Annotation of doc/loncapafiles/webserver.piml, revision 1.43.2.13
1.8 harris41 1: <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
2: "http://lpml.sourceforge.net/DTD/piml.dtd">
1.1 harris41 3: <!-- webserver.piml -->
4:
1.43.2.13! raeburn 5: <!-- $Id: webserver.piml,v 1.43.2.12 2024/06/29 16:06:57 raeburn Exp $ -->
1.1 harris41 6:
7: <!--
8:
9: Copyright Michigan State University Board of Trustees
10:
11: This file is part of the LearningOnline Network with CAPA (LON-CAPA).
12:
13: LON-CAPA is free software; you can redistribute it and/or modify
14: it under the terms of the GNU General Public License as published by
15: the Free Software Foundation; either version 2 of the License, or
16: (at your option) any later version.
17:
18: LON-CAPA is distributed in the hope that it will be useful,
19: but WITHOUT ANY WARRANTY; without even the implied warranty of
20: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21: GNU General Public License for more details.
22:
23: You should have received a copy of the GNU General Public License
24: along with LON-CAPA; if not, write to the Free Software
25: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26:
27: /home/httpd/html/adm/gpl.txt
28:
29: http://www.lon-capa.org/
30:
31: -->
32:
33: <!-- Default values must be defined before specific values. -->
34: <!-- If no 'dist' attribute is specified, then it is always installed. -->
35: <!-- If 'dist' attribute is set to 'default', then the specification. -->
36: <!-- is accepted if an alternative distribution is not requested or not -->
37: <!-- defined. -->
38:
39: <piml>
1.6 harris41 40: <targetroot>/</targetroot>
1.2 harris41 41: <specialnotices>
42: <specialnotice>
43: </specialnotice>
44: </specialnotices>
1.1 harris41 45: <files>
46: <file>
47: <target dist='default'>/etc/httpd/conf/httpd.conf</target>
1.20 raeburn 48: <target dist='suse9.2 suse9.3 sles9'>/etc/httpd/httpd.conf</target>
1.43.2.1 raeburn 49: <target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>/etc/apache2/default-server.conf</target>
1.39 raeburn 50: <target dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>/etc/apache2/sites-available/loncapa</target>
1.43.2.12 raeburn 51: <target dist='debian10 debian11 debian12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>/etc/apache2/conf-available/loncapa.conf</target>
1.43.2.2 raeburn 52: <note>This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, Oracle Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions</note>
1.1 harris41 53: <dependencies dist='default'>
54: /etc/httpd/conf/httpd.conf
55: </dependencies>
1.20 raeburn 56: <dependencies dist='suse9.2 suse9.3 sles9'>
57: /etc/httpd/httpd.conf
58: </dependencies>
1.39 raeburn 59: <dependencies dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>
1.25 raeburn 60: /etc/apache2/sites-available/loncapa
61: </dependencies>
1.43.2.12 raeburn 62: <dependencies dist='debian10 debian11 debian12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>
1.43.2.9 raeburn 63: /etc/apache2/conf-available/loncapa.conf
1.39 raeburn 64: </dependencies>
1.43.2.1 raeburn 65: <dependencies dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>
1.20 raeburn 66: /etc/apache2/default-server.conf
67: </dependencies>
1.19 raeburn 68: <perlscript mode='fg' dist="default">
1.11 harris41 69: # Generated from doc/loncapafiles/webserver.piml
1.43.2.3 raeburn 70: use Socket;
71: use Sys::Hostname::FQDN();
1.43.2.10 raeburn 72: use File::Spec;
73: use Cwd();
1.43.2.9 raeburn 74:
75: # For ubuntu 14 and later check for loncapa.conf in sites-available,
76: # and conf-available, and for symlinks in sites-enabled, and conf-enabled
77: if ('<DIST />' =~ /^ubuntu(\d+)$/) {
78: my $version = $1;
79: if ($version > 12) {
80: if (-l '/etc/apache2/conf-enabled/loncapa.conf') {
81: my $linkfname = readlink('/etc/apache2/conf-enabled/loncapa.conf');
1.43.2.10 raeburn 82: if ($linkfname ne '') {
83: $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/conf-enabled'));
84: }
1.43.2.9 raeburn 85: unless ($linkfname eq '/etc/apache2/conf-available/loncapa.conf') {
86: unlink('/etc/apache2/conf-enabled/loncapa.conf');
87: }
88: }
89: if (-e '/etc/apache2/conf-available/loncapa') {
90: system('mv /etc/apache2/conf-available/loncapa /etc/apache2/conf-available/loncapa.conf');
91: }
92: unless (-l '/etc/apache2/conf-enabled/loncapa.conf') {
93: if (-e '/etc/apache2/conf-available/loncapa.conf') {
1.43.2.10 raeburn 94: my $currdir = Cwd::getcwd();
95: if ($currdir ne '') {
96: chdir('/etc/apache2/conf-enabled');
97: symlink('../conf-available/loncapa.conf','loncapa.conf');
98: chdir($currdir);
99: }
1.43.2.9 raeburn 100: }
101: }
102: if (-l '/etc/apache2/sites-enabled/000-default.conf') {
103: my $linkfname = readlink('/etc/apache2/sites-enabled/000-default.conf');
1.43.2.10 raeburn 104: if ($linkfname ne '') {
105: $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/sites-enabled'));
106: }
107: if (($linkfname eq '/etc/apache2/sites-available/loncapa') ||
1.43.2.11 raeburn 108: ($linkfname eq '/etc/apache2/sites-available/000-default.conf')) {
1.43.2.9 raeburn 109: unlink('/etc/apache2/sites-enabled/000-default.conf');
110: }
111: }
112: if (-e '/etc/apache2/sites-available/loncapa') {
113: system('mv /etc/apache2/sites-available/loncapa /etc/apache2/sites-available/loncapa.conf');
114: }
115: if (-l '/etc/apache2/sites-enabled/loncapa.conf') {
116: my $linkfname = readlink('/etc/apache2/sites-enabled/loncapa.conf');
1.43.2.10 raeburn 117: if ($linkfname ne '') {
118: $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,'/etc/apache2/sites-enabled'));
119: }
1.43.2.9 raeburn 120: unless ($linkfname eq '/etc/apache2/sites-available/loncapa.conf') {
121: unlink('/etc/apache2/sites-enabled/loncapa.conf');
122: }
123: }
124: unless (-l '/etc/apache2/sites-enabled/loncapa.conf') {
125: if (-e '/etc/apache2/sites-available/loncapa.conf') {
1.43.2.10 raeburn 126: my $currdir = Cwd::getcwd();
127: if ($currdir ne '') {
128: chdir('/etc/apache2/sites-enabled');
129: symlink('../sites-available/loncapa.conf','loncapa.conf');
130: chdir($currdir);
131: }
1.43.2.9 raeburn 132: }
133: }
134: }
135: }
136:
1.1 harris41 137: unless (-e "<TARGET />") {
1.20 raeburn 138: print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '.
1.13 harris41 139: 'software package?';
1.11 harris41 140: exit(1);
1.1 harris41 141: }
142: else {
1.32 raeburn 143: # Append loncapa_apache.conf inclusion to httpd.conf
1.43.2.9 raeburn 144: # (or sites-available/loncapa or conf-available/loncapa.conf) if not present.
1.43.2.13! raeburn 145: my $absolute_link;
! 146: if ('<DIST />' =~ /^sles(\d+)$/) {
! 147: my $version = $1;
! 148: if ($version > 11) {
! 149: $absolute_link = 1;
1.9 harris41 150: }
151: }
1.43.2.13! raeburn 152: if ($absolute_link) {
! 153: # For SuSE and SLES /etc/apache2/default-server.conf needs to include:
! 154: # Include /etc/apache2/loncapa_apache.conf
! 155: # instead of:
! 156: # Include conf/loncapa_apache.conf
! 157: my $delflag=0;
! 158: my $addflag=1;
! 159: open(IN,'<<TARGET />');
! 160: while (<IN>) {
! 161: if (/^\s*Include\s+conf\/loncapa_apache.conf/) {
! 162: $delflag=1;
! 163: }
! 164: if (/^\s*Include\s+\/etc\/apache2\/loncapa_apache.conf/) {
! 165: $addflag = 0;
! 166: }
! 167: }
! 168: close(IN);
! 169: if ($addflag) {
! 170: open(OUT,'>><TARGET />');
! 171: print(OUT 'Include /etc/apache2/loncapa_apache.conf'."\n");
! 172: close(OUT);
! 173: }
! 174: if ($delflag==1) {
! 175: my $in='';
! 176: open(IN,'<<TARGET />');
! 177: while(<IN>) {
! 178: $in.=$_ unless /^\s*Include\s+conf\/loncapa_apache.conf/;
! 179: }
! 180: close(IN);
! 181: open(OUT,'><TARGET />');
! 182: print(OUT $in);
! 183: close(OUT);
! 184: }
! 185: } else {
! 186: $flag=0;
! 187: open(IN,'<<TARGET />');
! 188: while (<IN>) {
! 189: if (/^\s*Include\s+conf\/loncapa_apache.conf/) {
! 190: $flag=1;
! 191: }
! 192: }
! 193: close(IN);
! 194: unless ($flag==1) {
! 195: open(OUT,'>><TARGET />');
! 196: print(OUT 'Include conf/loncapa_apache.conf'."\n");
! 197: close(OUT);
! 198: }
1.9 harris41 199: }
1.39 raeburn 200: # Remove loncapa.conf inclusion from httpd.conf
1.43.2.9 raeburn 201: # (or sites-available/loncapa or conf-available/loncapa.conf) if present.
