncapa.conf'); |
| |
} |
| |
} |
| |
if (-e '/etc/apache2/conf-available/loncapa') { |
| |
system('mv /etc/apache2/conf-available/loncapa /etc/apache2/conf-available/loncapa.conf'); |
| |
} |
| |
unless (-l '/etc/apache2/conf-enabled/loncapa.conf') { |
| |
if (-e '/etc/apache2/conf-available/loncapa.conf') { |
| |
my $currdir = Cwd::getcwd(); |
| |
if ($currdir ne '') { |
| |
chdir('/etc/apache2/conf-enabled'); |
| |
symlink('../conf-available/loncapa.conf','loncapa.conf'); |
| |
chdir($currdir); |
| |
} |
| |
} |
| |
} |
| |
if (-l '/etc/apache2/sites-enabled/000-default.conf') { |
| |
my $linkfname = readlink('/etc/apache2/sites-enabled/000-default.conf'); |
| |
if ($linkfname ne '') { |
| |
$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/sites-enabled')); |
| |
} |
| |
if (($linkfname eq '/etc/apache2/sites-available/loncapa') || |
| |
($linkfname eq '/etc/apache2/sites-available/000-default.conf')) { |
| |
unlink('/etc/apache2/sites-enabled/000-default.conf'); |
| |
} |
| |
} |
| |
if (-e '/etc/apache2/sites-available/loncapa') { |
| |
system('mv /etc/apache2/sites-available/loncapa /etc/apache2/sites-available/loncapa.conf'); |
| |
} |
| |
if (-l '/etc/apache2/sites-enabled/loncapa.conf') { |
| |
my $linkfname = readlink('/etc/apache2/sites-enabled/loncapa.conf'); |
| |
if ($linkfname ne '') { |
| |
$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/sites-enabled')); |
| |
} |
| |
unless ($linkfname eq '/etc/apache2/sites-available/loncapa.conf') { |
| |
unlink('/etc/apache2/sites-enabled/loncapa.conf'); |
| |
} |
| |
} |
| |
unless (-l '/etc/apache2/sites-enabled/loncapa.conf') { |
| |
if (-e '/etc/apache2/sites-available/loncapa.conf') { |
| |
my $currdir = Cwd::getcwd(); |
| |
if ($currdir ne '') { |
| |
chdir('/etc/apache2/sites-enabled'); |
| |
symlink('../sites-available/loncapa.conf','loncapa.conf'); |
| |
chdir($currdir); |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
|
| unless (-e "<TARGET />") { |
unless (-e "<TARGET />") { |
| print 'ERROR! httpd.conf should exist! Are you missing the Apache '. |
print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '. |
| 'software package'; |
'software package?'; |
| |
exit(1); |
| } |
} |
| else { |
else { |
| |
# Append loncapa_apache.conf inclusion to httpd.conf |
| |
# (or sites-available/loncapa or conf-available/loncapa.conf) if not present. |
| $flag=0; |
$flag=0; |
| open IN, "<<TARGET />"; |
open(IN,'<<TARGET />'); |
| while (<IN>) { if (/^\s*Include\s+conf\/srm.conf/) { $flag=1; } } |
|
| close IN; |
|
| unless ($flag==1) { |
|
| open OUT,">><TARGET />"; |
|
| print OUT 'Include conf/srm.conf'."\n"; |
|
| close OUT; |
|
| } |
|
| $flag=0; |
|
| open IN, "<<TARGET />"; |
|
| while (<IN>) { if (/^\s*Include\s+conf\/access.conf/) { $flag=1; } } |
|
| close IN; |
|
| unless ($flag==1) { |
|
| open OUT,">><TARGET />"; |
|
| print OUT 'Include conf/access.conf'."\n"; |
|
| close OUT; |
|
| } |
|
| my $eflag=0; |
|
| $flag=0; |
|
| open IN, "<<TARGET />"; |
|
| while (<IN>) { |
while (<IN>) { |
| if (/^\s*Include\s+conf\/loncapa_apache.conf/) { |
if (/^\s*Include\s+conf\/loncapa_apache.conf/) { |
| $flag=1; |
$flag=1; |
| } |
} |
| } |
} |
| close IN; |
close(IN); |
| unless ($flag==1) { |
unless ($flag==1) { |
| open OUT,">><TARGET />"; |
open(OUT,'>><TARGET />'); |
| print OUT 'Include conf/loncapa_apache.conf'."\n"; |
print(OUT 'Include conf/loncapa_apache.conf'."\n"); |
| close OUT; |
close(OUT); |
| } |
} |
| |
# Remove loncapa.conf inclusion from httpd.conf |
| |
# (or sites-available/loncapa or conf-available/loncapa.conf) if present. |
| $flag=0; |
$flag=0; |
| open IN, "<<TARGET />"; |
open(IN,'<<TARGET />'); |
| while (<IN>) { |
while (<IN>) { |
| if (/^\s*Include\s+conf\/loncapa.conf/) { |
if (/^\s*Include\s+conf\/loncapa.conf/) { |
| $flag=1; |
$flag=1; |
| } |
} |
| } |
} |
| close IN; |
close(IN); |
| unless ($flag==1) { |
$in=''; |
| open OUT,">><TARGET />"; |
if ($flag==1) { |
| print OUT 'Include conf/loncapa.conf'."\n"; |
open(IN,'<<TARGET />'); |
| close OUT; |
while(<IN>) { |
| |
$in.=$_ unless /^\s*Include\s+conf\/loncapa.conf/; |
| |
} |
| |
close(IN); |
| |
open(OUT,'><TARGET />'); |
| |
print(OUT $in."\n"); |
| |
close(OUT); |
| } |
} |
| } |
|
| </perlscript> |
# Checking for overlapping ScriptAlias and DocumentRoot definitions. |
| </file> |
$scriptalias_flag=0; |
| <file> |
$documentroot_flag=0; |
| <target dist='default'>/etc/httpd/conf/access.conf</target> |
my $scriptalias; |
| <note>This may or may not exist on a system depending on the version of |
my $documentroot; |
| Apache</note> |
open(IN,'<<TARGET />'); |
| <dependencies dist='default'> |
while (<IN>) { |
| /etc/httpd/conf/access.conf |
if (m!^\s*ScriptAlias\s+/cgi-bin/\s+(.*)$!) { |
| </dependencies> |
$scriptalias = $1; |
| <perlscript mode='fg'> |
if ($scriptalias !~ m!home/httpd/cgi-bin!) { |
| unless (-e "<TARGET />") { |
$scriptalias_flag = 1; |
| print <<END; |
} |
| WARNING! access.conf is not currently present on your system. |
} |
| This is either due to |
if (m!^\s*DocumentRoot\s+(.*)$!) { |
| * you are missing the Apache software package, |
$documentroot = $1; |
| * you have a newer version of Apache that does not |
if ($documentroot !~ m!home/httpd/html!) { |
| ordinarily install an access.conf |
$documentroot_flag = 1; |
| * configuration files are installed in a directory location |
} |
| different than for <TARGET /> |
} |
| For backwards compatibility, |
} |
| <TARGET /> is being generated. |
close(IN); |
| END |
if ($scriptalias_flag==1) { |
| } |
my $conffile = '/etc/httpd/conf/httpd.conf'; |
| my $flag=0; |
if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3' |
| open IN, "<<TARGET />"; |
|| '<DIST />' eq 'sles9') { |
| while (<IN>) { if (/^\s*Include\s+conf\/loncapa_apache.conf/) |
$conffile = '/etc/httpd/httpd.conf'; |
| { $flag=1; } } |
} elsif ('<DIST />' =~ /^(suse|sles)/) { |
| close IN; |
$conffile = '/etc/apache2/default-server.conf'; |
| unless ($flag==1) { |
} elsif ('<DIST />' =~ /^(debian|ubuntu)/) { |
| open OUT,">><TARGET />"; |
$conffile = '/etc/apache2/sites-available/loncapa'; |
| print OUT 'Include conf/loncapa_apache.conf'."\n"; |
if ('<DIST />' =~ /^ubuntu(\d+)$/) { |
| close OUT; |
my $version = $1; |
| } |
if ($version > 12) { |
| $flag=0; |
$conffile = '/etc/apache2/conf-available/loncapa.conf'; |
| open IN, "<<TARGET />"; |
} |
| while (<IN>) { if (/^\s*Include\s+conf\/loncapa.conf/) { $flag=1; } } |
} |
| close IN; |
} |
| unless ($flag==1) { |
print('**** ERROR **** '.$conffile.' has an overlapping definition of '. |
| open OUT,">><TARGET />"; |
'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n". |
| print OUT 'Include conf/loncapa.conf'."\n"; |
'This conflicts with loncapa_apache.conf.'."\n"); |
| close OUT; |
} |
| } |
if ($documentroot_flag==1) { |
| </perlscript> |
print('**** ERROR **** '.$conffile.' has an overlapping definition of '. |
| </file> |
'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n". |
| <file> |
'This conflicts with loncapa_apache.conf.'."\n"); |
| <target dist='default'>/etc/httpd/conf/srm.conf</target> |
} |
| <note>This may or may not exist on a system depending on the version of |
|
| Apache</note> |
# Checking for rewrites of http:// to https:// |
| <dependencies dist='default'> |
my $rewrite_dir = '/etc/httpd/conf/rewrites'; |
| /etc/httpd/conf/srm.conf |
my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf'; |
| </dependencies> |
if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3' |
| <perlscript mode='fg'> |
|| '<DIST />' eq 'sles9') { |
| unless (-e "<TARGET />") { |
$rewrite_dir = '/etc/httpd/rewrites/'; |
| print <<END; |
$curr_rewrite = '/etc/httpd/loncapa_rewrite.conf'; |
| WARNING! srm.conf is not currently present on your system. |
} elsif ('<DIST />' =~ /^(suse|sles|debian|ubuntu)/) { |
| This is either due to |
$rewrite_dir = '/etc/apache2/rewrites'; |
| * you are missing the Apache software package, |
$curr_rewrite = '/etc/apache2/loncapa_rewrite.conf'; |
| * you have a newer version of Apache that does not |
} |
| ordinarily install an srm.conf |
my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf'; |
| * configuration files are installed in a directory location |
my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf'; |
| different than for <TARGET /> |
if (!-e $curr_rewrite) { |
| For backwards compatibility, |
system("cp $rewrite_off $curr_rewrite"); |
| <TARGET /> is being generated. |
chmod(0644, $curr_rewrite); |
| END |
} else { |
| } |
my ($not_rewrite_on,$not_rewrite_off,$rewrite_state); |
| my $flag=0; |
if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) { |
| open IN, "<<TARGET />"; |
my $diffres = <PIPE> ; |
| while (<IN>) { if (/^\s*Include\s+conf\/loncapa_apache.conf/) |
close(PIPE); |
| { $flag=1; } } |
chomp($diffres); |
| close IN; |
if ($diffres) { |
| unless ($flag==1) { |
$not_rewrite_off = 1; |
| open OUT,">><TARGET />"; |
} else { |
| print OUT 'Include conf/loncapa_apache.conf'."\n"; |
$rewrite_state = 'off'; |
| close OUT; |
} |
| } |
} |
| $flag=0; |
if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) { |
| open IN, "<<TARGET />"; |
my $diffres = <PIPE> ; |
| while (<IN>) { if (/^\s*Include\s+conf\/loncapa.conf/) { $flag=1; } } |
close(PIPE); |
| close IN; |
chomp($diffres); |
| unless ($flag==1) { |
if ($diffres) { |
| open OUT,">><TARGET />"; |
$not_rewrite_on = 1; |
| print OUT 'Include conf/loncapa.conf'."\n"; |
} else { |
| close OUT; |
$rewrite_state = 'on'; |
| |
} |
| |
} |
| |
if ($not_rewrite_off && $not_rewrite_on) { |
| |
print('**** WARNING **** '."\n".$curr_rewrite.' does not match '. |
| |
'either:'."\n".$rewrite_on.' - the file used to enable rewriting '. |
| |
'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off. |
| |
' - the file used to disable such rewriting'."\n\n". |
| |
'This may be because '. $curr_rewrite.' has been '. |
| |
'previously customized,'."\n".'or it may be because of a change '. |
| |
'to the files in '.$rewrite_dir."\n"); |
| |
if (open(my $fh,'<',$curr_rewrite)) { |
| |
while(<$fh>) { |
| |
if (/^\s*RewriteEngine\s+(on|off)\s*$/i) { |
| |
if ($1 eq 'on') { |
| |
$rewrite_state = 'on'; |
| |
} else { |
| |
$rewrite_state = 'off'; |
| |
} |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if ($rewrite_state eq 'on') { |
| |
# Checking for rewrites of https:// to http:// |
| |
my ($gotrules,$rulestr,$ssldir); |
| |
if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3' |
| |
|| '<DIST />' eq 'sles9') { |
| |
$ssldir = '/etc/apache/vhosts.d'; |
| |
} elsif ('<DIST />' =~ /^(suse|sles)/) { |
| |
$ssldir = '/etc/apache2/vhosts.d'; |
| |
} elsif ('<DIST />' =~ /^(debian|ubuntu)/) { |
| |
$ssldir = '/etc/apache2/sites-available'; |
| |
} else { |
| |
$ssldir = '/etc/httpd/conf.d'; |
| |
} |
| |
my $hostname = Sys::Hostname::FQDN::fqdn(); |
| |
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost'); |
| |
my @expected = ('RewriteEngine on', |
| |
'RewriteCond %{HTTPS} =on', |
| |
'RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)', |
| |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
| |
'RewriteRule ^/adm/wrapper/ext/(?!https:) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', |
| |
'RewriteCond %{REMOTE_ADDR} 127.0.0.1', |
| |
'RewriteRule (.*) - [L]'); |
| |
if (($hostip ne '') && ($hostip ne '127.0.0.1')) { |
| |
push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip, |
| |
'RewriteRule (.*) - [L]')); |
| |
} |
| |
push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$', |
| |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
| |
'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]')); |
| |
if (-d $ssldir) { |
| |
my @rewrites; |
| |
if (opendir(my $dir,$ssldir)) { |
| |
my @sslconf_files; |
| |
foreach my $file (grep(!/^\./,readdir($dir))) { |
| |
next if ($file =~ /\.rpmnew$/); |
| |
if (open(my $fh,'<',"$ssldir/$file")) { |
| |
while (<$fh>) { |
| |
if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) { |
| |
push(@sslconf_files,$file); |
| |
last; |
| |
} |
| |
} |
| |
close($fh); |
| |
} |
| |
} |
| |
if (@sslconf_files) { |
| |
foreach my $file (@sslconf_files) { |
| |
if (open(my $fh,'<',"$ssldir/$file")) { |
| |
my ($rewrite,$num) = (0,0); |
| |
while (<$fh>) { |
| |
if ($rewrite) { |
| |
if (/^\s*<\/IfModule>/) { |
| |
$rewrite = 0; |
| |
$num ++; |
| |
} else { |
| |
chomp(); |
| |
s/^\s+|\s+$//g; |
| |
push(@{$rewrites[$num]},$_); |
| |
} |
| |
} elsif (/^\s*<IfModule\s+mod_rewrite.c>/) { |
| |
$rewrite = 1; |
| |
} |
| |
} |
| |
close($fh); |
| |
} |
| |
} |
| |
} |
| |
closedir($dir); |
| |
} |
| |
if (@rewrites) { |
| |
foreach my $item (@rewrites) { |
| |
if (ref($item) eq 'ARRAY') { |
| |
my $found = 0; |
| |
foreach my $line (@{$item}) { |
| |
foreach my $match (@expected) { |
| |
if ($match eq $line) { |
| |
$found ++; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
if ($found >= scalar(@expected)) { |
| |
$gotrules = 1; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
unless ($gotrules) { |
| |
print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '. |
| |
'of http to https are enabled for most URLs.'."\n". |
| |
'Unless your Apache configuration includes Strict-Transport-Security '. |
| |
'(with max-age > 0), it is recommended to also set rewrites from https to http '. |
| |
'for specific URLs in a file in '.$ssldir.' by including the following:'."\n". |
| |
"<IfModule mod_rewrite.c>\n".' '. |
| |
join("\n ",@expected)."\n". |
| |
"</IfModule>\n"); |
| |
} |
| |
} |
| |
} |
| } |
} |
| </perlscript> |
</perlscript> |
| </file> |
</file> |
![[BACK]](/icons/back.gif){kind=icon}
Return to webserver.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles