source: alternc/trunk/install/alternc.install @ 2341

Revision 2341, 12.0 KB checked in by anarcat, 5 years ago (diff)

create a apache2-specific SSL configuration file
Line 
1#!/bin/sh
2#
3# AlternC Main install script.
4# This script should be launched only once, when installing AlternC
5# on a new server. THIS SCRIPT ERASE ALL DATA ON THE AlternC SYSTEM !!
6# YOU HAVE BEEN WARNED !
7
8# This script now assumes it has MySQL connectivity through
9# /etc/alternc/my.cnf
10
11set -e
12
13. /usr/lib/alternc/functions.sh
14
15#######################################################################
16# Script configuration
17#
18
19# Configuration template location
20TEMPLATE_DIR="/etc/alternc/templates"
21
22# Find needed configuration files (without the initial '/')
23# replace this one unconditionnally
24CONFIG_FILES="etc/alternc/bureau.conf"
25
26if [ -e /etc/bind/named.conf ]; then
27    CONFIG_FILES="$CONFIG_FILES etc/bind/templates/zone.template
28                  etc/bind/templates/named.template etc/bind/named.conf etc/bind/named.conf.options"
29fi
30if [ -e /etc/courier/authdaemonrc ]; then
31    CONFIG_FILES="$CONFIG_FILES etc/courier/authdaemonrc
32                  etc/courier/authmysqlrc"
33fi
34if [ -d /etc/postfix ]; then
35    CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf
36                  etc/postfix/mydomain.cf etc/postfix/mygid.cf
37                  etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
38fi
39if [ -e /etc/proftpd/proftpd.conf ]; then
40    CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf"
41fi
42if [ -e /etc/squirrelmail/apache.conf ]; then
43    CONFIG_FILES="$CONFIG_FILES etc/squirrelmail/apache.conf"
44fi
45
46if [ -e /etc/default/saslauthd ]; then
47    CONFIG_FILES="$CONFIG_FILES etc/default/saslauthd"
48fi
49
50INSTALLED_CONFIG_TAR="/var/backups/alternc/etc-installed.tar.gz"
51
52#######################################################################
53# Look for modified configuration files
54#
55if [ -f "$INSTALLED_CONFIG_TAR" ]; then
56    CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null |
57              grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs'  |grep -v 'Mode differs' |
58              sed -e 's/^\([^:]*\).*/    \1/' | sort -u`"
59    if [ ! -z "$CHANGED" ]; then
60        echo "The following configuration files has changed since last AlternC"
61        echo "installation :"
62        echo "$CHANGED"
63        echo ""
64        if [ "$1" = "force" ]; then
65            echo "Replacing them as you requested."
66        else
67            echo "These configuration files should normally be modified by"
68            echo "changing the template in $TEMPLATE_DIR and then calling"
69            echo "$0 to perform the update."
70            echo ""
71            echo "Please examine the situation closely and call '$0 force'"
72            echo "if you still want to actually overwrite these files."
73            exit 1
74        fi
75    fi
76fi
77
78#######################################################################
79# Prepare template expansions
80#
81
82. /etc/alternc/local.sh
83
84# XXX: copy-paste from debian/config
85if [ -r /etc/alternc/my.cnf ]; then
86    # make mysql configuration available as shell variables
87    # to convert from .cnf to shell syntax, we:
88    # * match only lines with "equal" in them (/=/)
89    # * remove whitespace around the = and add a left quote operator ' (;s)
90    # * add a right quote operator at the end of line (;s)
91    # * convert mysql variables into our MYSQL_ naming convention (;s)
92    # * print the result (;p)
93    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
94    chown root:www-data /etc/alternc/my.cnf
95    chmod 640 /etc/alternc/my.cnf
96fi
97
98WARNING="WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again."
99
100VERSION="`dpkg -s alternc | sed -n -e 's/^Version: \(.*\)/\1/p'`"
101
102# /var/alternc/dns/d/www.example.com
103FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"
104if [ "$FQDN_LETTER" = "$FQDN" ] 
105then
106       FQDN_LETTER="_" 
107fi
108
109NS2_IP=`perl -e "\\$h = (gethostbyname(\"$NS2_HOSTNAME\"))[4];
110                 @ip = unpack('C4', \\$h);
111                 print join (\".\", @ip);"`
112
113if [ -z "$MONITOR_IP" ]; then
114    MONITOR_IP="127.0.0.1"
115fi
116
117# XXX: I assume this is secure if /tmp is sticky (+t)
118# we should have a better way to deal with templating, of course.
119SED_SCRIPT=`mktemp`
120cat > $SED_SCRIPT <<EOF
121s\\%%hosting%%\\$HOSTING\\;
122s\\%%fqdn%%\\$FQDN\\;
123s\\%%public_ip%%\\$PUBLIC_IP\\;
124s\\%%internal_ip%%\\$INTERNAL_IP\\;
125s\\%%monitor_ip%%\\$MONITOR_IP\\;
126s\\%%ns1%%\\$NS1_HOSTNAME\\;
127s\\%%ns2%%\\$NS2_HOSTNAME\\;
128s\\%%mx%%\\$DEFAULT_MX\\;
129s\\%%dbhost%%\\$MYSQL_HOST\\;
130s\\%%dbname%%\\$MYSQL_DATABASE\\;
131s\\%%dbuser%%\\$MYSQL_USER\\;
132s\\%%dbpwd%%\\$MYSQL_PASS\\;
133s\\%%ALTERNC_LOC%%\\$ALTERNC_LOC\\;
134s\\%%warning_message%%\\$WARNING\\;
135s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
136s\\%%version%%\\$VERSION\\;
137s\\%%ns2_ip%%\\$NS2_IP\\;
138EOF
139
140#######################################################################
141# Backup configuration files
142#
143BACKUP_FILE="/var/backups/alternc/etc-original-`date +%Y%m%d-%H%M`.tar.gz"
144
145# Only backup what we are really going to replace
146BACKUPS=""
147for file in $CONFIG_FILES; do
148    TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
149    if [ -f "$TEMPLATE" ]; then
150        BACKUPS="$BACKUPS $file"
151    fi
152done
153
154# also backup main.cf since we're doing major changes to it
155BACKUPS="$BACKUPS etc/postfix/main.cf"
156tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null || true
157
158#######################################################################
159# Expand templates in the right place
160#
161echo -n "Expanding variables in configuration files:"
162for file in $CONFIG_FILES; do
163    TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
164    echo -n " $file"
165    if [ -f "$TEMPLATE" ]; then
166        sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
167    fi
168done
169echo "."
170rm -f $SED_SCRIPT
171
172#######################################################################
173# Save installed files to check them during next install
174#
175tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES
176
177########################################################################
178# Ad-hoc fixes
179#
180
181php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.\)\.so$/php\1/' | tail -1`"
182if [ -x /usr/sbin/apache ]
183then
184    # Enable vhost_alias apache module at the right place (ie: BEFORE mod_alias)
185    if ! grep -q "vhost_alias_module" /etc/apache/modules.conf
186    then
187        sed -i -e 's/^\(LoadModule.*config_log.*\)$/LoadModule vhost_alias_module \/usr\/lib\/apache\/1.3\/mod_vhost_alias.so\n\1/' /etc/apache/modules.conf
188    fi
189    echo "LoadModule ${php}_module /usr/lib/apache/1.3/lib${php}.so" | append_no_dupe /etc/apache/modules.conf
190    echo "LoadModule ${php}_module /usr/lib/apache/1.3/lib${php}.so" | append_no_dupe /etc/apache-ssl/modules.conf
191
192    if [ ! -h /etc/apache-ssl/conf.d/alternc.conf ] && [ -e /etc/apache-ssl/conf.d/ ]; then
193            ln -sf /etc/alternc/apache-ssl.conf /etc/apache-ssl/conf.d/alternc.conf
194    fi
195
196    if [ ! -h /etc/apache/conf.d/alternc.conf ] && [ -e /etc/apache/conf.d/ ]; then
197            ln -sf /etc/alternc/apache.conf /etc/apache/conf.d/alternc.conf
198    fi
199
200    if [ ! -h /etc/apache/conf.d/override_php.conf ] && [ -e /etc/apache/conf.d/ ]; then
201            ln -sf /var/alternc/apacheconf/override_php.conf /etc/apache/conf.d/override_php.conf
202    fi
203    SERVICES="$SERVICES apache apache-ssl"
204fi
205if [ -x /usr/sbin/apache2 ]; then
206    s=""
207    if ! ( [ -L /etc/apache2/mods-enabled/vhost_alias.load ] && [ -L /etc/apache2/mods-enabled/$php.load ] )
208    then
209        a2enmod vhost_alias
210        a2enmod $php
211        s="apache2"
212    fi
213    if [ -e /etc/alternc/apache.pem ]; then
214        if ! grep '^Listen.*443$' /etc/apache2/ports.conf; then
215            echo "Listen 443" >> /etc/apache2/ports.conf
216            s="apache2"
217        fi
218        if [ ! -h /etc/apache2/mods-enabled/ssl.load ] ; then
219            a2enmod ssl
220            s="apache2"
221        fi
222        if [ ! -h /etc/apache2/conf.d/alternc-ssl.conf ] && [ -e /etc/apache2/conf.d/ ]; then
223            ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf.d/alternc-ssl.conf
224            s="apache2"
225        fi
226    else
227        echo "SSL not configured"
228        echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install"
229    fi
230    if [ ! -h /etc/apache2/conf.d/alternc.conf ] && [ -e /etc/apache2/conf.d/ ]; then
231        ln -sf /etc/alternc/apache2.conf /etc/apache2/conf.d/alternc.conf
232        s="apache2"
233    fi
234    if [ ! -h /etc/apache2/conf.d/override_php.conf ] && [ -e /etc/apache2/conf.d/ ]; then
235        ln -sf /var/alternc/apacheconf/override_php.conf /etc/apache2/conf.d/override_php.conf
236        s="apache2"
237    fi
238    if [ -e /etc/apache2/sites-enabled/000-default ]; then
239        a2dissite default
240        s="apache2"
241    fi
242    SERVICES="$SERVICES $s"
243fi
244
245# Copy postfix *_checks if they do not exist
246for file in body_checks header_checks; do
247    if [ ! -e "/etc/postfix/$file" ]; then
248        cp /usr/share/alternc/install/$file /etc/postfix
249    fi
250done
251
252# Attribute the correct rights to critical postfix files
253if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myvirtual.cf ]; then
254    chown root:postfix /etc/postfix/my*
255    chmod 640 /etc/postfix/my*
256fi
257
258# configure postfix appropriatly for our needs"
259while read line
260do
261   postconf -e "$line"
262done < /etc/alternc/postfix.cf
263
264while read line
265do
266   postconf -e "$line"
267done <<EOF
268myhostname = $FQDN
269myorigin = $FQDN
270EOF
271
272if [ -e /etc/courier/authmysqlrc ] ; then
273    chown root:root /etc/courier/authmysqlrc
274    chmod 640 /etc/courier/authmysqlrc
275fi
276
277if [ -e /etc/proftpd.conf ] ; then
278    chmod 640 /etc/proftpd/proftpd.conf
279fi
280
281if [ -x /usr/sbin/locale-gen ] ; then
282    touch /etc/locale.gen
283    LOCALECHANGED=""
284    # Add de_DE ISO-8859-1, en_US ISO-8859-1, es_ES ISO-8859-1, fr_FR ISO-8859-1 to the locales :
285    if ! grep -q "^de_DE ISO-8859-1$" /etc/locale.gen ; then
286        echo "de_DE ISO-8859-1" >>/etc/locale.gen
287        LOCALECHANGED=1
288    fi
289    if ! grep -q "^en_US ISO-8859-1$" /etc/locale.gen ; then
290        echo "en_US ISO-8859-1" >>/etc/locale.gen
291        LOCALECHANGED=1
292    fi
293    if ! grep -q "^es_ES ISO-8859-1$" /etc/locale.gen ; then
294        echo "es_ES ISO-8859-1" >>/etc/locale.gen
295        LOCALECHANGED=1
296    fi
297    if ! grep -q "^fr_FR ISO-8859-1$" /etc/locale.gen ; then
298        echo "fr_FR ISO-8859-1" >>/etc/locale.gen
299        LOCALECHANGED=1
300    fi
301    if [ "$LOCALECHANGED" ] ; then
302        locale-gen
303    fi
304fi
305
306#######################################################################
307# Reload services
308#
309for service in $SERVICES postfix bind9 courier-authdaemon \
310               courier-imap courier-imap-ssl courier-pop courier-pop-ssl \
311               cron proftpd; do
312    invoke-rc.d $service reload || true
313done
314
315#######################################################################
316# Last touches
317#
318
319# Creating admin user if needed
320HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1`
321if [ "$HAS_ROOT" != "1" ]; then
322    echo "Creating admin user..."
323    echo ""
324
325    if su - www-data -c /usr/share/alternc/install/newone.php
326      then
327      echo "*******************************************"
328      echo "*                                         *"
329      echo "*               Admin account             *"
330      echo "*               ------------              *"
331      echo "*                                         *"
332      echo "* user: admin             password: admin *"
333      echo "*                                         *"
334      echo "* Please change this as soon as possible! *"
335      echo "*                                         *"
336      echo "*******************************************"
337    else
338      echo "Il a été impossible de créer un nouveau membre alternc. newone.php a retourné un code d'erreur $?. Vérifiez si la base MySQL, PHP, ainsi que le fichier local.sh sont bien configurés. Vérifiez aussi si des erreurs ne sont pas apparues plus haut dans l'installation."
339    fi
340fi
341
342# We should restart apaches after all configuration stuff ...
343for service in apache apache-ssl apache2 ; do
344    test -x /etc/init.d/$service && invoke-rc.d $service stop || true
345done
346for service in apache apache-ssl apache2 ; do
347    test -x /etc/init.d/$service && invoke-rc.d $service start || true
348done
Note: See TracBrowser for help on using the repository browser.