File:
[LON-CAPA] /
doc /
loncapafiles /
webserver.piml
Revision
1.55:
download - view:
text,
annotated -
select for diffs
Thu Mar 11 20:38:05 2021 UTC (3 years, 1 month ago) by
raeburn
Branches:
MAIN
CVS tags:
HEAD
- For Ubuntu 14 and newer, Apache files in /etc/apache2/conf-available and
/etc/apache2/sites-available are both named loncapa.conf.
- For Ubuntu 14 and newer, symlinks in /etc/apache2/conf-enabled and
/etc/apache2/sites-enabled which link to them also named loncapa.conf
(for consistency with a2ensite, a2enconf, a2dissite, and a2disconf).
1: <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
2: "http://lpml.sourceforge.net/DTD/piml.dtd">
3: <!-- webserver.piml -->
4:
5: <!-- $Id: webserver.piml,v 1.55 2021/03/11 20:38:05 raeburn Exp $ -->
6:
7: <!--
8:
9: Copyright Michigan State University Board of Trustees
10:
11: This file is part of the LearningOnline Network with CAPA (LON-CAPA).
12:
13: LON-CAPA is free software; you can redistribute it and/or modify
14: it under the terms of the GNU General Public License as published by
15: the Free Software Foundation; either version 2 of the License, or
16: (at your option) any later version.
17:
18: LON-CAPA is distributed in the hope that it will be useful,
19: but WITHOUT ANY WARRANTY; without even the implied warranty of
20: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21: GNU General Public License for more details.
22:
23: You should have received a copy of the GNU General Public License
24: along with LON-CAPA; if not, write to the Free Software
25: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26:
27: /home/httpd/html/adm/gpl.txt
28:
29: http://www.lon-capa.org/
30:
31: -->
32:
33: <!-- Default values must be defined before specific values. -->
34: <!-- If no 'dist' attribute is specified, then it is always installed. -->
35: <!-- If 'dist' attribute is set to 'default', then the specification. -->
36: <!-- is accepted if an alternative distribution is not requested or not -->
37: <!-- defined. -->
38:
39: <piml>
40: <targetroot>/</targetroot>
41: <specialnotices>
42: <specialnotice>
43: </specialnotice>
44: </specialnotices>
45: <files>
46: <file>
47: <target dist='default'>/etc/httpd/conf/httpd.conf</target>
48: <target dist='suse9.2 suse9.3 sles9'>/etc/httpd/httpd.conf</target>
49: <target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>/etc/apache2/default-server.conf</target>
50: <target dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>/etc/apache2/sites-available/loncapa</target>
51: <target dist='ubuntu14 ubuntu16 ubuntu18 ubuntu20'>/etc/apache2/conf-available/loncapa.conf</target>
52: <note>This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, Oracle Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions</note>
53: <dependencies dist='default'>
54: /etc/httpd/conf/httpd.conf
55: </dependencies>
56: <dependencies dist='suse9.2 suse9.3 sles9'>
57: /etc/httpd/httpd.conf
58: </dependencies>
59: <dependencies dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12'>
60: /etc/apache2/sites-available/loncapa
61: </dependencies>
62: <dependencies dist='ubuntu14 ubuntu16 ubuntu18 ubuntu20'>
63: /etc/apache2/conf-available/loncapa.conf
64: </dependencies>
65: <dependencies dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2'>
66: /etc/apache2/default-server.conf
67: </dependencies>
68: <perlscript mode='fg' dist="default">
69: # Generated from doc/loncapafiles/webserver.piml
70: use Socket;
71: use Sys::Hostname::FQDN();
72:
73: # For ubuntu 14 and later check for loncapa.conf in sites-available,
74: # and conf-available, and for symlinks in sites-enabled, and conf-enabled
75: if ('<DIST />' =~ /^ubuntu(\d+)$/) {
76: my $version = $1;
77: if ($version > 12) {
78: if (-l '/etc/apache2/conf-enabled/loncapa.conf') {
79: my $linkfname = readlink('/etc/apache2/conf-enabled/loncapa.conf');
80: unless ($linkfname eq '/etc/apache2/conf-available/loncapa.conf') {
81: unlink('/etc/apache2/conf-enabled/loncapa.conf');
82: }
83: }
84: if (-e '/etc/apache2/conf-available/loncapa') {
85: system('mv /etc/apache2/conf-available/loncapa /etc/apache2/conf-available/loncapa.conf');
86: }
87: unless (-l '/etc/apache2/conf-enabled/loncapa.conf') {
88: if (-e '/etc/apache2/conf-available/loncapa.conf') {
89: symlink('/etc/apache2/conf-available/loncapa.conf','/etc/apache2/conf-enabled/loncapa.conf');
90: }
91: }
92: if (-l '/etc/apache2/sites-enabled/000-default.conf') {
93: my $linkfname = readlink('/etc/apache2/sites-enabled/000-default.conf');
94: if ($linkfname eq '/etc/apache2/sites-available/loncapa') {
95: unlink('/etc/apache2/sites-enabled/000-default.conf');
96: }
97: }
98: if (-e '/etc/apache2/sites-available/loncapa') {
99: system('mv /etc/apache2/sites-available/loncapa /etc/apache2/sites-available/loncapa.conf');
100: }
101: if (-l '/etc/apache2/sites-enabled/loncapa.conf') {
102: my $linkfname = readlink('/etc/apache2/sites-enabled/loncapa.conf');
103: unless ($linkfname eq '/etc/apache2/sites-available/loncapa.conf') {
104: unlink('/etc/apache2/sites-enabled/loncapa.conf');
105: }
106: }
107: unless (-l '/etc/apache2/sites-enabled/loncapa.conf') {
108: if (-e '/etc/apache2/sites-available/loncapa.conf') {
109: symlink('/etc/apache2/sites-available/loncapa.conf','/etc/apache2/sites-enabled/loncapa.conf');
110: }
111: }
112: }
113: }
114:
115: unless (-e "<TARGET />") {
116: print '**** ERROR! <TARGET /> should exist! Are you missing the Apache '.
117: 'software package?';
118: exit(1);
119: }
120: else {
121: # Append loncapa_apache.conf inclusion to httpd.conf
122: # (or sites-available/loncapa or conf-available/loncapa.conf) if not present.
123: $flag=0;
124: open(IN,'<<TARGET />');
125: while (<IN>) {
126: if (/^\s*Include\s+conf\/loncapa_apache.conf/) {
127: $flag=1;
128: }
129: }
130: close(IN);
131: unless ($flag==1) {
132: open(OUT,'>><TARGET />');
133: print(OUT 'Include conf/loncapa_apache.conf'."\n");
134: close(OUT);
135: }
136: # Remove loncapa.conf inclusion from httpd.conf
137: # (or sites-available/loncapa or conf-available/loncapa.conf) if present.
138: $flag=0;
139: open(IN,'<<TARGET />');
140: while (<IN>) {
141: if (/^\s*Include\s+conf\/loncapa.conf/) {
142: $flag=1;
143: }
144: }
145: close(IN);
146: $in='';
147: if ($flag==1) {
148: open(IN,'<<TARGET />');
149: while(<IN>) {
150: $in.=$_ unless /^\s*Include\s+conf\/loncapa.conf/;
151: }
152: close(IN);
153: open(OUT,'><TARGET />');
154: print(OUT $in."\n");
155: close(OUT);
156: }
157:
158: # Checking for overlapping ScriptAlias and DocumentRoot definitions.
159: $scriptalias_flag=0;
160: $documentroot_flag=0;
161: my $scriptalias;
162: my $documentroot;
163: open(IN,'<<TARGET />');
164: while (<IN>) {
165: if (m!^\s*ScriptAlias\s+/cgi-bin/\s+(.*)$!) {
166: $scriptalias = $1;
167: if ($scriptalias !~ m!home/httpd/cgi-bin!) {
168: $scriptalias_flag = 1;
169: }
170: }
171: if (m!^\s*DocumentRoot\s+(.*)$!) {
172: $documentroot = $1;
173: if ($documentroot !~ m!home/httpd/html!) {
174: $documentroot_flag = 1;
175: }
176: }
177: }
178: close(IN);
179: if ($scriptalias_flag==1) {
180: my $conffile = '/etc/httpd/conf/httpd.conf';
181: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
182: || '<DIST />' eq 'sles9') {
183: $conffile = '/etc/httpd/httpd.conf';
184: } elsif ('<DIST />' =~ /^(suse|sles)/) {
185: $conffile = '/etc/apache2/default-server.conf';
186: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
187: $conffile = '/etc/apache2/sites-available/loncapa';
188: if ('<DIST />' =~ /^ubuntu(\d+)$/) {
189: my $version = $1;
190: if ($version > 12) {
191: $conffile = '/etc/apache2/conf-available/loncapa.conf';
192: }
193: }
194: }
195: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
196: 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n".
197: 'This conflicts with loncapa_apache.conf.'."\n");
198: }
199: if ($documentroot_flag==1) {
200: print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
201: 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n".
202: 'This conflicts with loncapa_apache.conf.'."\n");
203: }
204:
205: # Checking for rewrites of http:// to https://
206: my $rewrite_dir = '/etc/httpd/conf/rewrites';
207: my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf';
208: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
209: || '<DIST />' eq 'sles9') {
210: $rewrite_dir = '/etc/httpd/rewrites/';
211: $curr_rewrite = '/etc/httpd/loncapa_rewrite.conf';
212: } elsif ('<DIST />' =~ /^(suse|sles|debian|ubuntu)/) {
213: $rewrite_dir = '/etc/apache2/rewrites';
214: $curr_rewrite = '/etc/apache2/loncapa_rewrite.conf';
215: }
216: my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf';
217: my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf';
218: if (!-e $curr_rewrite) {
219: system("cp $rewrite_off $curr_rewrite");
220: chmod(0644, $curr_rewrite);
221: } else {
222: my ($not_rewrite_on,$not_rewrite_off,$rewrite_state);
223: if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) {
224: my $diffres = <PIPE> ;
225: close(PIPE);
226: chomp($diffres);
227: if ($diffres) {
228: $not_rewrite_off = 1;
229: } else {
230: $rewrite_state = 'off';
231: }
232: }
233: if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) {
234: my $diffres = <PIPE> ;
235: close(PIPE);
236: chomp($diffres);
237: if ($diffres) {
238: $not_rewrite_on = 1;
239: } else {
240: $rewrite_state = 'on';
241: }
242: }
243: if ($not_rewrite_off && $not_rewrite_on) {
244: print('**** WARNING **** '."\n".$curr_rewrite.' does not match '.
