X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/aa56e112996b3650e8ac343831322d2a9ab0de54..eda338944005ba86c03eb995b1f8c96a3246d89f:/src/plugins/apache.sml
diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 13062a2..e4e96ea 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -22,6 +22,17 @@ structure Apache :> APACHE = struct
open Ast
+val _ = Env.type_one "web_node"
+ Env.string
+ (fn node =>
+ List.exists (fn (x, _) => x = node) Config.Apache.webNodes_all
+ orelse (Domain.hasPriv "www"
+ andalso List.exists (fn (x, _) => x = node) Config.Apache.webNodes_admin))
+
+val _ = Env.registerFunction ("web_node_to_node",
+ fn [e] => SOME e
+ | _ => NONE)
+
val _ = Env.type_one "proxy_port"
Env.int
(fn n => n > 1024)
@@ -47,6 +58,10 @@ val _ = Env.type_one "rewrite_arg"
Env.string
(CharVector.all Char.isAlphaNum)
+val _ = Env.type_one "suexec_flag"
+ Env.bool
+ (fn b => b orelse Domain.hasPriv "www")
+
fun validLocation s =
size s > 0 andalso size s < 1000 andalso CharVector.all
(fn ch => Char.isAlphaNum ch
@@ -59,15 +74,28 @@ val _ = Env.type_one "location"
Env.string
validLocation
+fun validCert s = Acl.query {user = Domain.getUser (),
+ class = "cert",
+ value = s}
+
+val _ = Env.type_one "ssl_cert_path"
+ Env.string
+ validCert
+
+fun ssl e = case e of
+ (EVar "no_ssl", _) => SOME NONE
+ | (EApp ((EVar "use_cert", _), s), _) => Option.map SOME (Env.string s)
+ | _ => NONE
+
val dl = ErrorMsg.dummyLoc
val _ = Defaults.registerDefault ("WebNodes",
- (TList (TBase "node", dl), dl),
- (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes), dl)))
+ (TList (TBase "web_node", dl), dl),
+ (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes_default), dl)))
val _ = Defaults.registerDefault ("SSL",
- (TBase "bool", dl),
- (fn () => (EVar "false", dl)))
+ (TBase "ssl", dl),
+ (fn () => (EVar "no_ssl", dl)))
val _ = Defaults.registerDefault ("User",
(TBase "your_user", dl),
@@ -75,16 +103,19 @@ val _ = Defaults.registerDefault ("User",
val _ = Defaults.registerDefault ("Group",
(TBase "your_group", dl),
- (fn () => (EString (Domain.getUser ()), dl)))
+ (fn () => (EString "nogroup", dl)))
val _ = Defaults.registerDefault ("DocumentRoot",
(TBase "your_path", dl),
- (fn () => (EString ("/home/" ^ Domain.getUser () ^ "/public_html"), dl)))
+ (fn () => (EString (Domain.homedir () ^ "/" ^ Config.Apache.public_html), dl)))
val _ = Defaults.registerDefault ("ServerAdmin",
(TBase "email", dl),
(fn () => (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl)))
+val _ = Defaults.registerDefault ("SuExec",
+ (TBase "suexec_flag", dl),
+ (fn () => (EVar "true", dl)))
val redirect_code = fn (EVar "temp", _) => SOME "temp"
| (EVar "permanent", _) => SOME "permanent"
@@ -169,39 +200,139 @@ val autoindex_option = fn (EApp ((EVar "descriptionWidth", _), w), _) =>
| _ => NONE
val vhostsChanged = ref false
+val logDeleted = ref false
val () = Slave.registerPreHandler
- (fn () => vhostsChanged := false)
+ (fn () => (vhostsChanged := false;
+ logDeleted := false))
+
+fun findVhostUser fname =
+ let
+ val inf = TextIO.openIn fname
+
+ fun loop () =
+ case TextIO.inputLine inf of
+ NONE => NONE
+ | SOME line =>
+ if String.isPrefix "# Owner: " line then
+ case String.tokens Char.isSpace line of
+ [_, _, user] => SOME user
+ | _ => NONE
+ else
+ loop ()
+ in
+ loop ()
+ before TextIO.closeIn inf
+ end handle _ => NONE
+
+val webNodes_full = Config.Apache.webNodes_all @ Config.Apache.webNodes_admin
+
+fun isVersion1 node =
+ List.exists (fn (n, {version = ConfigTypes.APACHE_1_3, ...}) => n = node
+ | _ => false) webNodes_full
+
+fun imVersion1 () = isVersion1 (Slave.hostname ())
+
+fun isWaklog node =
+ List.exists (fn (n, {auth = ConfigTypes.MOD_WAKLOG, ...}) => n = node
+ | _ => false) webNodes_full
+
+fun down () = if imVersion1 () then Config.Apache.down1 else Config.Apache.down
+fun undown () = if imVersion1 () then Config.Apache.undown1 else Config.Apache.undown
+fun reload () = if imVersion1 () then Config.Apache.reload1 else Config.Apache.reload
+
+fun logDir {user, node, vhostId} =
+ String.concat [Config.Apache.logDirOf (isVersion1 node) user,
+ "/",
+ node,
+ "/",
+ vhostId]
val () = Slave.registerFileHandler (fn fs =>
let
val spl = OS.Path.splitDirFile (#file fs)
in
if String.isSuffix ".vhost" (#file spl)
- orelse String.isSuffix ".vhost_ssl" (#file spl) then
- (vhostsChanged := true;
- case #action fs of
- Slave.Delete =>
- (ignore (OS.Process.system (Config.rm
- ^ " -rf "
- ^ Config.Apache.confDir
- ^ "/"
- ^ #file spl));
- ignore (OS.Process.system (Config.rm
- ^ " -rf "
- ^ Config.Apache.logDir
- ^ "/"
- ^ #base (OS.Path.splitBaseExt
- (#file spl)))))
-
- | _ =>
- ignore (OS.Process.system (Config.cp
- ^ " "
- ^ #file fs
- ^ " "
- ^ Config.Apache.confDir
- ^ "/"
- ^ #file spl)))
+ orelse String.isSuffix ".vhost_ssl" (#file spl) then let
+ val realVhostFile = OS.Path.joinDirFile
+ {dir = Config.Apache.confDir,
+ file = #file spl}
+
+ val user = findVhostUser (#file fs)
+ val oldUser = findVhostUser realVhostFile
+ in
+ if (oldUser = NONE andalso #action fs <> Slave.Add)
+ orelse (user = NONE andalso #action fs <> Slave.Delete) then
+ print ("Can't find user in " ^ #file fs ^ " or " ^ realVhostFile ^ "! Taking no action.\n")
+ else
+ let
+ val vhostId = if OS.Path.ext (#file spl) = SOME "vhost_ssl" then
+ OS.Path.base (#file spl) ^ ".ssl"
+ else
+ OS.Path.base (#file spl)
+
+ fun realLogDir user =
+ logDir {user = valOf user,
+ node = Slave.hostname (),
+ vhostId = vhostId}
+ in
+ vhostsChanged := true;
+ case #action fs of
+ Slave.Delete =>
+ (if !logDeleted then
+ ()
+ else
+ (ignore (OS.Process.system (down ()));
+ logDeleted := true);
+ ignore (OS.Process.system (Config.rm
+ ^ " -rf "
+ ^ realVhostFile));
+ ignore (OS.Process.system (Config.rm
+ ^ " -rf "
+ ^ realLogDir oldUser)))
+ | Slave.Add =>
+ let
+ val rld = realLogDir user
+ in
+ ignore (OS.Process.system (Config.cp
+ ^ " "
+ ^ #file fs
+ ^ " "
+ ^ realVhostFile));
+ if Posix.FileSys.access (rld, []) then
+ ()
+ else
+ Slave.mkDirAll rld
+ end
+
+ | _ =>
+ (ignore (OS.Process.system (Config.cp
+ ^ " "
+ ^ #file fs
+ ^ " "
+ ^ realVhostFile));
+ if user <> oldUser then
+ let
+ val old = realLogDir oldUser
+ val rld = realLogDir user
+ in
+ if !logDeleted then
+ ()
+ else
+ (ignore (OS.Process.system (down ()));
+ logDeleted := true);
+ ignore (OS.Process.system (Config.rm
+ ^ " -rf "
+ ^ realLogDir oldUser));
+ if Posix.FileSys.access (rld, []) then
+ ()
+ else
+ Slave.mkDirAll rld
+ end
+ else
+ ())
+ end
+ end
else
()
end)
@@ -209,19 +340,21 @@ val () = Slave.registerFileHandler (fn fs =>
val () = Slave.registerPostHandler
(fn () =>
(if !vhostsChanged then
- Slave.shellF ([Config.Apache.reload],
+ Slave.shellF ([if !logDeleted then undown () else reload ()],
fn cl => "Error reloading Apache with " ^ cl)
else
()))
-val vhostFiles : TextIO.outstream list ref = ref []
-fun write s = app (fn file => TextIO.output (file, s)) (!vhostFiles)
+val vhostFiles : (string * TextIO.outstream) list ref = ref []
+fun write' s = app (fn (node, file) => TextIO.output (file, s node)) (!vhostFiles)
+fun write s = app (fn (_, file) => TextIO.output (file, s)) (!vhostFiles)
val rewriteEnabled = ref false
+val localRewriteEnabled = ref false
val currentVhost = ref ""
val currentVhostId = ref ""
-val pre = ref (fn _ : {nodes : string list, id : string, hostname : string} => ())
+val pre = ref (fn _ : {user : string, nodes : string list, id : string, hostname : string} => ())
fun registerPre f =
let
val old = !pre
@@ -251,79 +384,123 @@ val () = Env.containerV_one "vhost"
let
val nodes = Env.env (Env.list Env.string) (env, "WebNodes")
- val ssl = Env.env Env.bool (env, "SSL")
+ val ssl = Env.env ssl (env, "SSL")
val user = Env.env Env.string (env, "User")
val group = Env.env Env.string (env, "Group")
val docroot = Env.env Env.string (env, "DocumentRoot")
val sadmin = Env.env Env.string (env, "ServerAdmin")
+ val suexec = Env.env Env.bool (env, "SuExec")
val fullHost = host ^ "." ^ Domain.currentDomain ()
- val vhostId = fullHost ^ (if ssl then ".ssl" else "")
- val confFile = fullHost ^ (if ssl then ".vhost_ssl" else ".vhost")
+ val vhostId = fullHost ^ (if Option.isSome ssl then ".ssl" else "")
+ val confFile = fullHost ^ (if Option.isSome ssl then ".vhost_ssl" else ".vhost")
in
currentVhost := fullHost;
currentVhostId := vhostId;
rewriteEnabled := false;
+ localRewriteEnabled := false;
vhostFiles := map (fn node =>
let
val file = Domain.domainFile {node = node,
name = confFile}
+
+ val ld = logDir {user = user, node = node, vhostId = vhostId}
in
- TextIO.output (file, " "443"
+ | NONE => "80");
TextIO.output (file, ">\n");
- file
+ TextIO.output (file, "\tErrorLog ");
+ TextIO.output (file, ld);
+ TextIO.output (file, "/error.log\n\tCustomLog ");
+ TextIO.output (file, ld);
+ TextIO.output (file, "/access.log combined\n");
+ TextIO.output (file, "\tServerName ");
+ TextIO.output (file, fullHost);
+ app
+ (fn dom => (TextIO.output (file, "\n\tServerAlias ");
+ TextIO.output (file, host);
+ TextIO.output (file, ".");
+ TextIO.output (file, dom)))
+ (Domain.currentAliasDomains ());
+ if suexec then
+ if isVersion1 node then
+ (TextIO.output (file, "\n\tUser ");
+ TextIO.output (file, user);
+ TextIO.output (file, "\n\tGroup ");
+ TextIO.output (file, group))
+ else
+ (TextIO.output (file, "\n\tSuexecUserGroup ");
+ TextIO.output (file, user);
+ TextIO.output (file, " ");
+ TextIO.output (file, group))
+ else
+ ();
+ if isWaklog node then
+ (TextIO.output (file, "\n\tWaklogEnabled on\n\tWaklogLocationPrincipal ");
+ TextIO.output (file, user);
+ TextIO.output (file, "/daemon@HCOOP.NET /etc/keytabs/user.daemon/");
+ TextIO.output (file, user))
+ else
+ ();
+ (ld, file)
end)
nodes;
- write "\tServerName ";
- write fullHost;
- write "\n\tSuexecUserGroup ";
- write user;
- write " ";
- write group;
write "\n\tDocumentRoot ";
write docroot;
write "\n\tServerAdmin ";
write sadmin;
- write "\n\tErrorLog ";
- write Config.Apache.logDir;
- write "/";
- write vhostId;
- write "/error.log\n\tCustomLog ";
- write Config.Apache.logDir;
- write "/";
- write vhostId;
- write "/access.log combined\n";
- !pre {nodes = nodes, id = vhostId, hostname = fullHost}
+ case ssl of
+ SOME cert =>
+ (write "\n\tSSLEngine on\n\tSSLCertificateFile ";
+ write cert)
+ | NONE => ();
+ write "\n";
+ !pre {user = user, nodes = nodes, id = vhostId, hostname = fullHost};
+ app (fn dom => !aliaser (host ^ "." ^ dom)) (Domain.currentAliasDomains ())
end,
fn () => (!post ();
write "\n";
- app TextIO.closeOut (!vhostFiles)))
+ app (TextIO.closeOut o #2) (!vhostFiles)))
+
+val inLocal = ref false
val () = Env.container_one "location"
("prefix", Env.string)
(fn prefix =>
(write "\t\n"),
- fn () => write "\t\n")
+ write ">\n";
+ inLocal := true),
+ fn () => (write "\t\n";
+ inLocal := false;
+ localRewriteEnabled := false))
val () = Env.container_one "directory"
("directory", Env.string)
(fn directory =>
(write "\t\n"),
- fn () => write "\t\n")
+ write ">\n";
+ inLocal := true),
+ fn () => (write "\t\n";
+ inLocal := false;
+ localRewriteEnabled := false))
fun checkRewrite () =
- if !rewriteEnabled then
+ if !inLocal then
+ if !rewriteEnabled orelse !localRewriteEnabled then
+ ()
+ else
+ (write "\tRewriteEngine on\n";
+ localRewriteEnabled := true)
+ else if !rewriteEnabled then
()
else
(write "\tRewriteEngine on\n";
@@ -393,14 +570,20 @@ val () = Env.action_three "rewriteCond"
write "]");
write "\n"))
+val () = Env.action_one "rewriteBase"
+ ("prefix", Env.string)
+ (fn prefix =>
+ (checkRewrite ();
+ write "\tRewriteBase\t";
+ write prefix;
+ write "\n"))
+
val () = Env.action_one "rewriteLogLevel"
("level", Env.int)
(fn level =>
(checkRewrite ();
write "\tRewriteLog ";
- write Config.Apache.logDir;
- write "/";
- write (!currentVhostId);
+ write' (fn x => x);
write "/rewrite.log\n\tRewriteLogLevel ";
write (Int.toString level);
write "\n"))
@@ -466,7 +649,7 @@ val () = Env.action_one "directoryIndex"
app (fn opt => (write " "; write opt)) opts;
write "\n"))
-val () = Env.action_one "serverAlias"
+val () = Env.action_one "serverAliasHost"
("host", Env.string)
(fn host =>
(write "\tServerAlias ";
@@ -474,8 +657,34 @@ val () = Env.action_one "serverAlias"
write "\n";
!aliaser host))
+val () = Env.action_one "serverAlias"
+ ("host", Env.string)
+ (fn host =>
+ (app
+ (fn dom =>
+ let
+ val full = host ^ "." ^ dom
+ in
+ write "\tServerAlias ";
+ write full;
+ write "\n";
+ !aliaser full
+ end)
+ (Domain.currentDomains ())))
+
+val () = Env.action_none "serverAliasDefault"
+ (fn () =>
+ (app
+ (fn dom =>
+ (write "\tServerAlias ";
+ write dom;
+ write "\n";
+ !aliaser dom))
+ (Domain.currentDomains ())))
+
val authType = fn (EVar "basic", _) => SOME "basic"
| (EVar "digest", _) => SOME "digest"
+ | (EVar "kerberos", _) => SOME "kerberos"
| _ => NONE
val () = Env.action_one "authType"
@@ -483,7 +692,11 @@ val () = Env.action_one "authType"
(fn ty =>
(write "\tAuthType ";
write ty;
- write "\n"))
+ write "\n";
+ case ty of
+ "kerberos" =>
+ write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+ | _ => ()))
val () = Env.action_one "authName"
("name", Env.string)
@@ -579,7 +792,7 @@ val () = Env.action_one "addDefaultCharset"
write ty;
write "\n"))
-val () = Env.action_one "davSvn"
+(*val () = Env.action_one "davSvn"
("path", Env.string)
(fn path => (write "\tDAV svn\n\tSVNPath ";
write path;
@@ -589,7 +802,7 @@ val () = Env.action_one "authzSvnAccessFile"
("path", Env.string)
(fn path => (write "\tAuthzSVNAccessFile ";
write path;
- write "\n"))
+ write "\n"))*)
val () = Env.action_two "addDescription"
("description", Env.string, "patterns", Env.list Env.string)
@@ -651,4 +864,15 @@ val () = Env.action_one "readmeName"
write name;
write "\n"))
+val () = Env.action_two "setEnv"
+ ("key", Env.string, "value", Env.string)
+ (fn (key, value) => (write "\tSetEnv \"";
+ write key;
+ write "\" \"";
+ write value;
+ write "\"\n"))
+
+val () = Domain.registerResetLocal (fn () =>
+ ignore (OS.Process.system (Config.rm ^ " -rf /var/domtool/vhosts/*")))
+
end