X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/37051a6c6eec6662c44658e5e12a5e5b8f98a576..a3081fd7a163cadce4019dc3a4f8c5019a68e34e:/src/plugins/apache.sml

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 52470c8..b959219 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -62,32 +62,34 @@ val _ = Env.type_one "proxy_port"
 	Env.int
 	(fn n => n > 1024)
 
+fun validProxyTarget default s =
+    case String.fields (fn ch => ch = #":") s of
+	"http" :: host :: rest =>
+	let
+	    val rest = String.concatWith ":" rest
+	in
+	    if List.exists (fn h' => host = h') (map (fn h => String.concat ["//", h]) Config.Apache.proxyHosts)
+	    then
+		CharVector.all (fn ch => Char.isPrint ch andalso not (Char.isSpace ch)
+					 andalso ch <> #"\"" andalso ch <> #"'") rest
+		andalso case String.fields (fn ch => ch = #"/") rest of
+			    port :: _ =>
+			    (case Int.fromString port of
+				 NONE => default s
+			       | SOME n => n > 1024 orelse default s)
+			  | _ => default s
+	    else
+		default s
+	end
+      | _ => default s
+
 val _ = Env.type_one "proxy_target"
 	Env.string
-	(fn s =>
-	    let
-		fun default () = List.exists (fn s' => s = s') Config.Apache.proxyTargets
-	    in
-		case String.fields (fn ch => ch = #":") s of
-		    "http" :: host :: rest =>
-		    let
-			val rest = String.concatWith ":" rest
-		    in
-			if List.exists (fn h' => host = h') (map (fn h => String.concat ["//", h]) Config.Apache.proxyHosts)
-			then
-			    CharVector.all (fn ch => Char.isPrint ch andalso not (Char.isSpace ch)
-						     andalso ch <> #"\"" andalso ch <> #"'") rest
-			    andalso case String.fields (fn ch => ch = #"/") rest of
-					port :: _ =>
-					(case Int.fromString port of
-					     NONE => default ()
-					   | SOME n => n > 1024 orelse default ())
-				      | _ => default ()
-			else
-			    default ()
-		    end
-		  | _ => default ()
-	    end)
+	(validProxyTarget (fn s => List.exists (fn s' => s = s') (Config.Apache.proxyTargets @ ["!"])))
+
+val _ = Env.type_one "proxy_reverse_target"
+	Env.string
+	(validProxyTarget (fn s => List.exists (fn s' => s = s') Config.Apache.proxyTargets))
 
 val _ = Env.type_one "rewrite_arg"
 	Env.string
@@ -144,32 +146,9 @@ val _ = Env.type_one "file_extension"
 	Env.string
 	validExtension
 
-val defaults = [("WebPlaces",
-		 (TList (TBase "web_place", dl), dl),
-		 (fn () => (EList (map webPlaceDefault Config.Apache.webNodes_default), dl))),
-		("SSL",
-		 (TBase "ssl", dl),
-		 (fn () => (EVar "no_ssl", dl))),
-		("User",
-		 (TBase "your_user", dl),
-		 (fn () => (EString (Domain.getUser ()), dl))),
-		("Group",
-		 (TBase "your_group", dl),
-		 (fn () => (EString "nogroup", dl))),
-		("DocumentRoot",
-		 (TBase "your_path", dl),
-		 (fn () => (EString (Domain.homedir () ^ "/" ^ Config.Apache.public_html), dl))),
-		("ServerAdmin",
-		 (TBase "email", dl),
-		 (fn () => (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl))),
-		("SuExec",
-		 (TBase "suexec_flag", dl),
-		 (fn () => (EVar "true", dl))),
-		("PhpVersion",
-		 (TBase "php_version", dl),
-		 (fn () => (EVar "php5", dl)))]
-
-val () = app Defaults.registerDefault defaults
+val _ = Env.registerFunction ("defaultServerAdmin",
+			      fn [] => SOME (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl)
+			      | _ => NONE)
 
 val redirect_code = fn (EVar "temp", _) => SOME "temp"
 		     | (EVar "permanent", _) => SOME "permanent"
@@ -181,6 +160,7 @@ val redirect_code = fn (EVar "temp", _) => SOME "temp"
 		     | (EVar "redir304", _) => SOME "304"
 		     | (EVar "redir305", _) => SOME "305"
 		     | (EVar "redir307", _) => SOME "307"
+		     | (EVar "notfound", _) => SOME "404"
 		     | _ => NONE
 
 val flag = fn (EVar "redirect", _) => SOME "R"
@@ -487,7 +467,8 @@ fun vhostPost () = (!post ();
 		    app (TextIO.closeOut o #2) (!vhostFiles))
 
 val php_version = fn (EVar "php5", _) => SOME 5
-		   | _ => NONE
+                   | (EVar "fast_php", _) => SOME 6
+                   | _ => NONE
 
 fun vhostBody (env, makeFullHost) =
     let
@@ -571,14 +552,27 @@ fun vhostBody (env, makeFullHost) =
 				  TextIO.output (file, user);
 				  TextIO.output (file, "/DAVLock");
 
-				  if php <> Config.Apache.defaultPhpVersion then
+				  if php = Config.Apache.defaultPhpVersion
+				  then
+				      ()
+				  else if php = 6
+				  then
+				      (* fastcgi php 5.6 since 6 doesn't exist *)
+				      (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
+				       (* FIXME: only set kerberos wrapper of waklog is on *)
+				       map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
+						       TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+						       TextIO.output (file, " ");
+						       TextIO.output (file, Config.Apache.phpFastCgiWrapper);
+						       TextIO.output (file, "\" ");
+						       TextIO.output (file, ext)))
+					   [".php", ".phtml"];
+				       ())
+				  else
 				      (TextIO.output (file, "\n\tAddHandler x-httpd-php");
 				       TextIO.output (file, Int.toString php);
-				       TextIO.output (file, " .php .phtml"))
-				  else
-				      ();
-
-				  (ld, file)
+				       TextIO.output (file, " .php .phtml"));
+			  (ld, file)
 			      end)
 			  places;
 	write "\n\tDocumentRoot ";
@@ -703,7 +697,7 @@ val () = Env.action_two "proxyPass"
 		  write from;
 		  write "\t";
 		  write to;
-		  write "\n"))
+		  write "\tretry=0\n"))
 
 val () = Env.action_two "proxyPassReverse"
 	 ("from", Env.string, "to", Env.string)
@@ -714,6 +708,13 @@ val () = Env.action_two "proxyPassReverse"
 		  write to;
 		  write "\n"))
 
+val () = Env.action_one "proxyPreserveHost"
+ 	 ("enable", Env.bool)
+	 (fn (enable) =>
+	     (write "\tProxyPreserveHost\t";
+	      if enable then write "On" else write "Off";
+	      write "\n"))
+
 val () = Env.action_three "rewriteRule"
 	 ("from", Env.string, "to", Env.string, "flags", Env.list flag)
 	 (fn (from, to, flags) =>
@@ -786,6 +787,27 @@ val () = Env.action_two "scriptAlias"
 	      write to;
 	      write "\n"))
 
+val () = Env.action_two "fastScriptAlias"
+	 ("from", Env.string, "to", Env.string)
+	 (fn (from, to) =>
+	     (write "\tAlias\t";
+	      write from;
+	      write " ";
+	      write to;
+	      write "\n";
+
+	      write "\t<Location ";
+	      write from;
+	      write ">\n";
+	      write "\t\tSetHandler fcgid-script\n";
+	      (* FIXME: only set kerberos wrapper of waklog is on *)
+	      write "\t\tFcgidWrapper \"";
+	      write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+	      write " ";
+	      write to;
+	      write "\"\n";
+	      write "\t</Location>\n"))
+
 val () = Env.action_two "errorDocument"
 	 ("code", Env.string, "handler", Env.string)
 	 (fn (code, handler) =>
@@ -897,7 +919,7 @@ val () = Env.action_one "authType"
 		  write "\n";
 		  case ty of
 		      "kerberos" => 
-		      write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+		      write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
 		    | _ => ())
 	     else
 		 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
@@ -916,6 +938,13 @@ val () = Env.action_one "authUserFile"
 	      write name;
 	      write "\n"))
 
+val () = Env.action_one "authGroupFile"
+	 ("file", Env.string)
+	 (fn name =>
+	     (write "\tAuthGroupFile ";
+	      write name;
+	      write "\n"))
+
 val () = Env.action_none "requireValidUser"
 	 (fn () => write "\tRequire valid-user\n")
 
@@ -1108,9 +1137,20 @@ val () = Env.action_one "diskCache"
 
 val () = Env.action_one "phpVersion"
 	 ("version", php_version)
-	 (fn version => (write "\tAddHandler x-httpd-php";
-			 write (Int.toString version);
-			 write " .php .phtml\n"))
+	 (fn version => (if version = 6
+			 then
+			     (* fastcgi php 5.6 since 6 doesn't exist *)
+			     (write "\tAddHandler fcgid-script .php .phtml\n";
+			      (* FIXME: only set kerberos wrapper of waklog is on *)
+			      write "\n\tFcgidWrapper \"";
+			      write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+			      write " ";
+			      write Config.Apache.phpFastCgiWrapper;
+			      write "\" .php .phtml\n")
+			 else
+			     (write "\tAddHandler x-httpd-php";
+			      write (Int.toString version);
+			      write " .php .phtml\n")))
 
 val () = Env.action_two "addType"
 	 ("mime type", Env.string, "extension", Env.string)
@@ -1145,7 +1185,7 @@ val () = Env.action_one "sslCertificateChainFile"
 		 print "WARNING: Skipped sslCertificateChainFile because this isn't an SSL vhost.\n")
 
 val () = Domain.registerResetLocal (fn () =>
-				       ignore (OS.Process.system (Config.rm ^ " -rf /var/domtool/vhosts/*")))
+				       ignore (OS.Process.system (Config.rm ^ " -rf " ^ Config.Apache.confDir ^ "/*")))
 
 val () = Domain.registerDescriber (Domain.considerAll
 				   [Domain.Extension {extension = "vhost",
@@ -1153,6 +1193,11 @@ val () = Domain.registerDescriber (Domain.considerAll
 				    Domain.Extension {extension = "vhost_ssl",
 						      heading = fn host => "SSL web vhost " ^ host ^ ":"}])
 
+val () = Env.action_one "allowEncodedSlashes"
+	 ("enable", Env.bool)
+	 (fn enable => (write "\tAllowEncodedSlashes ";
+		      write (if enable then "NoDecode" else "Off");
+		      write "\n"))
 val () = Env.action_none "testNoHtaccess"
 	 (fn path => write "\tAllowOverride None\n")