for conf in "$tool"/etc/apache2/site.d/*/VirtualHost.conf
do conf=${conf#"$tool"/etc/apache2/site.d/}
local port site
- IFS=. read -r port site <<-EOF
+ IFS=. read -r port domain <<-EOF
${conf%\/VirtualHost\.conf}
EOF
- assert 'test "${site:+set}"'
assert 'test "${port:+set}"'
- local site_user="$user.$port.$site"
- local site_dir="$user.$port.$site"
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
case $port in
(443)
local hint="run vm_remote apache2_key_send before"
- assert "sudo test -f /etc/apache2/site.d/\"$site_dir\"/x509/key.pem" hint
- sudo install -d -m 770 -o "$user" -g "$user" \
+ assert "sudo test -f /etc/apache2/site.d/\"$site\"/x509/key.pem" hint
+ sudo install -d -m 770 -o www."$site" -g www."$site" \
/etc/apache2 \
- /etc/apache2/site.d/"$site_dir" \
- /etc/apache2/site.d/"$site_dir"/x509 \
- /etc/apache2/site.d/"$site_dir"/x509/ca \
- /etc/apache2/site.d/"$site_dir"/x509/empty \
- /etc/apache2/site.d/"$site_dir"/x509/rvk \
- /etc/apache2/site.d/"$site_dir"/x509/usr
+ /etc/apache2/site.d/"$site" \
+ /etc/apache2/site.d/"$site"/x509 \
+ /etc/apache2/site.d/"$site"/x509/ca \
+ /etc/apache2/site.d/"$site"/x509/empty \
+ /etc/apache2/site.d/"$site"/x509/rvk \
+ /etc/apache2/site.d/"$site"/x509/usr
sudo install -m 664 -o www -g www \
- "$tool"/var/pub/x509/"$site"/crt.self-signed.pem \
- /etc/apache2/site.d/"$site_dir"/x509/crt.self-signed.pem
- #sudo install -m 664 -o "$user" -g "$user" \
+ "$tool"/var/pub/x509/"$site"/crt.self-signed.pem \
+ /etc/apache2/site.d/"$site"/x509/crt.self-signed.pem
+ #sudo install -m 664 -o www."$site" -g www."$site" \
# "$tool"/var/pub/x509/"$site"/rvk.pem \
- # /etc/apache2/site.d/"$site_dir"/x509/rvk.pem
+ # /etc/apache2/site.d/"$site"/x509/rvk.pem
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/"$site"/ca/crt.self-signed.pem \
- /etc/apache2/site.d/"$site_dir"/x509/ca/crt.pem
+ /etc/apache2/site.d/"$site"/x509/ca/crt.pem
sudo install -m 664 -o www -g www \
- "$tool"/var/pub/x509/"$site"/crt.pem \
- /etc/apache2/site.d/"$site_dir"/x509/crt.pem
+ "$tool"/var/pub/x509/"$site"/crt.pem \
+ /etc/apache2/site.d/"$site"/x509/crt.pem
;;
esac
case $port in
(80)
cat <<-EOF
<VirtualHost *:$port>
- AssignUserID $site_user $site_user
- CustomLog "|/usr/sbin/rotatelogs /home/www/log/$site_dir/apache2/access/%Y-%m-%d.log 86400 60" Combined
+ AssignUserID www.$site www.$site
+ CustomLog "|/usr/sbin/rotatelogs /home/www/log/$site/apache2/access/%Y-%m-%d.log 86400 60" Combined
#CustomLog "/dev/null" Combined
- DocumentRoot /home/www/pub/$site_dir
- ErrorLog "|/usr/sbin/rotatelogs /home/www/log/$site_dir/apache2/error/%Y-%m-%d.log 86400 60"
+ DocumentRoot /home/www/pub/$site
+ ErrorLog "|/usr/sbin/rotatelogs /home/www/log/$site/apache2/error/%Y-%m-%d.log 86400 60"
#ErrorLog "/dev/null"
- ServerName $site
+ ServerName $domain
LogLevel Warn
- $(cat "$tool"/etc/apache2/site.d/"$site_dir"/VirtualHost.conf)
+ $(cat "$tool"/etc/apache2/site.d/"$site"/VirtualHost.conf)
</VirtualHost>
EOF
;;
cat <<-EOF
<IfModule mod_ssl.c>
<VirtualHost *:$port>
- AssignUserID $site_user $site_user
+ AssignUserID www.$site www.$site
BrowserMatch "MSIE [2-6]" ssl-unclean-shutdown nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
- CustomLog "|/usr/sbin/rotatelogs /home/www/log/$site_dir/apache2/access/%Y-%m-%d.log 86400 60" Combined
+ CustomLog "|/usr/sbin/rotatelogs /home/www/log/$site/apache2/access/%Y-%m-%d.log 86400 60" Combined
#CustomLog "/dev/null" Combined
- DocumentRoot /home/www/pub/$site_dir
- ErrorLog "|/usr/sbin/rotatelogs /home/www/log/$site_dir/apache2/error/%Y-%m-%d.log 86400 60"
+ DocumentRoot /home/www/pub/$site
+ ErrorLog "|/usr/sbin/rotatelogs /home/www/log/$site/apache2/error/%Y-%m-%d.log 86400 60"
#ErrorLog "/dev/null"
LogLevel Warn
- ServerName $site
- SSLCACertificateFile /etc/apache2/site.d/$site_dir/x509/crt.self-signed.pem
- SSLCACertificatePath /etc/apache2/site.d/$site_dir/x509/usr/
- #SSLCARevocationFile /etc/apache2/site.d/$site_dir/x509/rvk.pem
- SSLCADNRequestFile /etc/apache2/site.d/$site_dir/x509/crt.self-signed.pem
- SSLCADNRequestPath /etc/apache2/site.d/$site_dir/x509/empty/
+ ServerName $domain
+ SSLCACertificateFile /etc/apache2/site.d/$site/x509/crt.self-signed.pem
+ SSLCACertificatePath /etc/apache2/site.d/$site/x509/usr/
+ #SSLCARevocationFile /etc/apache2/site.d/$site/x509/rvk.pem
+ SSLCADNRequestFile /etc/apache2/site.d/$site/x509/crt.self-signed.pem
+ SSLCADNRequestPath /etc/apache2/site.d/$site/x509/empty/
# NOTE: ne publie pas les certificats d’utilisateur-ice-s acceptés
- SSLCARevocationPath /etc/apache2/site.d/$site_dir/x509/rvk/
- SSLCertificateChainFile /etc/apache2/site.d/$site_dir/x509/ca/crt.pem
- SSLCertificateFile /etc/apache2/site.d/$site_dir/x509/crt.pem
- SSLCertificateKeyFile /etc/apache2/site.d/$site_dir/x509/key.pem
+ SSLCARevocationPath /etc/apache2/site.d/$site/x509/rvk/
+ SSLCertificateChainFile /etc/apache2/site.d/$site/x509/ca/crt.pem
+ SSLCertificateFile /etc/apache2/site.d/$site/x509/crt.pem
+ SSLCertificateKeyFile /etc/apache2/site.d/$site/x509/key.pem
SSLCipherSuite AES+RSA+SHA256
SSLEngine On
SSLInsecureRenegotiation Off
SSLUserName SSL_CLIENT_S_DN_CN
SSLVerifyClient None
SSLVerifyDepth 1
- $(cat "$tool"/etc/apache2/site.d/"$site_dir"/VirtualHost.conf)
+ $(cat "$tool"/etc/apache2/site.d/"$site"/VirtualHost.conf)
</VirtualHost>
</IfModule>
EOF
;;
esac |
sudo install -m 660 -o root -g root /dev/stdin \
- /etc/apache2/site.d/"$site_dir"/VirtualHost.conf
+ /etc/apache2/site.d/"$site"/VirtualHost.conf
sudo ln -fns \
- ../site.d/"$site_dir"/VirtualHost.conf \
- /etc/apache2/sites-available/"$site_dir"
- sudo install -d -m 770 -o "$user" -g "$user" \
- /home/www/log/"$site_dir" \
- /home/www/log/"$site_dir"/apache2
+ ../site.d/"$site"/VirtualHost.conf \
+ /etc/apache2/sites-available/"$site"
+ sudo install -d -m 770 -o www."$site" -g www."$site" \
+ /home/www/log/"$site" \
+ /home/www/log/"$site"/apache2
sudo ln -fns \
- /etc/apache2/site.d/"$site_dir" \
- /home/www/etc/apache2/"$site_dir"
- test -e /home/www/pub/"$site_dir" ||
- sudo install -d -m 770 -o "$user" -g "$user" \
- /home/www/pub/"$site_dir"
- getent passwd "$site_user" >/dev/null ||
+ /etc/apache2/site.d/"$site" \
+ /home/www/etc/apache2/"$site"
+ test -e /home/www/pub/"$site" ||
+ sudo install -d -m 770 -o www."$site" -g www."$site" \
+ /home/www/pub/"$site"
+ getent passwd www."$site" >/dev/null ||
sudo adduser \
--disabled-password \
--group \
--no-create-home \
- --home /home/www/pub/"$site_dir" \
+ --home /home/www/pub/"$site" \
--shell /bin/false \
--system \
- "$site_user"
- sudo setfacl -m u:"$site_user":--x \
- /home/www/ \
- /home/www/pub/ \
- /home/www/pub/"$site_dir"/
- sudo setfacl -m d:u:"$site_user":rwx \
- "$home"/pub/www/"$site_dir"/
- test ! -r "$tool"/etc/apache2/site.d/"$site_dir"/configure.sh ||
- . "$tool"/etc/apache2/site.d/"$site_dir"/configure.sh
- test -e /etc/apache2/sites-enabled/"$site_dir" ||
- sudo a2ensite "$site_dir"
+ www."$site"
+ #sudo setfacl -m u:"www.$site":--x \
+ # /home/www/ \
+ # /home/www/pub/ \
+ # /home/www/pub/"$site"/
+ #sudo setfacl -m d:u:"www.$site":rwx \
+ # "$home"/pub/www/"$site"/
+ test ! -r "$tool"/etc/apache2/site.d/"$site"/configure.sh ||
+ . "$tool"/etc/apache2/site.d/"$site"/configure.sh
+ test -e /etc/apache2/sites-enabled/"$site" ||
+ sudo a2ensite "$site"
done
sudo service apache2 restart
}
done
for conf in "$tool"/etc/nginx/site.d/*/server.conf
do conf=${conf#"$tool"/etc/nginx/site.d/}
- local port site
- IFS=. read -r port site <<-EOF
+ local port domain
+ IFS=. read -r port domain <<-EOF
${conf%\/server\.conf}
EOF
assert 'test "${port:+set}"'
- assert 'test "${site:+set}"'
- site="$port.$site"
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
getent passwd www."$site" >/dev/null ||
sudo adduser \
--disabled-login \
access_log /home/www/log/$site/nginx/access.log main;
error_log /home/www/log/$site/nginx/error.log warn;
root /home/www/pub/$site;
- server_name $site;
+ server_name $domain;
$(cat "$tool"/etc/nginx/site.d/"$site"/server.conf)
}
EOF
error_log /home/www/log/$site/nginx/error.log warn;
keepalive_timeout 70;
root /home/www/pub/$site;
- server_name $site;
+ server_name $domain;
# DOC: http://wiki.nginx.org/HttpSslModule
ssl on;
ssl_certificate /home/www/etc/nginx/site.d/$site/x509/crt.pem;
esac |
sudo install -m 660 -o www -g www /dev/stdin \
/etc/nginx/site.d/"$site"/server.conf
- adduser www-data "$site"
+ adduser www-data www."$site"
test -e /home/www/pub/"$site" ||
- sudo install -d -m 3770 -o "$site" -g "$site" \
+ sudo install -d -m 3770 -o www."$site" -g www."$site" \
/home/www/pub/"$site"
sudo install -d -m 3770 -o log."$site" -g log."$site" \
/home/www/log/"$site"/nginx
sudo rm -f /etc/php5/fpm/pool.d/*
for conf in "$tool"/etc/php5/fpm/pool.d/*.conf
do conf=${conf#"$tool"/etc/php5/fpm/pool.d/}
- local port site
- IFS=. read -r port site <<-EOF
+ local port domain
+ IFS=. read -r port domain <<-EOF
${conf%\.conf}
EOF
assert 'test "${port:+set}"'
- assert 'test "${site:+set}"'
- site="$port.$site"
- getent passwd php5"$site" >/dev/null ||
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
+ getent passwd php5."$site" >/dev/null ||
sudo adduser \
--disabled-login \
--disabled-password \
/home/www/log/php5/fpm
sudo install -d -m 770 -o log."$site" -g log."$site" \
/home/www/log/"$site"
- sudo adduser php5."$user" www."$site"
+ sudo adduser php5."$site" www."$site"
sudo install -m 660 -o root -g root /dev/stdin \
/etc/php5/fpm/pool.d/"$conf" <<-EOF
[php5.$site]
../crt+crl.self-signed.pem \
/etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
+ "$tool"/var/pub/x509/smptd.$vm_domainname/crt+crl.self-signed.pem \
+ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt.pem
+ "$tool"/var/pub/x509/smptd.$vm_domainname/crt.pem \
+ /etc/postfix/$vm_domainname/smtpd/x509/crt.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+ca.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+ca.pem
+ "$tool"/var/pub/x509/smptd.$vm_domainname/crt+ca.pem \
+ /etc/postfix/$vm_domainname/smtpd/x509/crt+ca.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
+ "$tool"/var/pub/x509/smptd.$vm_domainname/crt+crl.self-signed.pem \
+ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
sudo install -m 660 -o root -g root \
"$tool"/etc/postfix/$vm_domainname/header_checks \
/etc/postfix/$vm_domainname/header_checks
local -; set +f
for conf in "$tool"/etc/apache2/site.d/*/VirtualHost.conf
do conf=${conf#"$tool"/etc/apache2/site.d/}
- local user port service site
- IFS=. read -r user port service site <<-EOF
+ local port domain
+ IFS=. read -r port domain <<-EOF
${conf%\/VirtualHost\.conf}
EOF
- assert 'test "${user:+set}"'
- assert 'test "${service:+set}"'
- assert 'test "${site:+set}"'
assert 'test "${port:+set}"'
- local site_dir="$user.$port.$service.$site"
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
case $port in
(443)
rule ssh -l root ' \
sudo install -d -m 770 -o '"$user"' -g '"$user"' \
/etc/apache2 \
- /etc/apache2/site.d/'"$site_dir"' \
- /etc/apache2/site.d/'"$site_dir"'/x509; \
+ /etc/apache2/site.d/'"$site"' \
+ /etc/apache2/site.d/'"$site"'/x509; \
sudo install -m 644 -o '"$user"' -g '"$user"' /dev/stdin \
- /etc/apache2/site.d/'"$site_dir"'/x509/.gitignore <<-EOF
+ /etc/apache2/site.d/'"$site"'/x509/.gitignore <<-EOF
key.pem
EOF
'
rule _x509_service_key_send_deciphered $service \
- ~"$user"/etc/apache2/"$site_dir"/x509/key.pem -l root "$@"
+ /etc/apache2/"$site"/x509/key.pem -l root "$@"
;;
esac
done
local -; set +f
for conf in "$tool"/etc/nginx/site.d/*/server.conf
do conf=${conf#"$tool"/etc/nginx/site.d/}
- local user port service site
- IFS=. read -r user port service site <<-EOF
+ local port domain
+ IFS=. read -r port domain <<-EOF
${conf%\/server\.conf}
EOF
- assert 'test "${user:+set}"'
- assert 'test "${service:+set}"'
- assert 'test "${site:+set}"'
assert 'test "${port:+set}"'
- local site_dir="$user.$port.$service.$site"
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
case $port in
(443)
rule ssh -l root ' \
sudo install -d -m 770 -o root -g root \
/etc/nginx \
/etc/nginx/site.d \
- /etc/nginx/site.d/'"$site_dir"' \
- /etc/nginx/site.d/'"$site_dir"'/x509; \
+ /etc/nginx/site.d/'"$site"' \
+ /etc/nginx/site.d/'"$site"'/x509; \
sudo install -m 644 -o root -g root /dev/stdin \
- /etc/nginx/site.d/'"$site_dir"'/x509/.gitignore <<-EOF
+ /etc/nginx/site.d/'"$site"'/x509/.gitignore <<-EOF
key.pem
EOF
'
rule _x509_service_key_send_deciphered $service \
- /etc/nginx/"$site_dir"/x509/key.pem -l root "$@"
+ /etc/nginx/"$site"/x509/key.pem -l root "$@"
;;
esac
done