1 (* HCoop
Domtool (http
://hcoop
.sourceforge
.net
/)
2 * Copyright (c
) 2006-2009, Adam Chlipala
3 * Copyright (c
) 2013 Clinton Ebadi
5 * This program is free software
; you can redistribute it
and/or
6 * modify it under the terms
of the GNU General Public License
7 * as published by the Free Software Foundation
; either version
2
8 * of the License
, or (at your option
) any later version
.
10 * This program is distributed
in the hope that it will be useful
,
11 * but WITHOUT ANY WARRANTY
; without even the implied warranty
of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
. See the
13 * GNU General Public License for more details
.
15 * You should have received a copy
of the GNU General Public License
16 * along
with this program
; if not
, write to the Free Software
17 * Foundation
, Inc
., 51 Franklin Street
, Fifth Floor
, Boston
, MA
02110-1301, USA
.
20 (* Apache HTTPD handling
*)
22 structure Apache
:> APACHE
= struct
26 val dl
= ErrorMsg
.dummyLoc
29 List.exists (fn (x
, _
) => x
= node
) Config
.Apache
.webNodes_all
30 orelse (Domain
.hasPriv
"www"
31 andalso List.exists (fn (x
, _
) => x
= node
) Config
.Apache
.webNodes_admin
)
33 val _
= Env
.type_one
"web_node"
37 val _
= Env
.registerFunction ("web_node_to_node",
41 fun webPlace (EApp ((EVar
"web_place_default", _
), (EString node
, _
)), _
) =
42 SOME (node
, Domain
.nodeIp node
, Domain
.nodeIpv6 node
)
43 |
webPlace (EApp ((EApp ((EApp ((EVar
"web_place", _
), (EString node
, _
)), _
), (EString ip
, _
)), _
), (EString ipv6
, _
)), _
) =
47 fun webPlaceDefault node
= (EApp ((EVar
"web_place_default", dl
), (EString node
, dl
)), dl
)
49 val _
= Env
.registerFunction ("web_place_to_web_node",
50 fn [e
] => Option
.map (fn (node
, _
, _
) => (EString node
, dl
)) (webPlace e
)
53 val _
= Env
.registerFunction ("web_place_to_node",
54 fn [e
] => Option
.map (fn (node
, _
, _
) => (EString node
, dl
)) (webPlace e
)
57 val _
= Env
.registerFunction ("web_place_to_ip",
58 fn [e
] => Option
.map (fn (_
, ip
, _
) => (EString ip
, dl
)) (webPlace e
)
61 val _
= Env
.registerFunction ("web_place_to_ipv6",
62 fn [e
] => Option
.map (fn (_
, _
, ipv6
) => (EString ipv6
, dl
)) (webPlace e
)
65 val _
= Env
.type_one
"proxy_port"
69 fun validProxyTarget default s
=
70 case String.fields (fn ch
=> ch
= #
":") s
of
71 "http" :: host
:: rest
=>
73 val rest
= String.concatWith
":" rest
75 if List.exists (fn h
' => host
= h
') (map (fn h
=> String.concat
["//", h
]) Config
.Apache
.proxyHosts
)
77 CharVector
.all (fn ch
=> Char.isPrint ch
andalso not (Char.isSpace ch
)
78 andalso ch
<> #
"\"" andalso ch
<> #
"'") rest
79 andalso case String.fields (fn ch
=> ch
= #
"/") rest
of
81 (case Int.fromString port
of
83 | SOME n
=> n
> 1024 orelse default s
)
90 val _
= Env
.type_one
"proxy_target"
92 (validProxyTarget (fn s
=> List.exists (fn s
' => s
= s
') (Config
.Apache
.proxyTargets @
["!"])))
94 val _
= Env
.type_one
"proxy_reverse_target"
96 (validProxyTarget (fn s
=> List.exists (fn s
' => s
= s
') Config
.Apache
.proxyTargets
))
98 val _
= Env
.type_one
"rewrite_arg"
100 (CharVector
.all (fn ch
=> (Char.isGraph ch
) andalso not (List.exists (fn c
=> ch
= c
) [ #
"[", #
"]", #
",", #
"\"", #
"'", #
"=", #
":" ])))
102 val _
= Env
.type_one
"suexec_flag"
104 (fn b
=> b
orelse Domain
.hasPriv
"www")
106 val _
= Env
.type_one
"regexp"
110 fun validLocation s
=
111 size s
> 0 andalso size s
< 1000 andalso CharVector
.all
112 (fn ch
=> Char.isAlphaNum ch
119 val _
= Env
.type_one
"location"
123 fun validCert s
= Acl
.query
{user
= Domain
.getUser (),
127 fun validCaCert s
= Acl
.query
{user
= Domain
.getUser (),
131 val _
= Env
.type_one
"ssl_cert_path"
135 val _
= Env
.type_one
"ssl_cacert_path"
139 fun ssl e
= case e
of
140 (EVar
"no_ssl", _
) => SOME NONE
141 |
(EApp ((EVar
"use_cert", _
), s
), _
) => Option
.map
SOME (Env
.string s
)
144 fun validExtension s
=
147 andalso CharVector
.all (fn ch
=> Char.isAlphaNum ch
orelse ch
= #
"_") s
149 val _
= Env
.type_one
"file_extension"
153 val _
= Env
.registerFunction ("defaultServerAdmin",
154 fn [] => SOME (EString (Domain
.getUser () ^
"@" ^ Config
.defaultDomain
), dl
)
157 val redirect_code
= fn (EVar
"temp", _
) => SOME
"temp"
158 |
(EVar
"permanent", _
) => SOME
"permanent"
159 |
(EVar
"seeother", _
) => SOME
"seeother"
160 |
(EVar
"redir300", _
) => SOME
"300"
161 |
(EVar
"redir301", _
) => SOME
"301"
162 |
(EVar
"redir302", _
) => SOME
"302"
163 |
(EVar
"redir303", _
) => SOME
"303"
164 |
(EVar
"redir304", _
) => SOME
"304"
165 |
(EVar
"redir305", _
) => SOME
"305"
166 |
(EVar
"redir307", _
) => SOME
"307"
167 |
(EVar
"notfound", _
) => SOME
"404"
170 val flag
= fn (EVar
"redirect", _
) => SOME
"R"
171 |
(EVar
"forbidden", _
) => SOME
"F"
172 |
(EVar
"gone", _
) => SOME
"G"
173 |
(EVar
"last", _
) => SOME
"L"
174 |
(EVar
"chain", _
) => SOME
"C"
175 |
(EVar
"nosubreq", _
) => SOME
"NS"
176 |
(EVar
"nocase", _
) => SOME
"NC"
177 |
(EVar
"qsappend", _
) => SOME
"QSA"
178 |
(EVar
"noescape", _
) => SOME
"NE"
179 |
(EVar
"passthrough", _
) => SOME
"PT"
180 |
(EApp ((EVar
"mimeType", _
), e
), _
) =>
181 Option
.map (fn s
=> "T=" ^ s
) (Env
.string e
)
182 |
(EApp ((EVar
"redirectWith", _
), e
), _
) =>
183 Option
.map (fn s
=> "R=" ^ s
) (redirect_code e
)
184 |
(EApp ((EVar
"skip", _
), e
), _
) =>
185 Option
.map (fn n
=> "S=" ^
Int.toString n
) (Env
.int e
)
186 |
(EApp ((EApp ((EVar
"env", _
), e1
), _
), e2
), _
) =>
187 (case Env
.string e1
of
189 | SOME s1
=> Option
.map (fn s2
=> "E=" ^ s1 ^
":" ^ s2
)
194 val cond_flag
= fn (EVar
"cond_nocase", _
) => SOME
"NC"
195 |
(EVar
"ornext", _
) => SOME
"OR"
198 val apache_option
= fn (EVar
"execCGI", _
) => SOME
"ExecCGI"
199 |
(EVar
"includesNOEXEC", _
) => SOME
"IncludesNOEXEC"
200 |
(EVar
"indexes", _
) => SOME
"Indexes"
201 |
(EVar
"followSymLinks", _
) => SOME
"FollowSymLinks"
202 |
(EVar
"multiViews", _
) => SOME
"MultiViews"
205 val autoindex_width
= fn (EVar
"autofit", _
) => SOME
"*"
206 |
(EApp ((EVar
"characters", _
), n
), _
) =>
207 Option
.map
Int.toString (Env
.int n
)
210 val autoindex_option
= fn (EApp ((EVar
"descriptionWidth", _
), w
), _
) =>
211 Option
.map (fn w
=> ("DescriptionWidth", SOME w
))
213 |
(EVar
"fancyIndexing", _
) => SOME ("FancyIndexing", NONE
)
214 |
(EVar
"foldersFirst", _
) => SOME ("FoldersFirst", NONE
)
215 |
(EVar
"htmlTable", _
) => SOME ("HTMLTable", NONE
)
216 |
(EVar
"iconsAreLinks", _
) => SOME ("IconsAreLinks", NONE
)
217 |
(EApp ((EVar
"iconHeight", _
), n
), _
) =>
218 Option
.map (fn w
=> ("IconHeight", SOME (Int.toString w
)))
220 |
(EApp ((EVar
"iconWidth", _
), n
), _
) =>
221 Option
.map (fn w
=> ("IconWidth", SOME (Int.toString w
)))
223 |
(EVar
"ignoreCase", _
) => SOME ("IgnoreCase", NONE
)
224 |
(EVar
"ignoreClient", _
) => SOME ("IgnoreClient", NONE
)
225 |
(EApp ((EVar
"nameWidth", _
), w
), _
) =>
226 Option
.map (fn w
=> ("NameWidth", SOME w
))
228 |
(EVar
"scanHtmlTitles", _
) => SOME ("ScanHTMLTitles", NONE
)
229 |
(EVar
"suppressColumnSorting", _
) => SOME ("SuppressColumnSorting", NONE
)
230 |
(EVar
"suppressDescription", _
) => SOME ("SuppressDescription", NONE
)
231 |
(EVar
"suppressHtmlPreamble", _
) => SOME ("SuppressHTMLPreamble", NONE
)
232 |
(EVar
"suppressIcon", _
) => SOME ("SuppressIcon", NONE
)
233 |
(EVar
"suppressLastModified", _
) => SOME ("SuppressLastModified", NONE
)
234 |
(EVar
"suppressRules", _
) => SOME ("SuppressRules", NONE
)
235 |
(EVar
"suppressSize", _
) => SOME ("SuppressSize", NONE
)
236 |
(EVar
"trackModified", _
) => SOME ("TrackModified", NONE
)
237 |
(EVar
"versionSort", _
) => SOME ("VersionSort", NONE
)
238 |
(EVar
"xhtml", _
) => SOME ("XHTML", NONE
)
242 val interval_base
= fn (EVar
"access", _
) => SOME
"access"
243 |
(EVar
"modification", _
) => SOME
"modification"
246 val interval
= fn (EVar
"years", _
) => SOME
"years"
247 |
(EVar
"months", _
) => SOME
"months"
248 |
(EVar
"weeks", _
) => SOME
"weeks"
249 |
(EVar
"days", _
) => SOME
"days"
250 |
(EVar
"hours", _
) => SOME
"hours"
251 |
(EVar
"minutes", _
) => SOME
"minutes"
252 |
(EVar
"seconds", _
) => SOME
"seconds"
255 val vhostsChanged
= ref
false
256 val logDeleted
= ref
false
257 val delayedLogMoves
= ref (fn () => ())
259 val () = Slave
.registerPreHandler
260 (fn () => (vhostsChanged
:= false;
262 delayedLogMoves
:= (fn () => print
"Executing delayed log moves/deletes.\n")))
264 fun findVhostUser fname
=
266 val inf
= TextIO.openIn fname
269 case TextIO.inputLine inf
of
272 if String.isPrefix
"# Owner: " line
then
273 case String.tokens
Char.isSpace line
of
274 [_
, _
, user
] => SOME user
280 before TextIO.closeIn inf
283 val webNodes_full
= Config
.Apache
.webNodes_all @ Config
.Apache
.webNodes_admin
285 fun isVersion1 node
=
286 List.exists (fn (n
, {version
= ConfigTypes
.APACHE_1_3
, ...}) => n
= node
287 | _
=> false) webNodes_full
289 fun imVersion1 () = isVersion1 (Slave
.hostname ())
292 List.exists (fn (n
, {auth
= ConfigTypes
.MOD_WAKLOG
, ...}) => n
= node
293 | _
=> false) webNodes_full
295 fun down () = if imVersion1 () then Config
.Apache
.down1
else Config
.Apache
.down
296 fun undown () = if imVersion1 () then Config
.Apache
.undown1
else Config
.Apache
.undown
297 fun reload () = if imVersion1 () then Config
.Apache
.reload1
else Config
.Apache
.reload
298 fun fixperms () = if imVersion1 () then Config
.Apache
.fixperms1
else Config
.Apache
.fixperms
300 fun logDir
{user
, node
, vhostId
} =
301 String.concat
[Config
.Apache
.logDirOf (isVersion1 node
) user
,
307 fun realLogDir
{user
, node
, vhostId
} =
308 String.concat
[Config
.Apache
.realLogDirOf user
,
314 val () = Slave
.registerFileHandler (fn fs
=>
316 val spl
= OS
.Path
.splitDirFile (#file fs
)
318 if String.isSuffix
".vhost" (#file spl
)
319 orelse String.isSuffix
".vhost_ssl" (#file spl
) then let
320 val realVhostFile
= OS
.Path
.joinDirFile
321 {dir
= Config
.Apache
.confDir
,
324 val user
= findVhostUser (#file fs
)
325 val oldUser
= case #action fs
of
326 Slave
.Delete
false => user
327 | _
=> findVhostUser realVhostFile
329 if (oldUser
= NONE
andalso #action fs
<> Slave
.Add
)
330 orelse (user
= NONE
andalso not (Slave
.isDelete (#action fs
))) then
331 print ("Can't find user in " ^ #file fs ^
" or " ^ realVhostFile ^
"! Taking no action.\n")
334 val vhostId
= if OS
.Path
.ext (#file spl
) = SOME
"vhost_ssl" then
335 OS
.Path
.base (#file spl
) ^
".ssl"
337 OS
.Path
.base (#file spl
)
339 fun realLogDir user
=
340 logDir
{user
= valOf user
,
341 node
= Slave
.hostname (),
346 {dir
= Config
.Apache
.backupLogDirOf
347 (isVersion1 (Slave
.hostname ())),
350 vhostsChanged
:= true;
354 val ldir
= realLogDir oldUser
355 val dlm
= !delayedLogMoves
360 ((*ignore (OS
.Process
.system (down ()));*)
361 ignore (OS
.Process
.system (fixperms ()));
363 ignore (OS
.Process
.system (Config
.rm
366 delayedLogMoves
:= (fn () => (dlm ();
367 Slave
.moveDirCreate
{from
= ldir
,
368 to
= backupLogs ()}))
372 val rld
= realLogDir user
374 ignore (OS
.Process
.system (Config
.cp
379 if Posix
.FileSys
.access (rld
, []) then
382 Slave
.moveDirCreate
{from
= backupLogs (),
387 (ignore (OS
.Process
.system (Config
.cp
392 if user
<> oldUser
then
394 val old
= realLogDir oldUser
395 val rld
= realLogDir user
397 val dlm
= !delayedLogMoves
402 ((*ignore (OS
.Process
.system (down ()));*)
404 delayedLogMoves
:= (fn () => (dlm ();
405 ignore (OS
.Process
.system (Config
.rm
407 ^ realLogDir oldUser
))));
408 if Posix
.FileSys
.access (rld
, []) then
421 val () = Slave
.registerPostHandler
423 (if !vhostsChanged
then
424 (Slave
.shellF ([reload ()],
425 fn cl
=> "Error reloading Apache with " ^ cl
);
426 if !logDeleted
then !delayedLogMoves () else ())
430 val vhostFiles
: (string * TextIO.outstream
) list ref
= ref
[]
431 fun write
' s
= app (fn (node
, file
) => TextIO.output (file
, s node
)) (!vhostFiles
)
432 fun write s
= app (fn (_
, file
) => TextIO.output (file
, s
)) (!vhostFiles
)
434 val rewriteEnabled
= ref
false
435 val localRewriteEnabled
= ref
false
436 val expiresEnabled
= ref
false
437 val localExpiresEnabled
= ref
false
438 val currentVhost
= ref
""
439 val currentVhostId
= ref
""
440 val sslEnabled
= ref
false
442 val pre
= ref (fn _
: {user
: string, nodes
: string list
, id
: string, hostname
: string} => ())
447 pre
:= (fn x
=> (old x
; f x
))
450 val post
= ref (fn () => ())
455 post
:= (fn () => (old (); f ()))
459 fun doPost () = !post ()
461 val aliaser
= ref (fn _
: string => ())
462 fun registerAliaser f
=
466 aliaser
:= (fn x
=> (old x
; f x
))
469 fun vhostPost () = (!post ();
470 write
"</VirtualHost>\n";
471 app (TextIO.closeOut
o #
2) (!vhostFiles
))
473 val php_version
= fn (EVar
"php56", _
) => SOME
56
474 |
(EVar
"php72", _
) => SOME
72
477 fun vhostBody (env
, makeFullHost
) =
479 val places
= Env
.env (Env
.list webPlace
) (env
, "WebPlaces")
481 val ssl
= Env
.env
ssl (env
, "SSL")
482 val user
= Env
.env Env
.string (env
, "User")
483 val group
= Env
.env Env
.string (env
, "Group")
484 val docroot
= Env
.env Env
.string (env
, "DocumentRoot")
485 val sadmin
= Env
.env Env
.string (env
, "ServerAdmin")
486 val suexec
= Env
.env Env
.bool (env
, "SuExec")
487 val php
= Env
.env
php_version (env
, "PhpVersion")
489 val fullHost
= makeFullHost (Domain
.currentDomain ())
490 val vhostId
= fullHost ^
(if Option
.isSome ssl
then ".ssl" else "")
491 val confFile
= fullHost ^
(if Option
.isSome ssl
then ".vhost_ssl" else ".vhost")
493 currentVhost
:= fullHost
;
494 currentVhostId
:= vhostId
;
495 sslEnabled
:= Option
.isSome ssl
;
497 rewriteEnabled
:= false;
498 localRewriteEnabled
:= false;
499 expiresEnabled
:= false;
500 localExpiresEnabled
:= false;
501 vhostFiles
:= map (fn (node
, ip
, ipv6
) =>
503 val file
= Domain
.domainFile
{node
= node
,
506 val ld
= logDir
{user
= user
, node
= node
, vhostId
= vhostId
}
508 TextIO.output (file
, "# Owner: ");
509 TextIO.output (file
, user
);
510 TextIO.output (file
, "\n<VirtualHost ");
512 TextIO.output (file
, ip
);
513 TextIO.output (file
, ":");
514 TextIO.output (file
, case ssl
of
518 TextIO.output (file
, " [");
519 TextIO.output (file
, ipv6
);
520 TextIO.output (file
, "]");
521 TextIO.output (file
, ":");
522 TextIO.output (file
, case ssl
of
526 TextIO.output (file
, ">\n");
527 TextIO.output (file
, "\tErrorLog ");
528 TextIO.output (file
, ld
);
529 TextIO.output (file
, "/error.log\n\tCustomLog ");
530 TextIO.output (file
, ld
);
531 TextIO.output (file
, "/access.log combined\n");
532 TextIO.output (file
, "\tServerName ");
533 TextIO.output (file
, fullHost
);
535 (fn dom
=> (TextIO.output (file
, "\n\tServerAlias ");
536 TextIO.output (file
, makeFullHost dom
)))
537 (Domain
.currentAliasDomains ());
540 if isVersion1 node
then
541 (TextIO.output (file
, "\n\tUser ");
542 TextIO.output (file
, user
);
543 TextIO.output (file
, "\n\tGroup ");
544 TextIO.output (file
, group
))
546 (TextIO.output (file
, "\n\tSuexecUserGroup ");
547 TextIO.output (file
, user
);
548 TextIO.output (file
, " ");
549 TextIO.output (file
, group
))
553 if isWaklog node
then
554 (TextIO.output (file
, "\n\tWaklogEnabled on\n\tWaklogLocationPrincipal ");
555 TextIO.output (file
, user
);
556 TextIO.output (file
, "/daemon@HCOOP.NET /etc/keytabs/user.daemon/");
557 TextIO.output (file
, user
))
561 TextIO.output (file
, "\n\tDAVLockDB /var/lock/apache2/dav/");
562 TextIO.output (file
, user
);
563 TextIO.output (file
, "/DAVLock");
565 TextIO.output (file
, "\n\tAddHandler fcgid-script .php .phtml");
566 map (fn ext
=> (TextIO.output (file
, "\n\tFcgidWrapper \"");
567 (* kerberos wrapper
, simulates waklog
+mod_cgi
*)
568 if isWaklog node
then
569 (TextIO.output (file
, Config
.Apache
.fastCgiWrapperOf user
);
570 TextIO.output (file
, " "))
573 TextIO.output (file
, Config
.Apache
.phpFastCgiWrapper php
);
574 TextIO.output (file
, "\" ");
575 TextIO.output (file
, ext
)))
580 write
"\n\tDocumentRoot ";
582 write
"\n\tServerAdmin ";
586 (write
"\n\tSSLEngine on\n\tSSLCertificateFile ";
590 !pre
{user
= user
, nodes
= map #
1 places
, id
= vhostId
, hostname
= fullHost
};
591 app (fn dom
=> !aliaser (makeFullHost dom
)) (Domain
.currentAliasDomains ())
594 val () = Env
.containerV_one
"vhost"
596 (fn (env
, host
) => vhostBody (env
, fn dom
=> host ^
"." ^ dom
),
599 val () = Env
.containerV_none
"vhostDefault"
600 (fn env
=> vhostBody (env
, fn dom
=> dom
),
603 val inLocal
= ref
false
605 val () = Env
.container_one
"location"
606 ("prefix", Env
.string)
608 (write
"\t<Location ";
612 fn () => (write
"\t</Location>\n";
614 localRewriteEnabled
:= false;
615 localExpiresEnabled
:= false))
617 val () = Env
.container_one
"directory"
618 ("directory", Env
.string)
620 (write
"\t<Directory ";
624 fn () => (write
"\t</Directory>\n";
626 localRewriteEnabled
:= false;
627 localExpiresEnabled
:= false))
629 val () = Env
.container_one
"filesMatch"
630 ("regexp", Env
.string)
632 (write
"\t<FilesMatch \"";
635 fn () => (write
"\t</FilesMatch>\n";
636 localRewriteEnabled
:= false;
637 localExpiresEnabled
:= false))
639 fun checkRewrite () =
641 if !localRewriteEnabled
then
644 (write
"\tRewriteEngine on\n";
645 localRewriteEnabled
:= true)
646 else if !rewriteEnabled
then
649 (write
"\tRewriteEngine on\n";
650 rewriteEnabled
:= true)
652 fun checkExpires () =
654 if !localExpiresEnabled
then
657 (write
"\tExpiresActive on\n";
658 localExpiresEnabled
:= true)
659 else if !expiresEnabled
then
662 (write
"\tExpiresActive on\n";
663 expiresEnabled
:= true)
665 val () = Env
.action_three
"localProxyRewrite"
666 ("from", Env
.string, "to", Env
.string, "port", Env
.int)
667 (fn (from
, to
, port
) =>
669 write
"\tRewriteRule\t\"";
671 write
"\"\thttp://localhost:";
672 write (Int.toString port
);
677 val () = Env
.action_four
"expiresByType"
678 ("mime", Env
.string, "base", interval_base
, "num", Env
.int, "inter", interval
)
679 (fn (mime
, base
, num
, inter
) =>
681 write
"\tExpiresByType\t\"";
688 write (Int.toString (~num
)))
690 write (Int.toString num
);
695 val () = Env
.action_two
"proxyPass"
696 ("from", Env
.string, "to", Env
.string)
698 (write
"\tProxyPass\t";
702 write
"\tretry=0\n"))
704 val () = Env
.action_two
"proxyPassReverse"
705 ("from", Env
.string, "to", Env
.string)
707 (write
"\tProxyPassReverse\t";
713 val () = Env
.action_one
"proxyPreserveHost"
716 (write
"\tProxyPreserveHost\t";
717 if enable
then write
"On" else write
"Off";
720 val () = Env
.action_three
"rewriteRule"
721 ("from", Env
.string, "to", Env
.string, "flags", Env
.list flag
)
722 (fn (from
, to
, flags
) =>
724 write
"\tRewriteRule\t\"";
731 | flag
::rest
=> (write
" [";
733 app (fn flag
=> (write
",";
738 val () = Env
.action_three
"rewriteCond"
739 ("test", Env
.string, "pattern", Env
.string, "flags", Env
.list cond_flag
)
740 (fn (from
, to
, flags
) =>
742 write
"\tRewriteCond\t\"";
749 | flag
::rest
=> (write
" [";
751 app (fn flag
=> (write
",";
756 val () = Env
.action_one
"rewriteBase"
757 ("prefix", Env
.string)
760 write
"\tRewriteBase\t\"";
764 val () = Env
.action_one
"rewriteLogLevel"
768 write
"\tRewriteLog ";
770 write
"/rewrite.log\n\tRewriteLogLevel ";
771 write (Int.toString level
);
774 val () = Env
.action_two
"alias"
775 ("from", Env
.string, "to", Env
.string)
783 val () = Env
.action_two
"scriptAlias"
784 ("from", Env
.string, "to", Env
.string)
786 (write
"\tScriptAlias\t";
792 val () = Env
.action_two
"fastScriptAlias"
793 ("from", Env
.string, "to", Env
.string)
796 (* mod_fcgid
+ kerberos limit this to working
with
797 individual fcgi programs
. assume the target path is a
798 file
and any trailing `
/' is just aliasing
799 syntax
. Directory
+File on the script is used to
800 activate fcgid instead
of Location on the alias to
801 limit
effects (alias
+location also match
in inverse
802 order causing pernicious side
-effects
*)
803 val fcgi_path
= if String.sub (to
, size to
- 1) = #
"/"
805 String.substring (to
, 0, size to
- 1)
808 val fcgi_dir
= OS
.Path
.dir fcgi_path
809 val fcgi_file
= OS
.Path
.file fcgi_path
811 write
"\tAlias\t"; write from
; write
" "; write to
; write
"\n";
813 write
"\t<Directory "; write fcgi_dir
; write
">\n";
814 write
"\t<Files "; write fcgi_file
; write
">\n";
815 write
"\tSetHandler fcgid-script\n";
817 (* FIXME
: only set kerberos wrapper
of waklog is on
*)
818 (* won
't be trivial
, since we don
't have access to node here
*)
819 write
"\tFcgidWrapper \"";
820 write (Config
.Apache
.fastCgiWrapperOf (Domain
.getUser ()));
825 write
"\t</Files>\n\t</Directory>\n"
828 val () = Env
.action_two
"errorDocument"
829 ("code", Env
.string, "handler", Env
.string)
830 (fn (code
, handler
) =>
832 val hasSpaces
= CharVector
.exists
Char.isSpace handler
840 write
"\tErrorDocument\t";
849 val () = Env
.action_one
"options"
850 ("options", Env
.list apache_option
)
854 | _
=> (write
"\tOptions";
855 app (fn opt
=> (write
" "; write opt
)) opts
;
858 val () = Env
.action_one
"set_options"
859 ("options", Env
.list apache_option
)
863 | _
=> (write
"\tOptions";
864 app (fn opt
=> (write
" +"; write opt
)) opts
;
867 val () = Env
.action_one
"unset_options"
868 ("options", Env
.list apache_option
)
872 | _
=> (write
"\tOptions";
873 app (fn opt
=> (write
" -"; write opt
)) opts
;
876 val () = Env
.action_one
"cgiExtension"
877 ("extension", Env
.string)
878 (fn ext
=> (write
"\tAddHandler cgi-script ";
882 val () = Env
.action_one
"directoryIndex"
883 ("filenames", Env
.list Env
.string)
885 (write
"\tDirectoryIndex";
886 app (fn opt
=> (write
" "; write opt
)) opts
;
889 val () = Env
.action_one
"serverAliasHost"
892 (write
"\tServerAlias ";
897 val () = Env
.action_one
"serverAlias"
903 val full
= host ^
"." ^ dom
905 write
"\tServerAlias ";
910 (Domain
.currentDomains ())))
912 val () = Env
.action_none
"serverAliasDefault"
916 (write
"\tServerAlias ";
920 (Domain
.currentDomains ())))
922 val authType
= fn (EVar
"basic", _
) => SOME
"basic"
923 |
(EVar
"digest", _
) => SOME
"digest"
924 |
(EVar
"kerberos", _
) => SOME
"kerberos"
927 fun allowAuthType
"kerberos" = !sslEnabled
928 | allowAuthType _
= true
930 val () = Env
.action_one
"authType"
933 if allowAuthType ty
then
934 (write
"\tAuthType ";
939 write
"\tKrbServiceName HTTP\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
942 print
"WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
944 val () = Env
.action_one
"authName"
947 (write
"\tAuthName \"";
951 val () = Env
.action_one
"authUserFile"
954 (write
"\tAuthUserFile ";
958 val () = Env
.action_one
"authGroupFile"
961 (write
"\tAuthGroupFile ";
965 val () = Env
.action_none
"requireValidUser"
966 (fn () => write
"\tRequire valid-user\n")
968 val () = Env
.action_one
"requireUser"
969 ("users", Env
.list Env
.string)
973 | _
=> (write
"\tRequire user";
974 app (fn name
=> (write
" "; write name
)) names
;
977 val () = Env
.action_one
"requireGroup"
978 ("groups", Env
.list Env
.string)
982 | _
=> (write
"\tRequire group";
983 app (fn name
=> (write
" "; write name
)) names
;
986 val () = Env
.action_none
"orderAllowDeny"
987 (fn () => write
"\tOrder allow,deny\n")
989 val () = Env
.action_none
"orderDenyAllow"
990 (fn () => write
"\tOrder deny,allow\n")
992 val () = Env
.action_none
"allowFromAll"
993 (fn () => write
"\tAllow from all\n")
995 val () = Env
.action_one
"allowFrom"
996 ("entries", Env
.list Env
.string)
1000 | _
=> (write
"\tAllow from";
1001 app (fn name
=> (write
" "; write name
)) names
;
1004 val () = Env
.action_none
"denyFromAll"
1005 (fn () => write
"\tDeny from all\n")
1007 val () = Env
.action_one
"denyFrom"
1008 ("entries", Env
.list Env
.string)
1012 | _
=> (write
"\tDeny from";
1013 app (fn name
=> (write
" "; write name
)) names
;
1016 val () = Env
.action_none
"satisfyAll"
1017 (fn () => write
"\tSatisfy all\n")
1019 val () = Env
.action_none
"satisfyAny"
1020 (fn () => write
"\tSatisfy any\n")
1022 val () = Env
.action_one
"forceType"
1023 ("type", Env
.string)
1024 (fn ty
=> (write
"\tForceType ";
1028 val () = Env
.action_none
"forceTypeOff"
1029 (fn () => write
"\tForceType None\n")
1031 val () = Env
.action_two
"action"
1032 ("what", Env
.string, "how", Env
.string)
1033 (fn (what
, how
) => (write
"\tAction ";
1039 val () = Env
.action_one
"addDefaultCharset"
1040 ("charset", Env
.string)
1041 (fn ty
=> (write
"\tAddDefaultCharset ";
1045 (*val () = Env
.action_one
"davSvn"
1046 ("path", Env
.string)
1047 (fn path
=> (write
"\tDAV svn\n\tSVNPath ";
1051 val () = Env
.action_one
"authzSvnAccessFile"
1052 ("path", Env
.string)
1053 (fn path
=> (write
"\tAuthzSVNAccessFile ";
1057 val () = Env
.action_none
"davFilesystem"
1058 (fn path
=> write
"\tDAV filesystem\n")
1060 val () = Env
.action_two
"addDescription"
1061 ("description", Env
.string, "patterns", Env
.list Env
.string)
1065 | _
=> (write
"\tAddDescription \"";
1066 write (String.toString desc
);
1068 app (fn pat
=> (write
" "; write pat
)) pats
;
1071 val () = Env
.action_two
"addIcon"
1072 ("icon", Env
.string, "patterns", Env
.list Env
.string)
1076 | _
=> (write
"\tAddIcon \"";
1079 app (fn pat
=> (write
" "; write pat
)) pats
;
1082 val () = Env
.action_one
"indexOptions"
1083 ("options", Env
.list autoindex_option
)
1087 | _
=> (write
"\tIndexOptions";
1088 app (fn (opt
, arg
) =>
1091 Option
.app (fn arg
=>
1092 (write
"="; write arg
)) arg
)) opts
;
1095 val () = Env
.action_one
"indexIgnore"
1096 ("patterns", Env
.list Env
.string)
1100 | _
=> (write
"\tIndexIgnore";
1101 app (fn pat
=> (write
" "; write pat
)) pats
;
1104 val () = Env
.action_one
"set_indexOptions"
1105 ("options", Env
.list autoindex_option
)
1109 | _
=> (write
"\tIndexOptions";
1110 app (fn (opt
, arg
) =>
1113 Option
.app (fn arg
=>
1114 (write
"="; write arg
)) arg
)) opts
;
1117 val () = Env
.action_one
"unset_indexOptions"
1118 ("options", Env
.list autoindex_option
)
1122 | _
=> (write
"\tIndexOptions";
1128 val () = Env
.action_one
"headerName"
1129 ("name", Env
.string)
1130 (fn name
=> (write
"\tHeaderName ";
1134 val () = Env
.action_one
"readmeName"
1135 ("name", Env
.string)
1136 (fn name
=> (write
"\tReadmeName ";
1140 val () = Env
.action_two
"setEnv"
1141 ("key", Env
.string, "value", Env
.string)
1142 (fn (key
, value
) => (write
"\tSetEnv \"";
1145 write (String.translate (fn #
"\"" => "\\\""
1146 | ch
=> str ch
) value
);
1149 val () = Env
.action_one
"diskCache"
1150 ("path", Env
.string)
1151 (fn path
=> (write
"\tCacheEnable disk \"";
1155 val () = Env
.action_one
"phpVersion"
1156 ("version", php_version
)
1157 (fn version
=> (write
"\tAddHandler fcgid-script .php .phtml\n";
1158 (* FIXME
: only set kerberos wrapper
of waklog is on
*)
1159 (* won
't be trivial
, since we don
't have access to node here
*)
1160 write
"\n\tFcgidWrapper \"";
1161 write (Config
.Apache
.fastCgiWrapperOf (Domain
.getUser ()));
1163 write (Config
.Apache
.phpFastCgiWrapper version
);
1164 write
"\" .php .phtml\n"))
1166 val () = Env
.action_two
"addType"
1167 ("mime type", Env
.string, "extension", Env
.string)
1168 (fn (mt
, ext
) => (write
"\tAddType ";
1174 val filter
= fn (EVar
"includes", _
) => SOME
"INCLUDES"
1175 |
(EVar
"deflate", _
) => SOME
"DEFLATE"
1178 val () = Env
.action_two
"addOutputFilter"
1179 ("filters", Env
.list filter
, "extensions", Env
.list Env
.string)
1180 (fn (f
:: fs
, exts
as (_
:: _
)) =>
1181 (write
"\tAddOutputFilter ";
1183 app (fn f
=> (write
";"; write f
)) fs
;
1184 app (fn ext
=> (write
" "; write ext
)) exts
;
1188 val () = Env
.action_one
"sslCertificateChainFile"
1189 ("ssl_cacert_path", Env
.string)
1192 (write
"\tSSLCertificateChainFile \"";
1196 print
"WARNING: Skipped sslCertificateChainFile because this isn't an SSL vhost.\n")
1198 val () = Domain
.registerResetLocal (fn () =>
1199 ignore (OS
.Process
.system (Config
.rm ^
" -rf " ^ Config
.Apache
.confDir ^
"/*")))
1201 val () = Domain
.registerDescriber (Domain
.considerAll
1202 [Domain
.Extension
{extension
= "vhost",
1203 heading
= fn host
=> "Web vhost " ^ host ^
":"},
1204 Domain
.Extension
{extension
= "vhost_ssl",
1205 heading
= fn host
=> "SSL web vhost " ^ host ^
":"}])
1207 val () = Env
.action_one
"allowEncodedSlashes"
1208 ("enable", Env
.bool)
1209 (fn enable
=> (write
"\tAllowEncodedSlashes ";
1210 write (if enable
then "NoDecode" else "Off");
1212 val () = Env
.action_none
"testNoHtaccess"
1213 (fn path
=> write
"\tAllowOverride None\n")
1215 fun writeWaklogUserFile () =
1217 val users
= Acl
.users ()
1218 val outf
= TextIO.openOut Config
.Apache
.waklogUserFile
1220 app (fn user
=> if String.isSuffix
"_admin" user
then
1223 (TextIO.output (outf
, "<Location /~");
1224 TextIO.output (outf
, user
);
1225 TextIO.output (outf
, ">\n\tWaklogEnabled on\n\tWaklogLocationPrincipal ");
1226 TextIO.output (outf
, user
);
1227 TextIO.output (outf
, "/daemon@HCOOP.NET /etc/keytabs/user.daemon/");
1228 TextIO.output (outf
, user
);
1229 TextIO.output (outf
, "\n</Location>\n\n"))) users
;
1230 TextIO.closeOut outf
1233 val () = Domain
.registerOnUsersChange writeWaklogUserFile