Commit 0cea52dd authored by Nigel Kukard's avatar Nigel Kukard

Added Apache2.4 support

parent d84aceda
......@@ -90,7 +90,7 @@ sub accountInit
# Make sure the dir exists...
my $dir = "/etc/awit-certmaster";
if (! -d $dir) {
my @created = make_path($dir, { 'verbose' => 1, 'mode' => 0700 });
my @created = make_path($dir,1,0700);
}
# Check if the dir was created
if (! -d $dir) {
......@@ -178,14 +178,109 @@ sub certificateRetrieve
# Check nginx vhosts
sub webserverCheckNginx
# Check Apache vhosts
sub webserverCheckApache
{
my $self = shift;
# Grab the current datetime
my $now = DateTime->now();
# Open the main nginx sites-available directory and take a peek
my $dataDir = '/etc/apache2/sites-available';
my $vhostConfig = { };
if (opendir(my $dh, $dataDir)) {
# Loop with each item
while(my $item = readdir($dh)) {
my $fullPath = sprintf('%s/%s',$dataDir,$item);
# Skip directories
next if (! -f $fullPath);
# We only process domains with .'s in their name
next if ($item !~ /^[a-z].*\./);
# For apache we need to strip off .conf
$item =~ s/\.conf$//;
# Add vhost config
$vhostConfig->{$item}->{'config'} = $fullPath;
}
closedir($dh);
# Check for failure with our opendir
} else {
# Fail if we cannot open the configuration directory
$self->logger("ERROR","APACHE: Failed to open configuration directory '%s': %s",$dataDir,$!);
exit 1;
}
# Loop with config files found
foreach my $vhostName (keys %{$vhostConfig}) {
my $vhost = $vhostConfig->{$vhostName};
$self->logger("INFO","APACHE: Processing vhost '%s'",$vhostName);
# Open config file
if (open(my $FH,'<',$vhost->{'config'})) {
# Read in each line
my @serverNames = ();
while (my $line = <$FH>) {
# Regex out the server name
if ($line =~ /^\s*server(?:name|alias)\s+(\S+)/i) {
my $serverName = $1;
$vhost->{'server_names'}->{$serverName} = 1;
}
}
close($FH);
} else {
$self->logger("ERROR","APACHE: - Failed to open config file '%s', SKIPPING this vhost",$vhost->{'config'});
delete($vhostConfig->{$vhostName});
next;
}
# Make sure we found server_name's
if (!defined($vhost->{'server_names'})) {
$self->logger("ERROR","APACHE: - No server names found in vhost '%s'",$vhostName);
delete($vhostConfig->{$vhostName});
next;
}
# Make sure we find the main vhost name
if (!defined($vhost->{'server_names'}->{$vhostName})) {
$self->logger("ERROR","APACHE: - The vhost name '%s' is not present in the 'server_name' list",$vhostName);
delete($vhostConfig->{$vhostName});
next;
}
# Output server names
foreach my $domain (keys %{$vhost->{'server_names'}}) {
# Check if domain contains wildcard, if it does, we cannot continue with it
if ($domain =~ /\*/) {
$self->logger("ERROR","APACHE: - The vhost name '%s' has a wildcard server_name, SKIPPING",$vhostName);
delete($vhostConfig->{$vhostName});
last;
}
$self->logger("INFO","APACHE: - Found server_name '%s'",$domain);
}
}
# Check certificates
if (!$self->_webserverCheckCertificates($vhostConfig)) {
return $self;
}
# Reload Apache
$self->_webserverReloadApache();
return $self;
}
# Check Nginx vhosts
sub webserverCheckNginx
{
my $self = shift;
# Open the main nginx sites-available directory and take a peek
my $dataDir = '/etc/nginx/sites-available';
......@@ -263,6 +358,84 @@ sub webserverCheckNginx
}
}
# Check certificates
if (!$self->_webserverCheckCertificates($vhostConfig)) {
return $self;
}
# Reload NGINX
$self->_webserverReloadNginx();
return $self;
}
# Log something
sub logger
{
my ($self,$level,$arg1,@args) = @_;
printf(STDERR '%-7s: '.$arg1."\n",$level,@args);
return;
}
#
# Internal Methods
#
# Internal _init function
sub _init
{
my ($self,$opts) = @_;
# If we're running in live mode, don't use a suffix
if (defined($opts->{'live'}) && $opts->{'live'}) {
$self->{'file_suffix'} = '';
$self->{'live'} = 1;
} else {
$self->{'file_suffix'} = '.test';
$self->{'live'} = 0;
}
# Check if we're checking only...
if (defined($opts->{'check_only'}) && $opts->{'check_only'}) {
$self->{'check_only'} = 1;
} else {
$self->{'check_only'} = 0;
}
# Init properties
$self->{'key'} = undef;
# Keep track of what we're processing
$self->{'force_verify'} = $opts->{'force_verify'};
$self->{'force_vhosts'} = $opts->{'force_vhosts'};
$self->{'only_vhosts'} = $opts->{'only_vhosts'};
$self->{'use_dns'} = $opts->{'use_dns'};
return $self;
}
# Internal function to check the vhostConfig certificates
sub _webserverCheckCertificates
{
my ($self,$vhostConfig) = @_;
# Grab the current datetime
my $now = DateTime->now();
# Lets process the vhost certificates
foreach my $vhostName (keys %{$vhostConfig}) {
my $vhost = $vhostConfig->{$vhostName};
......@@ -339,7 +512,7 @@ SKIP:
# If we no longer have entries in our vhost config, we can safely exit
if (keys %{$vhostConfig} == 0) {
return $self;
return undef;
}
# Check if we're going to check only...
......@@ -358,9 +531,10 @@ SKIP:
}
}
return $self;
return undef;
}
# If we still have entries, we need to start processing!
$self->accountInit();
......@@ -419,25 +593,36 @@ SKIP:
}
}
return $self;
}
# Reload Apache
sub _webserverReloadApache
{
my $self = shift;
# Check if the configtest passes
if ($self->{'live'}) {
# Check if Nginx config is OK
system('service nginx configtest > /dev/null 2>&1');
# Check if Apache config is OK
system('service apache configtest > /dev/null 2>&1');
if ($? >> 8) {
$self->logger("ERROR","NGINX: Failed configtest, reload NOT done");
$self->logger("ERROR","APACHE: Failed configtest, reload NOT done");
return $self;
}
$self->logger("INFO","NGINX: Successful configtest");
$self->logger("INFO","APACHE: Successful configtest");
# Reload Nginx config
system('service nginx reload > /dev/null 2>&1');
# Reload Apache config
system('service apache reload > /dev/null 2>&1');
if ($? >> 8) {
$self->logger("ERROR","NGINX: Failed reload");
$self->logger("ERROR","APACHE: Failed reload");
return $self;
}
$self->logger("INFO","NGINX: Successful reload");
$self->logger("INFO","APACHE: Successful reload");
}
return $self;
......@@ -445,57 +630,33 @@ SKIP:
# Log something
sub logger
# Reload Nginx
sub _webserverReloadNginx
{
my ($self,$level,$arg1,@args) = @_;
printf(STDERR '%-7s: '.$arg1."\n",$level,@args);
return;
}
#
# Internal Methods
#
my $self = shift;
# Internal _init function
sub _init
{
my ($self,$opts) = @_;
# Check if the configtest passes
if ($self->{'live'}) {
# Check if Nginx config is OK
system('service nginx configtest > /dev/null 2>&1');
if ($? >> 8) {
$self->logger("ERROR","NGINX: Failed configtest, reload NOT done");
return $self;
}
$self->logger("INFO","NGINX: Successful configtest");
# If we're running in live mode, don't use a suffix
if (defined($opts->{'live'}) && $opts->{'live'}) {
$self->{'file_suffix'} = '';
$self->{'live'} = 1;
} else {
$self->{'file_suffix'} = '.test';
$self->{'live'} = 0;
}
# Reload Nginx config
system('service nginx reload > /dev/null 2>&1');
if ($? >> 8) {
$self->logger("ERROR","NGINX: Failed reload");
return $self;
}
# Check if we're checking only...
if (defined($opts->{'check_only'}) && $opts->{'check_only'}) {
$self->{'check_only'} = 1;
} else {
$self->{'check_only'} = 0;
$self->logger("INFO","NGINX: Successful reload");
}
# Init properties
$self->{'key'} = undef;
# Keep track of what we're processing
$self->{'force_verify'} = $opts->{'force_verify'};
$self->{'force_vhosts'} = $opts->{'force_vhosts'};
$self->{'only_vhosts'} = $opts->{'only_vhosts'};
$self->{'use_dns'} = $opts->{'use_dns'};
return $self;
}
......@@ -1334,7 +1495,7 @@ sub leHandleChallenge
# Make sure the dir exists...
if (! -d $dir) {
my @created = make_path($dir, { 'verbose' => 1, 'mode' => 0755 });
my @created = make_path($dir,1,0755);
}
# Check if the dir was created
if (! -d $dir) {
......@@ -1343,8 +1504,9 @@ sub leHandleChallenge
}
# Create file...
umask(0022);
umask(0122);
if (open(my $FH,'>',$challengeFile)) {
$self->logger("INFO","LE: Created 'http-01' challenge file '%s'",$challenge->{'token'});
# Write out contents
print($FH $challenge->{'key_authorization'});
close($FH);
......@@ -1553,7 +1715,7 @@ use Getopt::Long;
my $NAME = "AWIT-CertMaster";
our $VERSION = "1.0.4";
our $VERSION = "1.1.0";
......@@ -1566,6 +1728,8 @@ my %optctl = ();
GetOptions(\%optctl,
"help|?",
"version",
"nginx",
"apache",
"check-only",
"force=s@",
......@@ -1598,7 +1762,17 @@ my $cm = AWIT::CertMaster::LetsEncrypt->new({
'use_dns' => $optctl{'use-dns'},
});
$cm->webserverCheckNginx();
# Check what mode of operation we're running in
if ($optctl{'nginx'}) {
$cm->webserverCheckNginx();
} elsif ($optctl{'apache'}) {
$cm->webserverCheckApache();
} else {
$cm->logger('ERROR',"Either --nginx or --apache must be used");
displayHelp();
exit 1;
}
......@@ -1624,6 +1798,9 @@ sub displayHelp
General Options:
--help What you're seeing now.
--version Display version.
--nginx Process Nginx vhosts.
--apache Process Apache vhosts.
Certificate Functions:
--check-only Only check, don't do anything.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment