Browse Source

add several configuration vars

master
Simon Vieille 3 months ago
parent
commit
637e014b2a
Signed by: Simon Vieille <simon@deblan.fr> GPG Key ID: 03383D15A1D31745
5 changed files with 46 additions and 22 deletions
  1. 1
    0
      .gitignore
  2. 22
    17
      bin/vhost-add
  3. 18
    0
      etc/config.dist
  4. 2
    2
      src/templates/vhost-http.twig
  5. 3
    3
      src/templates/vhost-https.twig

+ 1
- 0
.gitignore View File

@@ -1,3 +1,4 @@
/etc/config
/share/bin/crypt
/share/bin/twigc
/tests

+ 22
- 17
bin/vhost-add View File

@@ -47,7 +47,7 @@ fi
# WEB_HTTPS_GENERATE_CERTIFICATE="$(form_yes_no -t "$TITLE" -l "Retrieve certificate using LE")"
#fi

DOCUMENT_ROOT="$(form_input -t "$TITLE" -l "Document Root" -d "/var/www/service-web/www/$DOMAIN/web")"
DOCUMENT_ROOT="$(form_input -t "$TITLE" -l "Document Root" -d "$WEB_ROOT_PATH/$DOMAIN/web")"

PHP_ENABLED="$(form_yes_no -t "$TITLE" -l "Support of PHP")"

@@ -66,7 +66,6 @@ fi
USER_PASSWORD="$(tr -dc "0123456789!@#$%()[]*@<>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" < /dev/urandom | head -c 20)"

SYSTEM_USER_USERNAME="$(form_input -t "$TITLE" -l "System username" -d "web" -r)"
SYSTEM_USER_GROUP="webgroup"

SYSTEM_USER_PASSWORD=$(
PASSWORD="$USER_PASSWORD"
@@ -92,6 +91,11 @@ export PHP_VERSION
export WEB_HTTP
export WEB_HTTPS
export WEB_HTTPS_FORCE
export WEB_ROOT_PATH
export WEB_LOG_PATH
export WEB_HTTPS_DEFAULT_CERT_PEM
export WEB_HTTPS_DEFAULT_CERT_PRIVKEY
export WEB_HTTPS_DEFAULT_CERT_CHAIN

TMP_FILE="/tmp/vhost-add-$(tr -dc "qwertQWERTasdfgASDFGzxcvbZXCVB" < /dev/urandom | head -c 16)"
template summary > "$TMP_FILE"
@@ -111,9 +115,9 @@ fi
# User and directory creation #
###############################

useradd -G "$SYSTEM_USER_GROUP" -s /bin/zsh -m -p "$SYSTEM_USER_PASSWORD" -d "/services/web/www/$DOMAIN" "$SYSTEM_USER_USERNAME" -k /etc/skel/
chgrp www-data "/services/web/www/$DOMAIN"
chmod o-r "/services/web/www/$DOMAIN"
useradd -G "$SYSTEM_USER_GROUP" -s "$DEFAULT_SHELL" -m -p "$SYSTEM_USER_PASSWORD" -d "$WEB_ROOT_PATH/$DOMAIN" "$SYSTEM_USER_USERNAME" -k "$SKEL_PATH"
chgrp www-data "$WEB_ROOT_PATH/$DOMAIN"
chmod o-r "$WEB_ROOT_PATH/$DOMAIN"

#######################
# Make configurations #
@@ -124,17 +128,20 @@ SERVICES_TO_RELOAD="apache2"
SYSTEM_USER_ID="$(id -u "$SYSTEM_USER_USERNAME")"
PHP_FPM_PORT=$((SYSTEM_USER_ID + 12000))

export PHP_FPM_PORT

if [ "$WEB_HTTP" = "yes" ]; then
VHOST_FILE_SA="/etc/apache2/sites-available/${DOMAIN}.${WEB_HTTP_PORT}.conf"
VHOST_FILE_SE="/etc/apache2/sites-enabled/${DOMAIN}.${WEB_HTTP_PORT}.conf"
VHOST_FILE_SA="$APACHE_VHOST_SITES_AVAILABLE_PATH/${DOMAIN}.${WEB_HTTP_PORT}.conf"
VHOST_FILE_SE="$APACHE_VHOST_SITES_ENABLED_PATH/${DOMAIN}.${WEB_HTTP_PORT}.conf"

PORT=$WEB_HTTP_PORT template vhost-http > "$VHOST_FILE_SA"

ln -rs "$VHOST_FILE_SA" "$VHOST_FILE_SE"
fi

if [ "$WEB_HTTPS" = "yes" ]; then
VHOST_FILE_SA="/etc/apache2/sites-available/${DOMAIN}.${WEB_HTTPS_PORT}.conf"
VHOST_FILE_SE="/etc/apache2/sites-enabled/${DOMAIN}.${WEB_HTTPS_PORT}.conf"
VHOST_FILE_SA="$APACHE_VHOST_SITES_AVAILABLE_PATH/${DOMAIN}.${WEB_HTTPS_PORT}.conf"
VHOST_FILE_SE="$APACHE_VHOST_SITES_ENABLED_PATH/${DOMAIN}.${WEB_HTTPS_PORT}.conf"

PORT=$WEB_HTTPS_PORT template vhost-https > "$VHOST_FILE_SA"

@@ -142,15 +149,13 @@ if [ "$WEB_HTTPS" = "yes" ]; then
fi

if [ "$PHP_ENABLED" = "yes" ]; then
if [ "$PHP_VERSION" = "5.6" ]; then
SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD php5-fpm"
PHP_FPM_FILE="/etc/php5/fpm/pool.d/${SYSTEM_USER_USERNAME}.conf"
else
SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD php${PHP_VERSION}-fpm"
PHP_FPM_FILE="/etc/php/$PHP_VERSION/fpm/pool.d/${SYSTEM_USER_USERNAME}.conf"
fi
PHP_VERSION_NORMALISED="$(echo "$PHP_VERSION" | tr -dc 1234567890)"

eval "FPM_POOL_PATH=\$PHP_FPM${PHP_VERSION_NORMALISED}_POOL_PATH"
eval "FPM_SERVICE=\$PHP_FPM${PHP_VERSION_NORMALISED}_SERVICE"

export PHP_FPM_PORT
SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD $FPM_SERVICE"
PHP_FPM_FILE="$FPM_POOL_PATH/${SYSTEM_USER_USERNAME}.conf"

template php-fpm > "$PHP_FPM_FILE"
fi

+ 18
- 0
etc/config.dist View File

@@ -1,3 +1,21 @@
WEB_HTTP_PORT=81
WEB_HTTPS_PORT=444
SKEL_PATH=/etc/skel
DEFAULT_SHELL=/bin/zsh
WEB_ROOT_PATH=/var/www/service-web/www
WEB_LOG_PATH=/services/web/logs
APACHE_VHOST_SITES_AVAILABLE_PATH=/etc/apache2/sites-available
APACHE_VHOST_SITES_ENABLED_PATH=/etc/apache2/sites-enabled
PHP_FPM56_POOL_PATH=/etc/php5/fpm/pool.d
PHP_FPM71_POOL_PATH=/etc/php/7.1/fpm/pool.d
PHP_FPM72_POOL_PATH=/etc/php/7.2/fpm/pool.d
PHP_FPM73_POOL_PATH=/etc/php/7.3/fpm/pool.d
PHP_FPM56_SERVICE=php5-fpm
PHP_FPM71_SERVICE=php7.1-fpm
PHP_FPM72_SERVICE=php7.2-fpm
PHP_FPM73_SERVICE=php7.3-fpm
PHP_BIN=/usr/bin/php7.3
WEB_HTTPS_DEFAULT_CERT_PEM=/etc/letsencrypt/live/example.com/cert.pem
WEB_HTTPS_DEFAULT_CERT_PRIVKEY=/etc/letsencrypt/live/example.com/privkey.pem
WEB_HTTPS_DEFAULT_CERT_CHAIN=/etc/letsencrypt/live/example.com/chain.pem
SYSTEM_USER_GROUP=webgroup

+ 2
- 2
src/templates/vhost-http.twig View File

@@ -7,8 +7,8 @@

DocumentRoot {{ DOCUMENT_ROOT }}
SuexecUserGroup {{ SYSTEM_USER_USERNAME }} {{ SYSTEM_USER_GROUP }}
ErrorLog /services/web/logs/{{ DOMAIN }}.log
CustomLog /services/web/logs/{{ DOMAIN }}.log combined
ErrorLog {{ WEB_LOG_PATH }}/{{ DOMAIN }}.log
CustomLog {{ WEB_LOG_PATH }}/{{ DOMAIN }}.log combined
{% block force_https %}{% if WEB_HTTPS_FORCE == "yes" %}
Redirect permanent / https://{{ DOMAIN }}/
{% endif %}{% endblock %}

+ 3
- 3
src/templates/vhost-https.twig View File

@@ -10,9 +10,9 @@
{{ parent() ? (parent() ~ "\n") : '' }}
SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/deblan.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/deblan.org/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/deblan.org/chain.pem
SSLCertificateFile {{ WEB_HTTPS_DEFAULT_CERT_PEM }}
SSLCertificateKeyFile {{ WEB_HTTPS_DEFAULT_CERT_PRIVKEY }}
SSLCACertificateFile {{ WEB_HTTPS_DEFAULT_CERT_CHAIN }}

# SSLCertificateFile /etc/letsencrypt/live/{{ DOMAIN }}/cert.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/{{ DOMAIN }}/privkey.pem

Loading…
Cancel
Save