/ /etc/httpd/conf/httpd.conf /etc/httpd/httpd.conf /etc/apache2/default-server.conf /etc/apache2/sites-available/loncapa /etc/apache2/conf-available/loncapa This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, Oracle Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions /etc/httpd/conf/httpd.conf /etc/httpd/httpd.conf /etc/apache2/sites-available/loncapa /etc/apache2/conf-available/loncapa /etc/apache2/default-server.conf # Generated from doc/loncapafiles/webserver.piml use Socket; use Sys::Hostname::FQDN(); unless (-e "") { print '**** ERROR! should exist! Are you missing the Apache '. 'software package?'; exit(1); } else { # Append loncapa_apache.conf inclusion to httpd.conf # (or sites-available/loncapa or conf-available/loncapa) if not present. $flag=0; open(IN,'<'); while (<IN>) { if (/^\s*Include\s+conf\/loncapa_apache.conf/) { $flag=1; } } close(IN); unless ($flag==1) { open(OUT,'>>'); print(OUT 'Include conf/loncapa_apache.conf'."\n"); close(OUT); } # Remove loncapa.conf inclusion from httpd.conf # (or sites-available/loncapa or conf-available/loncapa) if present. $flag=0; open(IN,'<'); while (<IN>) { if (/^\s*Include\s+conf\/loncapa.conf/) { $flag=1; } } close(IN); $in=''; if ($flag==1) { open(IN,'<'); while(<IN>) { $in.=$_ unless /^\s*Include\s+conf\/loncapa.conf/; } close(IN); open(OUT,'>'); print(OUT $in."\n"); close(OUT); } # Checking for overlapping ScriptAlias and DocumentRoot definitions. $scriptalias_flag=0; $documentroot_flag=0; my $scriptalias; my $documentroot; open(IN,'<'); while (<IN>) { if (m!^\s*ScriptAlias\s+/cgi-bin/\s+(.*)$!) { $scriptalias = $1; if ($scriptalias !~ m!home/httpd/cgi-bin!) { $scriptalias_flag = 1; } } if (m!^\s*DocumentRoot\s+(.*)$!) { $documentroot = $1; if ($documentroot !~ m!home/httpd/html!) { $documentroot_flag = 1; } } } close(IN); if ($scriptalias_flag==1) { my $conffile = '/etc/httpd/conf/httpd.conf'; if ('' eq 'suse9.2' || '' eq 'suse9.3' || '' eq 'sles9') { $conffile = '/etc/httpd/httpd.conf'; } elsif ('' =~ /^(suse|sles)/) { $conffile = '/etc/apache2/default-server.conf'; } elsif ('' =~ /^(debian|ubuntu)/) { $conffile = '/etc/apache2/sites-available/loncapa'; } print('**** ERROR **** '.$conffile.' has an overlapping definition of '. 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n". 'This conflicts with loncapa_apache.conf.'."\n"); } if ($documentroot_flag==1) { print('**** ERROR **** '.$conffile.' has an overlapping definition of '. 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n". 'This conflicts with loncapa_apache.conf.'."\n"); } # Checking for rewrites of http:// to https:// my $rewrite_dir = '/etc/httpd/conf/rewrites'; my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf'; if ('' eq 'suse9.2' || '' eq 'suse9.3' || '' eq 'sles9') { $rewrite_dir = '/etc/httpd/rewrites/'; $curr_rewrite = '/etc/httpd/loncapa_rewrite.conf'; } elsif ('' =~ /^(suse|sles|debian|ubuntu)/) { $rewrite_dir = '/etc/apache2/rewrites'; $curr_rewrite = '/etc/apache2/loncapa_rewrite.conf'; } my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf'; my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf'; if (!