245: 'either:'."\n".$rewrite_on.' - the file used to enable rewriting '.
246: 'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off.
247: ' - the file used to disable such rewriting'."\n\n".
248: 'This may be because '. $curr_rewrite.' has been '.
249: 'previously customized,'."\n".'or it may be because of a change '.
250: 'to the files in '.$rewrite_dir."\n");
251: if (open(my $fh,'<',$curr_rewrite)) {
252: while(<$fh>) {
253: if (/^\s*RewriteEngine\s+(on|off)\s*$/i) {
254: if ($1 eq 'on') {
255: $rewrite_state = 'on';
256: } else {
257: $rewrite_state = 'off';
258: }
259: last;
260: }
261: }
262: }
263: }
264: if ($rewrite_state eq 'on') {
265: # Checking for rewrites of https:// to http://
266: my ($gotrules,$rulestr,$ssldir);
267: if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
268: || '<DIST />' eq 'sles9') {
269: $ssldir = '/etc/apache/vhosts.d';
270: } elsif ('<DIST />' =~ /^(suse|sles)/) {
271: $ssldir = '/etc/apache2/vhosts.d';
272: } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
273: $ssldir = '/etc/apache2/sites-available';
274: } else {
275: $ssldir = '/etc/httpd/conf.d';
276: }
277: my $hostname = Sys::Hostname::FQDN::fqdn();
278: my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost');
279: my @expected = ('RewriteEngine on',
280: 'RewriteCond %{HTTPS} =on',
281: 'RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)',
282: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
283: 'RewriteRule ^/adm/wrapper/ext/(?!https:) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]',
284: 'RewriteCond %{REMOTE_ADDR} 127.0.0.1',
285: 'RewriteRule (.*) - [L]');
286: if (($hostip ne '') && ($hostip ne '127.0.0.1')) {
287: push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip,
288: 'RewriteRule (.*) - [L]'));
289: }
290: push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$',
291: 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
292: 'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]'));
293: if (-d $ssldir) {
294: my @rewrites;
295: if (opendir(my $dir,$ssldir)) {
296: my @sslconf_files;
297: foreach my $file (grep(!/^\./,readdir($dir))) {
298: next if ($file =~ /\.rpmnew$/);
299: if (open(my $fh,'<',"$ssldir/$file")) {
300: while (<$fh>) {
301: if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) {
302: push(@sslconf_files,$file);
303: last;
304: }
305: }
306: close($fh);
307: }
308: }
309: if (@sslconf_files) {
310: foreach my $file (@sslconf_files) {
311: if (open(my $fh,'<',"$ssldir/$file")) {
312: my ($rewrite,$num) = (0,0);
313: while (<$fh>) {
314: if ($rewrite) {
315: if (/^\s*<\/IfModule>/) {
316: $rewrite = 0;
317: $num ++;
318: } else {
319: chomp();
320: s/^\s+|\s+$//g;
321: push(@{$rewrites[$num]},$_);
322: }
323: } elsif (/^\s*<IfModule\s+mod_rewrite.c>/) {
324: $rewrite = 1;
325: }
326: }
327: close($fh);
328: }
329: }
330: }
331: closedir($dir);
332: }
333: if (@rewrites) {
334: foreach my $item (@rewrites) {
335: if (ref($item) eq 'ARRAY') {
336: my $found = 0;
337: foreach my $line (@{$item}) {
338: foreach my $match (@expected) {
339: if ($match eq $line) {
340: $found ++;
341: last;
342: }
343: }
344: }
345: if ($found >= scalar(@expected)) {
346: $gotrules = 1;
347: last;
348: }
349: }
350: }
351: }
352: }
353: unless ($gotrules) {
354: print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '.
355: 'of http to https are enabled for most URLs.'."\n".
356: 'Unless your Apache configuration includes Strict-Transport-Security '.
357: '(with max-age > 0), it is recommended to also set rewrites from https to http '.
358: 'for specific URLs in a file in '.$ssldir.' by including the following:'."\n".
359: "<IfModule mod_rewrite.c>\n".' '.
360: join("\n ",@expected)."\n".
361: "</IfModule>\n");
362: }
363: }
364: }
365: }
366: </perlscript>
367: </file>
368: </files>
369: </piml>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to webserver.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles