diff --git a/.gitignore b/.gitignore index 004a835..5b3193d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /etc/config /share/bin/crypt /share/bin/twigc +/tests diff --git a/bin/vhost-add b/bin/vhost-add index f5c8861..bdf3256 100755 --- a/bin/vhost-add +++ b/bin/vhost-add @@ -47,7 +47,7 @@ fi # WEB_HTTPS_GENERATE_CERTIFICATE="$(form_yes_no -t "$TITLE" -l "Retrieve certificate using LE")" #fi -DOCUMENT_ROOT="$(form_input -t "$TITLE" -l "Document Root" -d "/var/www/service-web/www/$DOMAIN/web")" +DOCUMENT_ROOT="$(form_input -t "$TITLE" -l "Document Root" -d "$WEB_ROOT_PATH/$DOMAIN/web")" PHP_ENABLED="$(form_yes_no -t "$TITLE" -l "Support of PHP")" @@ -66,7 +66,6 @@ fi USER_PASSWORD="$(tr -dc "0123456789!@#$%()[]*@<>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" < /dev/urandom | head -c 20)" SYSTEM_USER_USERNAME="$(form_input -t "$TITLE" -l "System username" -d "web" -r)" -SYSTEM_USER_GROUP="webgroup" SYSTEM_USER_PASSWORD=$( PASSWORD="$USER_PASSWORD" @@ -92,6 +91,11 @@ export PHP_VERSION export WEB_HTTP export WEB_HTTPS export WEB_HTTPS_FORCE +export WEB_ROOT_PATH +export WEB_LOG_PATH +export WEB_HTTPS_DEFAULT_CERT_PEM +export WEB_HTTPS_DEFAULT_CERT_PRIVKEY +export WEB_HTTPS_DEFAULT_CERT_CHAIN TMP_FILE="/tmp/vhost-add-$(tr -dc "qwertQWERTasdfgASDFGzxcvbZXCVB" < /dev/urandom | head -c 16)" template summary > "$TMP_FILE" @@ -111,9 +115,9 @@ fi # User and directory creation # ############################### -useradd -G "$SYSTEM_USER_GROUP" -s /bin/zsh -m -p "$SYSTEM_USER_PASSWORD" -d "/services/web/www/$DOMAIN" "$SYSTEM_USER_USERNAME" -k /etc/skel/ -chgrp www-data "/services/web/www/$DOMAIN" -chmod o-r "/services/web/www/$DOMAIN" +useradd -G "$SYSTEM_USER_GROUP" -s "$DEFAULT_SHELL" -m -p "$SYSTEM_USER_PASSWORD" -d "$WEB_ROOT_PATH/$DOMAIN" "$SYSTEM_USER_USERNAME" -k "$SKEL_PATH" +chgrp www-data "$WEB_ROOT_PATH/$DOMAIN" +chmod o-r "$WEB_ROOT_PATH/$DOMAIN" ####################### # Make configurations # @@ -124,17 +128,20 @@ SERVICES_TO_RELOAD="apache2" SYSTEM_USER_ID="$(id -u "$SYSTEM_USER_USERNAME")" PHP_FPM_PORT=$((SYSTEM_USER_ID + 12000)) +export PHP_FPM_PORT + if [ "$WEB_HTTP" = "yes" ]; then - VHOST_FILE_SA="/etc/apache2/sites-available/${DOMAIN}.${WEB_HTTP_PORT}.conf" - VHOST_FILE_SE="/etc/apache2/sites-enabled/${DOMAIN}.${WEB_HTTP_PORT}.conf" + VHOST_FILE_SA="$APACHE_VHOST_SITES_AVAILABLE_PATH/${DOMAIN}.${WEB_HTTP_PORT}.conf" + VHOST_FILE_SE="$APACHE_VHOST_SITES_ENABLED_PATH/${DOMAIN}.${WEB_HTTP_PORT}.conf" + PORT=$WEB_HTTP_PORT template vhost-http > "$VHOST_FILE_SA" ln -rs "$VHOST_FILE_SA" "$VHOST_FILE_SE" fi if [ "$WEB_HTTPS" = "yes" ]; then - VHOST_FILE_SA="/etc/apache2/sites-available/${DOMAIN}.${WEB_HTTPS_PORT}.conf" - VHOST_FILE_SE="/etc/apache2/sites-enabled/${DOMAIN}.${WEB_HTTPS_PORT}.conf" + VHOST_FILE_SA="$APACHE_VHOST_SITES_AVAILABLE_PATH/${DOMAIN}.${WEB_HTTPS_PORT}.conf" + VHOST_FILE_SE="$APACHE_VHOST_SITES_ENABLED_PATH/${DOMAIN}.${WEB_HTTPS_PORT}.conf" PORT=$WEB_HTTPS_PORT template vhost-https > "$VHOST_FILE_SA" @@ -142,15 +149,13 @@ if [ "$WEB_HTTPS" = "yes" ]; then fi if [ "$PHP_ENABLED" = "yes" ]; then - if [ "$PHP_VERSION" = "5.6" ]; then - SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD php5-fpm" - PHP_FPM_FILE="/etc/php5/fpm/pool.d/${SYSTEM_USER_USERNAME}.conf" - else - SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD php${PHP_VERSION}-fpm" - PHP_FPM_FILE="/etc/php/$PHP_VERSION/fpm/pool.d/${SYSTEM_USER_USERNAME}.conf" - fi + PHP_VERSION_NORMALISED="$(echo "$PHP_VERSION" | tr -dc 1234567890)" - export PHP_FPM_PORT + eval "FPM_POOL_PATH=\$PHP_FPM${PHP_VERSION_NORMALISED}_POOL_PATH" + eval "FPM_SERVICE=\$PHP_FPM${PHP_VERSION_NORMALISED}_SERVICE" + + SERVICES_TO_RELOAD="$SERVICES_TO_RELOAD $FPM_SERVICE" + PHP_FPM_FILE="$FPM_POOL_PATH/${SYSTEM_USER_USERNAME}.conf" template php-fpm > "$PHP_FPM_FILE" fi diff --git a/etc/config.dist b/etc/config.dist index 4234f5f..6073058 100644 --- a/etc/config.dist +++ b/etc/config.dist @@ -1,3 +1,21 @@ WEB_HTTP_PORT=81 WEB_HTTPS_PORT=444 +SKEL_PATH=/etc/skel +DEFAULT_SHELL=/bin/zsh +WEB_ROOT_PATH=/var/www/service-web/www +WEB_LOG_PATH=/services/web/logs +APACHE_VHOST_SITES_AVAILABLE_PATH=/etc/apache2/sites-available +APACHE_VHOST_SITES_ENABLED_PATH=/etc/apache2/sites-enabled +PHP_FPM56_POOL_PATH=/etc/php5/fpm/pool.d +PHP_FPM71_POOL_PATH=/etc/php/7.1/fpm/pool.d +PHP_FPM72_POOL_PATH=/etc/php/7.2/fpm/pool.d +PHP_FPM73_POOL_PATH=/etc/php/7.3/fpm/pool.d +PHP_FPM56_SERVICE=php5-fpm +PHP_FPM71_SERVICE=php7.1-fpm +PHP_FPM72_SERVICE=php7.2-fpm +PHP_FPM73_SERVICE=php7.3-fpm PHP_BIN=/usr/bin/php7.3 +WEB_HTTPS_DEFAULT_CERT_PEM=/etc/letsencrypt/live/example.com/cert.pem +WEB_HTTPS_DEFAULT_CERT_PRIVKEY=/etc/letsencrypt/live/example.com/privkey.pem +WEB_HTTPS_DEFAULT_CERT_CHAIN=/etc/letsencrypt/live/example.com/chain.pem +SYSTEM_USER_GROUP=webgroup diff --git a/src/templates/vhost-http.twig b/src/templates/vhost-http.twig index f4497d4..7a6f016 100644 --- a/src/templates/vhost-http.twig +++ b/src/templates/vhost-http.twig @@ -7,8 +7,8 @@ DocumentRoot {{ DOCUMENT_ROOT }} SuexecUserGroup {{ SYSTEM_USER_USERNAME }} {{ SYSTEM_USER_GROUP }} - ErrorLog /services/web/logs/{{ DOMAIN }}.log - CustomLog /services/web/logs/{{ DOMAIN }}.log combined + ErrorLog {{ WEB_LOG_PATH }}/{{ DOMAIN }}.log + CustomLog {{ WEB_LOG_PATH }}/{{ DOMAIN }}.log combined {% block force_https %}{% if WEB_HTTPS_FORCE == "yes" %} Redirect permanent / https://{{ DOMAIN }}/ {% endif %}{% endblock %} diff --git a/src/templates/vhost-https.twig b/src/templates/vhost-https.twig index 80e915b..bf4b7ef 100644 --- a/src/templates/vhost-https.twig +++ b/src/templates/vhost-https.twig @@ -10,9 +10,9 @@ {{ parent() ? (parent() ~ "\n") : '' }} SSLEngine on - SSLCertificateFile /etc/letsencrypt/live/deblan.org/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/deblan.org/privkey.pem - SSLCACertificateFile /etc/letsencrypt/live/deblan.org/chain.pem + SSLCertificateFile {{ WEB_HTTPS_DEFAULT_CERT_PEM }} + SSLCertificateKeyFile {{ WEB_HTTPS_DEFAULT_CERT_PRIVKEY }} + SSLCACertificateFile {{ WEB_HTTPS_DEFAULT_CERT_CHAIN }} # SSLCertificateFile /etc/letsencrypt/live/{{ DOMAIN }}/cert.pem # SSLCertificateKeyFile /etc/letsencrypt/live/{{ DOMAIN }}/privkey.pem