Annotation of doc/loncapafiles/webserver.piml, revision 1.43.2.3
1.8 harris41 1: <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
2: "http://lpml.sourceforge.net/DTD/piml.dtd">
1.1 harris41 3: <!-- webserver.piml -->
4:
1.43.2.3! raeburn 5: <!-- $Id: webserver.piml,v 1.43.2.2 2019/07/07 18:39:39 raeburn Exp $ -->
1.1 harris41 6:
7: <!--
8:
9: Copyright Michigan State University Board of Trustees
10:
11: This file is part of the LearningOnline Network with CAPA (LON-CAPA).
12:
13: LON-CAPA is free software; you can redistribute it and/or modify
14: it under the terms of the GNU General Public License as published by
15: the Free Software Foundation; either version 2 of the License, or
16: (at your option) any later version.
17:
18: LON-CAPA is distributed in the hope that it will be useful,
19: but WITHOUT ANY WARRANTY; without even the implied warranty of
20: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21: GNU General Public License for more details.
22:
23: You should have received a copy of the GNU General Public License
24: along with LON-CAPA; if not, write to the Free Software
25: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26:
27: /home/httpd/html/adm/gpl.txt
28:
29: http://www.lon-capa.org/
30:
31: -->
32:
33: <!-- Default values must be defined before specific values. -->
34: <!-- If no 'dist' attribute is specified, then it is always installed. -->
35: <!-- If 'dist' attribute is set to 'default', then the specification. -->
36: <!-- is accepted if an alternative distribution is not requested or not -->
37: <!-- defined. -->
38:
39: <piml>
1.6 harris41 40: <targetroot>/</targetroot>
1.2 harris41 41: <specialnotices>
42: <specialnotice>
43: </specialnotice>
44: </specialnotices>
1.1 harris41 45: <files>
46: <file>
47: <target dist='default'>/etc/httpd/conf/httpd.conf</target>
1.20 raeburn 48: <target dist='suse9.2 suse9.3 sles9'>/etc/httpd/httpd.conf</target>
1.43.2.1 raeburn 49: <target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>/etc/apache2/default-server.conf</target>
1.39 raeburn 50: <target dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>/etc/apache2/sites-available/loncapa</target>
1.43 raeburn 51: <target dist='ubuntu14 ubuntu16 ubuntu18'>/etc/apache2/conf-available/loncapa</target>
1.43.2.2 raeburn 52: <note>This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, Oracle Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions</note>
1.1 harris41 53: <dependencies dist='default'>
54: /etc/httpd/conf/httpd.conf
55: </dependencies>
1.20 raeburn 56: <dependencies dist='suse9.2 suse9.3 sles9'>
57: /etc/httpd/httpd.conf
58: </dependencies>
1.39 raeburn 59: <dependencies dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>
1.25 raeburn 60: /etc/apache2/sites-available/loncapa
61: </dependencies>
1.43 raeburn 62: <dependencies dist='ubuntu14 ubuntu16 ubuntu18'>
1.39 raeburn 63: /etc/apache2/conf-available/loncapa
64: </dependencies>
1.43.2.1 raeburn 65: <dependencies dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>
1.20 raeburn 66: /etc/apache2/default-server.conf
67: </dependencies>
1.19 raeburn 68: <perlscript mode='fg' dist="default">
1.11 harris41 69: # Generated from doc/loncapafiles/webserver.piml
1.43.2.3! raeburn 70: use Socket;
! 71: use Sys::Hostname::FQDN();
1.1 harris41 72: unless (-e "<TARGET />") {
1.20 raeburn 73: print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '.
1.13 harris41 74: 'software package?';
1.11 harris41 75: exit(1);
1.1 harris41 76: }
77: else {
1.32 raeburn 78: # Append loncapa_apache.conf inclusion to httpd.conf
1.39 raeburn 79: # (or sites-available/loncapa or conf-available/loncapa) if not present.
1.9 harris41 80: $flag=0;
1.11 harris41 81: open(IN,'<<TARGET />');
1.9 harris41 82: while (<IN>) {
83: if (/^\s*Include\s+conf\/loncapa_apache.conf/) {
84: $flag=1;
85: }
86: }
1.11 harris41 87: close(IN);
1.9 harris41 88: unless ($flag==1) {
1.11 harris41 89: open(OUT,'>><TARGET />');
90: print(OUT 'Include conf/loncapa_apache.conf'."\n");
91: close(OUT);
1.9 harris41 92: }
1.39 raeburn 93: # Remove loncapa.conf inclusion from httpd.conf
94: # (or sites-available/loncapa or conf-available/loncapa) if present.
1.11 harris41 95: $flag=0;
96: open(IN,'<<TARGET />');
97: while (<IN>) {
98: if (/^\s*Include\s+conf\/loncapa.conf/) {
99: $flag=1;
100: }
101: }
102: close(IN);
103: $in='';
104: if ($flag==1) {
105: open(IN,'<<TARGET />');
106: while(<IN>) {
107: $in.=$_ unless /^\s*Include\s+conf\/loncapa.conf/;
108: }
109: close(IN);
110: open(OUT,'><TARGET />');
111: print(OUT $in."\n");
112: close(OUT);
1.13 harris41 113: }
1.18 raeburn 114:
115: # Checking for overlapping ScriptAlias and DocumentRoot definitions.
116: $scriptalias_flag=0;
117: $documentroot_flag=0;
118: my $scriptalias;
119: my $documentroot;
120: open(IN,'<<TARGET />');
121: while (<IN>) {
122: if (m!^\s*ScriptAlias\s+/cgi-bin/\s+(.*)$!) {
123: $scriptalias = $1;
124: if ($scriptalias !~ m!home/httpd/cgi-bin!) {
125: $scriptalias_flag = 1;
126: }
127: }
128: if (m!^\s*DocumentRoot\s+(.*)$!) {
129: $documentroot = $1;
130: if ($documentroot !~ m!home/httpd/html!) {
131: $documentroot_flag = 1;
132: }
133: }
134: }
135: close(IN);
136: if ($scriptalias_flag==1) {
1.32 raeburn 137: my $conffile = '/etc/httpd/conf/httpd.conf';
138: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
139: || '<DIST />' eq 'sles9') {
140: $conffile = '/etc/httpd/httpd.conf';
141: } elsif ('<DIST />' =~ /^(suse|sles)/) {
142: $conffile = '/etc/apache2/default-server.conf';
143: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
144: $conffile = '/etc/apache2/sites-available/loncapa';
145: }
146: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
147: 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n".
148: 'This conflicts with loncapa_apache.conf.'."\n");
1.18 raeburn 149: }
150: if ($documentroot_flag==1) {
1.32 raeburn 151: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
152: 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n".
153: 'This conflicts with loncapa_apache.conf.'."\n");
1.18 raeburn 154: }
1.32 raeburn 155:
156: # Checking for rewrites of http:// to https://
157: my $rewrite_dir = '/etc/httpd/conf/rewrites';
158: my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf';
159: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
160: || '<DIST />' eq 'sles9') {
161: $rewrite_dir = '/etc/httpd/rewrites/';
162: $curr_rewrite = '/etc/httpd/loncapa_rewrite.conf';
163: } elsif ('<DIST />' =~ /^(suse|sles|debian|ubuntu)/) {
164: $rewrite_dir = '/etc/apache2/rewrites';
165: $curr_rewrite = '/etc/apache2/loncapa_rewrite.conf';
166: }
167: my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf';
168: my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf';
169: if (!-e $curr_rewrite) {
170: system("cp $rewrite_off $curr_rewrite");
171: chmod(0644, $curr_rewrite);
172: } else {
1.43.2.3! raeburn 173: my ($not_rewrite_on,$not_rewrite_off,$rewrite_state);
1.32 raeburn 174: if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) {
175: my $diffres = <PIPE> ;
176: close(PIPE);
177: chomp($diffres);
178: if ($diffres) {
179: $not_rewrite_off = 1;
1.43.2.3! raeburn 180: } else {
! 181: $rewrite_state = 'off';
1.32 raeburn 182: }
183: }
184: if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) {
185: my $diffres = <PIPE> ;
186: close(PIPE);
187: chomp($diffres);
188: if ($diffres) {
189: $not_rewrite_on = 1;
1.43.2.3! raeburn 190: } else {
! 191: $rewrite_state = 'on';
1.32 raeburn 192: }
193: }
1.43.2.3! raeburn 194: if ($not_rewrite_off && $not_rewrite_on) {
! 195: print('**** WARNING **** '."\n".$curr_rewrite.' does not match '.
! 196: 'either:'."\n".$rewrite_on.' - the file used to enable rewriting '.
! 197: 'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off.
1.32 raeburn 198: ' - the file used to disable such rewriting'."\n\n".
199: 'This may be because '. $curr_rewrite.' has been '.
1.43.2.3! raeburn 200: 'previously customized,'."\n".'or it may be because of a change '.
1.32 raeburn 201: 'to the files in '.$rewrite_dir."\n");
1.43.2.3! raeburn 202: if (open(my $fh,'<',$curr_rewrite)) {
! 203: while(<$fh>) {
! 204: if (/^\s*RewriteEngine\s+(on|off)\s*$/i) {
! 205: if ($1 eq 'on') {
! 206: $rewrite_state = 'on';
! 207: } else {
! 208: $rewrite_state = 'off';
! 209: }
! 210: last;
! 211: }
! 212: }
! 213: }
! 214: }
! 215: if ($rewrite_state eq 'on') {
! 216: # Checking for rewrites of https:// to http://
! 217: my ($gotrules,$rulestr,$ssldir);
! 218: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
! 219: || '<DIST />' eq 'sles9') {
! 220: $ssldir = '/etc/apache/vhosts.d';
! 221: } elsif ('<DIST />' =~ /^(suse|sles)/) {
! 222: $ssldir = '/etc/apache2/vhosts.d';
! 223: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
! 224: $ssldir = '/etc/apache2/sites-available';
! 225: } else {
! 226: $ssldir = '/etc/httpd/conf.d';
! 227: }
! 228: my $hostname = Sys::Hostname::FQDN::fqdn();
! 229: my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost');
! 230: my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)',
! 231: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
! 232: 'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]',
! 233: 'RewriteCond %{REMOTE_ADDR} 127.0.0.1',
! 234: 'RewriteRule (.*) - [L]');
! 235: if (($hostip ne '') && ($hostip ne '127.0.0.1')) {
! 236: push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip,
! 237: 'RewriteRule (.*) - [L]'));
! 238: }
! 239: push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$',
! 240: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
! 241: 'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]'));
! 242: if (-d $ssldir) {
! 243: my @rewrites;
! 244: if (opendir(my $dir,$ssldir)) {
! 245: my @sslconf_files;
! 246: foreach my $file (!grep(/^\.$/,readdir($dir))) {
! 247: if (open(my $fh,'<',"$ssldir/$file")) {
! 248: while (<$fh>) {
! 249: if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) {
! 250: push(@sslconf_files,$file);
! 251: last;
! 252: }
! 253: }
! 254: close($fh);
! 255: }
! 256: }
! 257: if (@sslconf_files) {
! 258: my @rewrites;
! 259: foreach my $file (@sslconf_files) {
! 260: if (open(my $fh,'<',"$ssldir/$file")) {
! 261: my ($rewrite,$num) = (0,0);
! 262: while (<$fh>) {
! 263: if ($rewrite) {
! 264: if (/\s*<\/IfModule>/) {
! 265: $rewrite = 0;
! 266: $num ++;
! 267: } else {
! 268: chomp();
! 269: s/^(\s+|\s+)$//g;
! 270: push(@{$rewrites[$num]},$_);
! 271: }
! 272: } elsif (/^\s*<IfModule\s+mod_rewrite.c>/) {
! 273: $rewrite = 1;
! 274: }
! 275: }
! 276: close($fh);
! 277: }
! 278: }
! 279: }
! 280: closedir($dir);
! 281: }
! 282: if (@rewrites) {
! 283: foreach my $item (@rewrites) {
! 284: if (ref($item) eq 'ARRAY') {
! 285: my $found = 0;
! 286: foreach my $item (@rewrites) {
! 287: foreach my $match (@expected) {
! 288: if ($match eq $item) {
! 289: $found ++;
! 290: last;
! 291: }
! 292: }
! 293: }
! 294: if ($found >= @expected) {
! 295: $gotrules = 1;
! 296: }
! 297: }
! 298: }
! 299: }
! 300: }
! 301: unless ($gotrules) {
! 302: print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '.
! 303: 'of http to https are enabled for most URLs.'."\n".
! 304: 'Unless your Apache configuration includes Strict-Transport-Security '.
! 305: '(with max-age > 0), it is recommended to also set rewrites from https to http '.
! 306: 'for specific URLs in a file in '.$ssldir.' by including the following:'."\n".
! 307: "<IfModule mod_rewrite.c>\n".' '.
! 308: join("\n ",@expected)."\n".
! 309: "</IfModule>\n");
! 310: }
1.32 raeburn 311: }
312: }
1.13 harris41 313: }
314: </perlscript>
1.1 harris41 315: </file>
316: </files>
317: </piml>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>