From 69cfba0e59ab9162c6ca9e0ffac3dd5bc0c83764 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Fri, 5 Jan 2024 20:27:08 +0100 Subject: [PATCH] added apache-add-vhost and sftponly group to simplify virtualhosts creation with sftp access removed obsolete sysv initscript [release 2.4.12-2mamba;Thu Feb 12 2015] --- apache-add-vhost | 121 +++++++++++++++++++++++++++++++++++++++++++++++ apache.spec | 14 ++++-- 2 files changed, 132 insertions(+), 3 deletions(-) create mode 100644 apache-add-vhost diff --git a/apache-add-vhost b/apache-add-vhost new file mode 100644 index 0000000..cdd52c0 --- /dev/null +++ b/apache-add-vhost @@ -0,0 +1,121 @@ +#!/bin/bash +# Copyright (c) 2015 by Silvan Calarco + +usage() { + echo "Script to create a virtual host for Apache. + +Usage: +$0 sitename.domain.ext +" +} + +[ "`id -u`" = "0" ] || { + usage + echo " +ERROR: this script must be run as root user; aborting." +exit 1 +} + +SERVERNAME=$1 + +[ ${SERVERNAME} ] || { + usage + exit 1 +} + +SERVERUSER=${SERVERNAME/.*} +SERVERPASSWORD=`mkpasswd -l 9 -s 0` + +SERVERADMIN="webmaster@`hostname -d`" +SERVERROOT=/var/www/${SERVERNAME} +DOCUMENTROOT=${SERVERROOT}/www +LOGROOT=${SERVERROOT}/log +ACCESSLOG=${LOGROOT}/access_log +ERRORLOG=${LOGROOT}/error_log + +SERVERHOSTNAME=`hostname -f` +SERVERIP=`host $SERVERHOSTNAME | sed "s|.* has address ||"` + +echo "%--------------------------------------------------------------------------------% +Creating the following Apache virtual host (please take note of this information): + +Server Name: $SERVERNAME +Server Admin: $SERVERADMIN + +SFTP user: $SERVERUSER +SFTP password: $SERVERPASSWORD + +Document root: $DOCUMENTROOT +Access log: $ACCESSLOG +Error log: $ERRORLOG + +NOTE: remember to add A or CNAME record so that it points to IP $SERVERIP. +%--------------------------------------------------------------------------------% + +" + +getent passwd $SERVERUSER >/dev/null && { + echo "ERROR: user $SERVERUSER already exists; aborting." + exit 1 +} + +[ -e /etc/httpd/httpd.d/${SITEURL}.conf ] && { + echo "ERROR: a virtual host for ${SITEURL} is already configured; aborting." + exit 1 +} + +[ -e $DOCUMENTROOT ] && { + echo "ERROR: document root $DOCUMENTROOT already exists; aborting." + exit 1 +} + +echo "If all the above is correct type 'yes' + ENTER to confirm or press CTRL-C to abort." +read ans + +[ "$ans" = "yes" ] || exit 1 + +useradd ${SERVERUSER} -g sftponly -d ${SERVERROOT} -p ${SERVERPASSWORD} -c "${SERVERNAME} user" -s /bin/false || { + echo "ERROR: unable to create ${SERVERUSER} user; aborting." + exit 1 +} + +echo ${SERVERPASSWORD} | passwd ${SERVERPASSWORD} --stdin || { + echo "ERROR: unable to set password for ${SERVERUSER}; aborting." + exit 1 +} + +mkdir -p ${DOCUMENTROOT} ${LOGROOT} +chown ${SERVERUSER}.sftponly ${DOCUMENTROOT} + +cat > /etc/httpd/httpd.d/${SITEURL}.conf << _EOF + + ServerAdmin $SERVERADMIN + DocumentRoot $DOCUMENTROOT + ServerName $SERVERNAME + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %X" combinedom + ErrorLog $ERRORLOG + CustomLog $ACCESSLOG combinedom + + + + Options Indexes FollowSymLinks Includes + AllowOverride All + Require all granted + Order allow,deny + Allow from All + DirectoryIndex index.php index.html + +_EOF + +apachectl configtest >/dev/null || { + echo "ERROR: there is a problem in Apache configuration, so I won't reload it; aborting." + exit 1 +} + +apachectl graceful || { + echo "ERROR: error reloading Apache configuration; please check for it because all your web services are now unavailable. Aborting." + exit 1 +} + +echo "All done!" +exit 0 diff --git a/apache.spec b/apache.spec index 08e11de..0722ccd 100644 --- a/apache.spec +++ b/apache.spec @@ -2,10 +2,11 @@ %define userid 65026 %define nobodygroupid 65013 %define nobodyuserid 65013 +%define sftponlygroupid 65437 Name: apache Version: 2.4.12 -Release: 1mamba +Release: 2mamba Epoch: 1 Summary: The Apache webserver Group: System/Servers @@ -19,6 +20,7 @@ Source2: httpd-sysconfig Source3: httpd-logrotate Source4: httpd-update_httpdconf.sh Source5: httpd.service +Source6: apache-add-vhost License: Apache License 2.0 ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel @@ -218,12 +220,13 @@ install -d %{buildroot}/var/log/httpd #mv %{buildroot}/var/www/build/* %{buildroot}%{_libdir}/apache/build/ -install -p -D -m 0755 %{S:1} %{buildroot}%{_initrddir}/httpd install -p -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/sysconfig/httpd # logrotate stuff install -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/logrotate.d/httpd +install -D -m 0755 %{S:6} %{buildroot}%{_sbindir}/apache-add-vhost + # create void log files > %{buildroot}/var/log/httpd/access_log > %{buildroot}/var/log/httpd/error_log @@ -280,6 +283,7 @@ if [ $1 -ge 1 ]; then /usr/sbin/groupadd nobody -g %{nobodygroupid} 2>/dev/null /usr/sbin/useradd -c nobody -u %{nobodyuserid} -d /dev/null -g nobody \ -s /bin/false nobody 2>/dev/null + /usr/sbin/groupadd sftponly -g %{sftponlygroupid} 2>/dev/null fi exit 0 @@ -378,7 +382,6 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/httpd %config(noreplace) %{_sysconfdir}/logrotate.d/httpd %dir %{_sysconfdir}/httpd/httpd.d -%{_initrddir}/httpd %{_bindir}/ab %{_bindir}/apxs %{_bindir}/dbmmanage @@ -395,6 +398,7 @@ exit 0 %{_sbindir}/rotatelogs %{_sbindir}/htcacheclean %{_sbindir}/update_httpdconf +%{_sbindir}/apache-add-vhost /lib/systemd/system/httpd.service %dir %{_libdir}/apache %{_libdir}/apache/httpd.exp @@ -431,6 +435,10 @@ exit 0 %{_libdir}/apache/mod_suexec.so %changelog +* Thu Feb 12 2015 Silvan Calarco 2.4.12-2mamba +- added apache-add-vhost and sftponly group to simplify virtualhosts creation with sftp access +- removed obsolete sysv initscript + * Thu Feb 05 2015 Automatic Build System 2.4.12-1mamba - automatic version update by autodist