-e $curr_rewrite) { system("cp $rewrite_off $curr_rewrite"); chmod(0644, $curr_rewrite); } else { my ($not_rewrite_on,$not_rewrite_off,$rewrite_state); if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) { my $diffres = <PIPE> ; close(PIPE); chomp($diffres); if ($diffres) { $not_rewrite_off = 1; } else { $rewrite_state = 'off'; } } if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) { my $diffres = <PIPE> ; close(PIPE); chomp($diffres); if ($diffres) { $not_rewrite_on = 1; } else { $rewrite_state = 'on'; } } if ($not_rewrite_off && $not_rewrite_on) { print('**** WARNING **** '."\n".$curr_rewrite.' does not match '. 'either:'."\n".$rewrite_on.' - the file used to enable rewriting '. 'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off. ' - the file used to disable such rewriting'."\n\n". 'This may be because '. $curr_rewrite.' has been '. 'previously customized,'."\n".'or it may be because of a change '. 'to the files in '.$rewrite_dir."\n"); if (open(my $fh,'<',$curr_rewrite)) { while(<$fh>) { if (/^\s*RewriteEngine\s+(on|off)\s*$/i) { if ($1 eq 'on') { $rewrite_state = 'on'; } else { $rewrite_state = 'off'; } last; } } } } if ($rewrite_state eq 'on') { # Checking for rewrites of https:// to http:// my ($gotrules,$rulestr,$ssldir); if ('' eq 'suse9.2' || '' eq 'suse9.3' || '' eq 'sles9') { $ssldir = '/etc/apache/vhosts.d'; } elsif ('' =~ /^(suse|sles)/) { $ssldir = '/etc/apache2/vhosts.d'; } elsif ('' =~ /^(debian|ubuntu)/) { $ssldir = '/etc/apache2/sites-available'; } else { $ssldir = '/etc/httpd/conf.d'; } my $hostname = Sys::Hostname::FQDN::fqdn(); my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost'); my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)', 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', 'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', 'RewriteCond %{REMOTE_ADDR} 127.0.0.1', 'RewriteRule (.*) - [L]'); if (($hostip ne '') && ($hostip ne '127.0.0.1')) { push(@expected,('RewriteCond %{REMOTE_ADDR} '.$hostip, 'RewriteRule (.*) - [L]')); } push(@expected,('RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$', 'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', 'RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]')); if (-d $ssldir) { my @rewrites; if (opendir(my $dir,$ssldir)) { my @sslconf_files; foreach my $file (!grep(/^\.$/,readdir($dir))) { if (open(my $fh,'<',"$ssldir/$file")) { while (<$fh>) { if (/^\s*<VirtualHost\s+[^:]*\:443>\s*$/) { push(@sslconf_files,$file); last; } } close($fh); } } if (@sslconf_files) { my @rewrites; foreach my $file (@sslconf_files) { if (open(my $fh,'<',"$ssldir/$file")) { my ($rewrite,$num) = (0,0); while (<$fh>) { if ($rewrite) { if (/\s*<\/IfModule>/) { $rewrite = 0; $num ++; } else { chomp(); s/^(\s+|\s+)$//g; push(@{$rewrites[$num]},$_); } } elsif (/^\s*<IfModule\s+mod_rewrite.c>/) { $rewrite = 1; } } close($fh); } } } closedir($dir); } if (@rewrites) { foreach my $item (@rewrites) { if (ref($item) eq 'ARRAY') { my $found = 0; foreach my $item (@rewrites) { foreach my $match (@expected) { if ($match eq $item) { $found ++; last; } } } if ($found >= @expected) { $gotrules = 1; } } } } } unless ($gotrules) { print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '. 'of http to https are enabled for most URLs.'."\n". 'Unless your Apache configuration includes Strict-Transport-Security '. '(with max-age > 0), it is recommended to also set rewrites from https to http '. 'for specific URLs in a file in '.$ssldir.' by including the following:'."\n". "<IfModule mod_rewrite.c>\n".' '. join("\n ",@expected)."\n". "</IfModule>\n"); } } } }