1.11 harris41 202: $flag=0;
203: open(IN,'<<TARGET />');
204: while (<IN>) {
205: if (/^\s*Include\s+conf\/loncapa.conf/) {
206: $flag=1;
207: }
208: }
209: close(IN);
210: $in='';
211: if ($flag==1) {
212: open(IN,'<<TARGET />');
213: while(<IN>) {
214: $in.=$_ unless /^\s*Include\s+conf\/loncapa.conf/;
215: }
216: close(IN);
217: open(OUT,'><TARGET />');
218: print(OUT $in."\n");
219: close(OUT);
1.13 harris41 220: }
1.18 raeburn 221:
222: # Checking for overlapping ScriptAlias and DocumentRoot definitions.
223: $scriptalias_flag=0;
224: $documentroot_flag=0;
225: my $scriptalias;
226: my $documentroot;
227: open(IN,'<<TARGET />');
228: while (<IN>) {
229: if (m!^\s*ScriptAlias\s+/cgi-bin/\s+(.*)$!) {
230: $scriptalias = $1;
231: if ($scriptalias !~ m!home/httpd/cgi-bin!) {
232: $scriptalias_flag = 1;
233: }
234: }
235: if (m!^\s*DocumentRoot\s+(.*)$!) {
236: $documentroot = $1;
237: if ($documentroot !~ m!home/httpd/html!) {
238: $documentroot_flag = 1;
239: }
240: }
241: }
242: close(IN);
243: if ($scriptalias_flag==1) {
1.32 raeburn 244: my $conffile = '/etc/httpd/conf/httpd.conf';
245: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
246: || '<DIST />' eq 'sles9') {
247: $conffile = '/etc/httpd/httpd.conf';
248: } elsif ('<DIST />' =~ /^(suse|sles)/) {
249: $conffile = '/etc/apache2/default-server.conf';
250: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
251: $conffile = '/etc/apache2/sites-available/loncapa';
1.43.2.9 raeburn 252: if ('<DIST />' =~ /^ubuntu(\d+)$/) {
253: my $version = $1;
254: if ($version > 12) {
255: $conffile = '/etc/apache2/conf-available/loncapa.conf';
256: }
257: }
1.32 raeburn 258: }
259: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
260: 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n".
261: 'This conflicts with loncapa_apache.conf.'."\n");
1.18 raeburn 262: }
263: if ($documentroot_flag==1) {
1.32 raeburn 264: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
265: 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n".
266: 'This conflicts with loncapa_apache.conf.'."\n");
1.18 raeburn 267: }
1.32 raeburn 268:
269: # Checking for rewrites of http:// to https://
270: my $rewrite_dir = '/etc/httpd/conf/rewrites';
271: my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf';
272: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
273: || '<DIST />' eq 'sles9') {
274: $rewrite_dir = '/etc/httpd/rewrites/';
275: $curr_rewrite = '/etc/httpd/loncapa_rewrite.conf';
276: } elsif ('<DIST />' =~ /^(suse|sles|debian|ubuntu)/) {
277: $rewrite_dir = '/etc/apache2/rewrites';
278: $curr_rewrite = '/etc/apache2/loncapa_rewrite.conf';
279: }
280: my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf';
281: my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf';
282: if (!-e $curr_rewrite) {
283: system("cp $rewrite_off $curr_rewrite");
284: chmod(0644, $curr_rewrite);
285: } else {
1.43.2.3 raeburn 286: my ($not_rewrite_on,$not_rewrite_off,$rewrite_state);
1.32 raeburn 287: if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) {
288: my $diffres = <PIPE> ;
289: close(PIPE);
290: chomp($diffres);
291: if ($diffres) {
292: $not_rewrite_off = 1;
1.43.2.3 raeburn 293: } else {
294: $rewrite_state = 'off';
1.32 raeburn 295: }
296: }
297: if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) {
298: my $diffres = <PIPE> ;
299: close(PIPE);
300: chomp($diffres);
301: if ($diffres) {
302: $not_rewrite_on = 1;
1.43.2.3 raeburn 303: } else {
304: $rewrite_state = 'on';
1.32 raeburn 305: }
306: }
1.43.2.3 raeburn 307: if ($not_rewrite_off && $not_rewrite_on) {
308: print('**** WARNING **** '."\n".$curr_rewrite.' does not match '.
309: 'either:'."\n".$rewrite_on.' - the file used to enable rewriting '.
310: 'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off.
1.32 raeburn 311: ' - the file used to disable such rewriting'."\n\n".
312: 'This may be because '. $curr_rewrite.' has been '.
1.43.2.3 raeburn 313: 'previously customized,'."\n".'or it may be because of a change '.
1.32 raeburn 314: 'to the files in '.$rewrite_dir."\n");
1.43.2.3 raeburn 315: if (open(my $fh,'<',$curr_rewrite)) {
316: while(<$fh>) {
317: if (/^\s*RewriteEngine\s+(on|off)\s*$/i) {
318: if ($1 eq 'on') {
319: $rewrite_state = 'on';
320: } else {
321: $rewrite_state = 'off';
322: }
323: last;
324: }
325: }
326: }
327: }
328: if ($rewrite_state eq 'on') {
329: # Checking for rewrites of https:// to http://
330: my ($gotrules,$rulestr,$ssldir);
331: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
332: || '<DIST />' eq 'sles9') {
333: $ssldir = '/etc/apache/vhosts.d';
334: } elsif ('<DIST />' =~ /^(suse|sles)/) {
335: $ssldir = '/etc/apache2/vhosts.d';
336: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
337: $ssldir = '/etc/apache2/sites-available';
338: } else {
339: $ssldir = '/etc/httpd/conf.d';
340: }
341: my $hostname = Sys::Hostname::FQDN::fqdn();
342: my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost');
1.43.2.7 raeburn 343: my @expected = ('RewriteEngine on',
344: 'RewriteCond %{HTTPS} =on',
345: 'RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)',
1.43.2.3 raeburn 346: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
1.43.2.6 raeburn 347: 'RewriteRule ^/adm/wrapper/ext/(?!https:) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]',
1.43.2.3 raeburn 348: 'RewriteCond %{REMOTE_ADDR} 127.0.0.1',
349: 'RewriteRule (.*) - [L]');
350: if (($hostip ne '') && ($hostip ne '127.0.0.1')) {
351: push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip,
352: 'RewriteRule (.*) - [L]'));
353: }
354: push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$',
355: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
356: 'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]'));
357: if (-d $ssldir) {
358: my @rewrites;
359: if (opendir(my $dir,$ssldir)) {
360: my @sslconf_files;
1.43.2.8 raeburn 361: foreach my $file (grep(!/^\./,readdir($dir))) {
362: next if ($file =~ /\.rpmnew$/);
1.43.2.3 raeburn 363: if (open(my $fh,'<',"$ssldir/$file")) {
364: while (<$fh>) {
365: if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) {
366: push(@sslconf_files,$file);
367: last;
368: }
369: }
370: close($fh);
371: }
372: }
373: if (@sslconf_files) {
374: foreach my $file (@sslconf_files) {
375: if (open(my $fh,'<',"$ssldir/$file")) {
376: my ($rewrite,$num) = (0,0);
377: while (<$fh>) {
378: if ($rewrite) {
1.43.2.8 raeburn 379: if (/^\s*<\/IfModule>/) {
1.43.2.3 raeburn 380: $rewrite = 0;
381: $num ++;
382: } else {
383: chomp();
1.43.2.8 raeburn 384: s/^\s+|\s+$//g;
1.43.2.3 raeburn 385: push(@{$rewrites[$num]},$_);
386: }
387: } elsif (/^\s*<IfModule\s+mod_rewrite.c>/) {
388: $rewrite = 1;
389: }
390: }
391: close($fh);
392: }
393: }
394: }
395: closedir($dir);
396: }
397: if (@rewrites) {
398: foreach my $item (@rewrites) {
399: if (ref($item) eq 'ARRAY') {
400: my $found = 0;
1.43.2.7 raeburn 401: foreach my $line (@{$item}) {
1.43.2.3 raeburn 402: foreach my $match (@expected) {
1.43.2.7 raeburn 403: if ($match eq $line) {
1.43.2.3 raeburn 404: $found ++;
405: last;
406: }
407: }
408: }
1.43.2.8 raeburn 409: if ($found >= scalar(@expected)) {
1.43.2.3 raeburn 410: $gotrules = 1;
1.43.2.7 raeburn 411: last;
1.43.2.3 raeburn 412: }
413: }
414: }
415: }
416: }
417: unless ($gotrules) {
418: print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '.
419: 'of http to https are enabled for most URLs.'."\n".
420: 'Unless your Apache configuration includes Strict-Transport-Security '.
421: '(with max-age > 0), it is recommended to also set rewrites from https to http '.
422: 'for specific URLs in a file in '.$ssldir.' by including the following:'."\n".
423: "<IfModule mod_rewrite.c>\n".' '.
424: join("\n ",@expected)."\n".
425: "</IfModule>\n");
426: }
1.32 raeburn 427: }
428: }
1.13 harris41 429: }
430: </perlscript>
1.1 harris41 431: </file>
432: </files>
433: </piml>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to webserver.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles