(* HCoop Domtool (http://hcoop.sourceforge.net/)
* Copyright (c) 2006-2009, Adam Chlipala
+ * Copyright (c) 2013 Clinton Ebadi
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
Env.int
(fn n => n > 1024)
+fun validProxyTarget default s =
+ case String.fields (fn ch => ch = #":") s of
+ "http" :: host :: rest =>
+ let
+ val rest = String.concatWith ":" rest
+ in
+ if List.exists (fn h' => host = h') (map (fn h => String.concat ["//", h]) Config.Apache.proxyHosts)
+ then
+ CharVector.all (fn ch => Char.isPrint ch andalso not (Char.isSpace ch)
+ andalso ch <> #"\"" andalso ch <> #"'") rest
+ andalso case String.fields (fn ch => ch = #"/") rest of
+ port :: _ =>
+ (case Int.fromString port of
+ NONE => default s
+ | SOME n => n > 1024 orelse default s)
+ | _ => default s
+ else
+ default s
+ end
+ | _ => default s
+
val _ = Env.type_one "proxy_target"
Env.string
- (fn s =>
- let
- fun default () = List.exists (fn s' => s = s') Config.Apache.proxyTargets
- in
- case String.fields (fn ch => ch = #":") s of
- "http" :: host :: rest =>
- let
- val rest = String.concatWith ":" rest
- in
- if List.exists (fn h' => host = h') (map (fn h => String.concat ["//", h]) Config.Apache.proxyHosts)
- then
- CharVector.all (fn ch => Char.isPrint ch andalso not (Char.isSpace ch)
- andalso ch <> #"\"" andalso ch <> #"'") rest
- andalso case String.fields (fn ch => ch = #"/") rest of
- port :: _ =>
- (case Int.fromString port of
- NONE => default ()
- | SOME n => n > 1024 orelse default ())
- | _ => default ()
- else
- default ()
- end
- | _ => default ()
- end)
+ (validProxyTarget (fn s => List.exists (fn s' => s = s') (Config.Apache.proxyTargets @ ["!"])))
+
+val _ = Env.type_one "proxy_reverse_target"
+ Env.string
+ (validProxyTarget (fn s => List.exists (fn s' => s = s') Config.Apache.proxyTargets))
val _ = Env.type_one "rewrite_arg"
Env.string
class = "cert",
value = s}
+fun validCaCert s = Acl.query {user = Domain.getUser (),
+ class = "cacert",
+ value = s}
+
val _ = Env.type_one "ssl_cert_path"
Env.string
validCert
+val _ = Env.type_one "ssl_cacert_path"
+ Env.string
+ validCaCert
+
fun ssl e = case e of
(EVar "no_ssl", _) => SOME NONE
| (EApp ((EVar "use_cert", _), s), _) => Option.map SOME (Env.string s)
Env.string
validExtension
-val defaults = [("WebPlaces",
- (TList (TBase "web_place", dl), dl),
- (fn () => (EList (map webPlaceDefault Config.Apache.webNodes_default), dl))),
- ("SSL",
- (TBase "ssl", dl),
- (fn () => (EVar "no_ssl", dl))),
- ("User",
- (TBase "your_user", dl),
- (fn () => (EString (Domain.getUser ()), dl))),
- ("Group",
- (TBase "your_group", dl),
- (fn () => (EString "nogroup", dl))),
- ("DocumentRoot",
- (TBase "your_path", dl),
- (fn () => (EString (Domain.homedir () ^ "/" ^ Config.Apache.public_html), dl))),
- ("ServerAdmin",
- (TBase "email", dl),
- (fn () => (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl))),
- ("SuExec",
- (TBase "suexec_flag", dl),
- (fn () => (EVar "true", dl))),
- ("PhpVersion",
- (TBase "php_version", dl),
- (fn () => (EVar "php4", dl)))]
-
-val () = app Defaults.registerDefault defaults
+val _ = Env.registerFunction ("defaultServerAdmin",
+ fn [] => SOME (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl)
+ | _ => NONE)
val redirect_code = fn (EVar "temp", _) => SOME "temp"
| (EVar "permanent", _) => SOME "permanent"
| (EVar "redir304", _) => SOME "304"
| (EVar "redir305", _) => SOME "305"
| (EVar "redir307", _) => SOME "307"
+ | (EVar "notfound", _) => SOME "404"
| _ => NONE
val flag = fn (EVar "redirect", _) => SOME "R"
| (EVar "includesNOEXEC", _) => SOME "IncludesNOEXEC"
| (EVar "indexes", _) => SOME "Indexes"
| (EVar "followSymLinks", _) => SOME "FollowSymLinks"
+ | (EVar "multiViews", _) => SOME "MultiViews"
| _ => NONE
val autoindex_width = fn (EVar "autofit", _) => SOME "*"
write "</VirtualHost>\n";
app (TextIO.closeOut o #2) (!vhostFiles))
-val php_version = fn (EVar "php4", _) => SOME 4
- | (EVar "php5", _) => SOME 5
- | _ => NONE
+val php_version = fn (EVar "fast_php", _) => SOME 6
+ | _ => NONE
fun vhostBody (env, makeFullHost) =
let
TextIO.output (file, group))
else
(TextIO.output (file, "\n\tSuexecUserGroup ");
- TextIO.output (file, user);
- TextIO.output (file, " ");
- TextIO.output (file, group);
- TextIO.output (file, "\n\tsuPHP_UserGroup ");
TextIO.output (file, user);
TextIO.output (file, " ");
TextIO.output (file, group))
TextIO.output (file, user);
TextIO.output (file, "/DAVLock");
- if php <> Config.Apache.defaultPhpVersion then
+ if php = 6
+ then
+ (* fastcgi php 5.6, using version 6 since php6 doesn't exist *)
+ (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
+ map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
+ (* kerberos wrapper, simulates waklog+mod_cgi *)
+ if isWaklog node then
+ (TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+ TextIO.output (file, " "))
+ else
+ ();
+ TextIO.output (file, Config.Apache.phpFastCgiWrapper);
+ TextIO.output (file, "\" ");
+ TextIO.output (file, ext)))
+ [".php", ".phtml"];
+ ())
+ else
(TextIO.output (file, "\n\tAddHandler x-httpd-php");
TextIO.output (file, Int.toString php);
- TextIO.output (file, " .php .phtml"))
- else
- ();
-
- (ld, file)
+ TextIO.output (file, " .php .phtml"));
+ (ld, file)
end)
places;
write "\n\tDocumentRoot ";
write from;
write "\t";
write to;
- write "\n"))
+ write "\tretry=0\n"))
val () = Env.action_two "proxyPassReverse"
("from", Env.string, "to", Env.string)
write to;
write "\n"))
+val () = Env.action_one "proxyPreserveHost"
+ ("enable", Env.bool)
+ (fn (enable) =>
+ (write "\tProxyPreserveHost\t";
+ if enable then write "On" else write "Off";
+ write "\n"))
+
val () = Env.action_three "rewriteRule"
("from", Env.string, "to", Env.string, "flags", Env.list flag)
(fn (from, to, flags) =>
write to;
write "\n"))
+val () = Env.action_two "fastScriptAlias"
+ ("from", Env.string, "to", Env.string)
+ (fn (from, to) =>
+ let
+ (* mod_fcgid + kerberos limit this to working with
+ individual fcgi programs. assume the target path is a
+ file and any trailing `/' is just aliasing
+ syntax. Directory+File on the script is used to
+ activate fcgid instead of Location on the alias to
+ limit effects (alias+location also match in inverse
+ order causing pernicious side-effects *)
+ val fcgi_path = if String.sub (to, size to - 1) = #"/"
+ then
+ String.substring (to, 0, size to - 1)
+ else
+ to
+ val fcgi_dir = OS.Path.dir fcgi_path
+ val fcgi_file = OS.Path.file fcgi_path
+ in
+ write "\tAlias\t"; write from; write " "; write to; write "\n";
+
+ write "\t<Directory "; write fcgi_dir; write ">\n";
+ write "\t<Files "; write fcgi_file; write ">\n";
+ write "\tSetHandler fcgid-script\n";
+
+ (* FIXME: only set kerberos wrapper of waklog is on *)
+ (* won't be trivial, since we don't have access to node here *)
+ write "\tFcgidWrapper \"";
+ write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+ write " ";
+ write fcgi_path;
+ write "\"\n";
+
+ write "\t</Files>\n\t</Directory>\n"
+ end)
+
val () = Env.action_two "errorDocument"
("code", Env.string, "handler", Env.string)
(fn (code, handler) =>
write "\n";
case ty of
"kerberos" =>
- write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+ write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
| _ => ())
else
print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
write name;
write "\n"))
+val () = Env.action_one "authGroupFile"
+ ("file", Env.string)
+ (fn name =>
+ (write "\tAuthGroupFile ";
+ write name;
+ write "\n"))
+
val () = Env.action_none "requireValidUser"
(fn () => write "\tRequire valid-user\n")
val () = Env.action_one "phpVersion"
("version", php_version)
- (fn version => (write "\tAddHandler x-httpd-php";
- write (Int.toString version);
- write " .php .phtml\n"))
+ (fn version => (if version = 6
+ then
+ (* fastcgi php 5.6 since 6 doesn't exist *)
+ (write "\tAddHandler fcgid-script .php .phtml\n";
+ (* FIXME: only set kerberos wrapper of waklog is on *)
+ (* won't be trivial, since we don't have access to node here *)
+ write "\n\tFcgidWrapper \"";
+ write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+ write " ";
+ write Config.Apache.phpFastCgiWrapper;
+ write "\" .php .phtml\n")
+ else
+ (write "\tAddHandler x-httpd-php";
+ write (Int.toString version);
+ write " .php .phtml\n")))
val () = Env.action_two "addType"
("mime type", Env.string, "extension", Env.string)
write "\n")
| _ => ())
+val () = Env.action_one "sslCertificateChainFile"
+ ("ssl_cacert_path", Env.string)
+ (fn cacert =>
+ if !sslEnabled then
+ (write "\tSSLCertificateChainFile \"";
+ write cacert;
+ write "\"\n")
+ else
+ print "WARNING: Skipped sslCertificateChainFile because this isn't an SSL vhost.\n")
+
val () = Domain.registerResetLocal (fn () =>
- ignore (OS.Process.system (Config.rm ^ " -rf /var/domtool/vhosts/*")))
+ ignore (OS.Process.system (Config.rm ^ " -rf " ^ Config.Apache.confDir ^ "/*")))
val () = Domain.registerDescriber (Domain.considerAll
[Domain.Extension {extension = "vhost",
Domain.Extension {extension = "vhost_ssl",
heading = fn host => "SSL web vhost " ^ host ^ ":"}])
+val () = Env.action_one "allowEncodedSlashes"
+ ("enable", Env.bool)
+ (fn enable => (write "\tAllowEncodedSlashes ";
+ write (if enable then "NoDecode" else "Off");
+ write "\n"))
val () = Env.action_none "testNoHtaccess"
(fn path => write "\tAllowOverride None\n")