adjust apache conf file

uyuni-project · Oct 18, 2023 · 8d0d0c5 · 8d0d0c5
1 parent a3671ce
commit 8d0d0c5
Show file tree

Hide file tree

Showing 5 changed files with 166 additions and 24 deletions.
diff --git a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
@@ -1,6 +1,48 @@
 Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
 \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\" %>s T%{ms}T"               ssl_combined
 
+DocumentRoot "/usr/share/susemanager/www/htdocs"
+
+<Directory "/usr/share/susemanager/www/htdocs">
+        Options None
+        AllowOverride None
+        <IfModule !mod_access_compat.c>
+                Require all granted
+        </IfModule>
+        <IfModule mod_access_compat.c>
+                Order allow,deny
+                Allow from all
+        </IfModule>
+</Directory>
+
+Alias /icons/ "/usr/share/apache2/icons/"
+
+<Directory "/usr/share/apache2/icons">
+        Options Indexes MultiViews
+        AllowOverride None
+        <IfModule !mod_access_compat.c>
+                Require all granted
+        </IfModule>
+        <IfModule mod_access_compat.c>
+                Order allow,deny
+                Allow from all
+        </IfModule>
+</Directory>
+
+ScriptAlias /cgi-bin/ "/usr/share/susemanager/www/cgi-bin/"
+
+<Directory "/usr/share/susemanager/www/cgi-bin">
+        AllowOverride None
+        Options +ExecCGI -Includes
+        <IfModule !mod_access_compat.c>
+                Require all granted
+        </IfModule>
+        <IfModule mod_access_compat.c>
+                Order allow,deny
+                Allow from all
+        </IfModule>
+</Directory>
+
 <Directory "/usr/share/susemanager/www/htdocs/*">
     Options Indexes FollowSymLinks
     AllowOverride All

diff --git a/spacewalk/config/etc/httpd/vhosts.d/spacewalk-vhost-ssl.conf b/spacewalk/config/etc/httpd/vhosts.d/spacewalk-vhost-ssl.conf
@@ -0,0 +1,61 @@
+# Template for a VirtualHost with SSL
+# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
+# Files must have the .conf suffix to be loaded.
+#
+# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
+# about virtual hosts.
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these 
+# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfDefine SSL>
+<IfDefine !NOSSL>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+        #  General setup for the virtual host
+        DocumentRoot "/usr/share/susemanager/www/htdocs"
+        #ServerName www.example.com:443
+        #ServerAdmin webmaster@example.com
+        ErrorLog /var/log/apache2/error_log
+        TransferLog /var/log/apache2/access_log
+
+        #   SSL Engine Switch:
+        #   Enable/Disable SSL for this virtual host.
+        SSLEngine on
+
+        #   OCSP Stapling:
+        #   Enable/Disable OCSP for this virtual host.
+        SSLUseStapling  on
+
+        #   You can use per vhost certificates if SNI is supported.
+SSLCertificateFile /etc/pki/tls/certs/spacewalk.crt
+SSLCertificateKeyFile /etc/pki/tls/private/spacewalk.key
+        #SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
+
+        #   Per-Server Logging:
+        #   The home of a custom SSL log file. Use this when you want a
+        #   compact non-error SSL logfile on a virtual host basis.
+        CustomLog /var/log/apache2/ssl_request_log   ssl_combined
+
+RewriteEngine on
+RewriteOptions inherit
+SSLProxyEngine on
+<IfModule mod_jk.c>
+    JkMountCopy On
+</IfModule>
+</VirtualHost>
+
+</IfDefine>
+</IfDefine>
diff --git a/spacewalk/config/etc/httpd/vhosts.d/spacewalk-vhost-ssl.template b/spacewalk/config/etc/httpd/vhosts.d/spacewalk-vhost-ssl.template
@@ -0,0 +1,55 @@
+# Template for a VirtualHost with SSL
+# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
+# Files must have the .conf suffix to be loaded.
+#
+# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
+# about virtual hosts.
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these 
+# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfDefine SSL>
+<IfDefine !NOSSL>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+        #  General setup for the virtual host
+        DocumentRoot "/usr/share/susemanager/www/htdocs"
+        #ServerName www.example.com:443
+        #ServerAdmin webmaster@example.com
+        ErrorLog /var/log/apache2/error_log
+        TransferLog /var/log/apache2/access_log
+
+        #   SSL Engine Switch:
+        #   Enable/Disable SSL for this virtual host.
+        SSLEngine on
+
+        #   OCSP Stapling:
+        #   Enable/Disable OCSP for this virtual host.
+        SSLUseStapling  on
+
+        #   You can use per vhost certificates if SNI is supported.
+        SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
+        SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
+        #SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
+
+        #   Per-Server Logging:
+        #   The home of a custom SSL log file. Use this when you want a
+        #   compact non-error SSL logfile on a virtual host basis.
+        CustomLog /var/log/apache2/ssl_request_log   ssl_combined
+
+</VirtualHost>
+
+</IfDefine>
+</IfDefine>
diff --git a/spacewalk/config/spacewalk-config.spec b/spacewalk/config/spacewalk-config.spec
@@ -92,6 +92,8 @@ mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/private/
 %config %{apacheconfdir}/conf.d/zz-spacewalk-www.conf
 %config %{apacheconfdir}/conf.d/os-images.conf
 %config %{apacheconfdir}/conf.d/z-public.conf
+%config %{apacheconfdir}/vhosts.d/spacewalk-vhost-ssl.conf
+%config %{apacheconfdir}/vhosts.d/spacewalk-vhost-ssl.template
 %attr(440,root,root) %config %{_sysconfdir}/sudoers.d/spacewalk
 %dir %{_var}/lib/cobbler/
 %dir %{_var}/lib/cobbler/kickstarts/
@@ -138,6 +140,12 @@ sysconf_addword /etc/sysconfig/apache2 APACHE_SERVER_FLAGS SSL
 sysconf_addword /etc/sysconfig/apache2 APACHE_SERVER_FLAGS ISSUSE
 %endif
 
+if [ -f /etc/apache2/vhosts.d/vhost-ssl.conf ]; then
+    mv  /etc/apache2/vhosts.d/vhost-ssl.conf /etc/apache2/vhosts.d/vhost-ssl.conf.bak
+fi
+if [ -f /etc/apache2/vhosts.d/vhost.template ]; then
+    mv  /etc/apache2/vhosts.d/vhost.template /etc/apache2/vhosts.d/vhost.template.bak
+fi
 
 ### TO-REMOVE AFTER: 2023-12-01
 if egrep -m1 "^taskomatic.com.redhat.rhn.taskomatic.task.SSHMinionActionExecutor.parallel_threads[[:space:]]*=" /etc/rhn/rhn.conf >/dev/null; then

diff --git a/susemanager/bin/mgr-setup b/susemanager/bin/mgr-setup
@@ -408,26 +408,6 @@ if [ -f $MANAGER_COMPLETE ]; then
 fi
 }
 
-
-
-#TODO most of the apache configuration are set in the perl script, so these changes should be there...but since we want to deprecate perl, the final
-# goal would be to move everything here.
-#
-setup_apache() {
-    sed -i 's|DocumentRoot "/srv|DocumentRoot "/usr/share/susemanager|g' /etc/apache2/default-server.conf
-    sed -i 's|<Directory "/srv|<Directory "/usr/share/susemanager|g' /etc/apache2/default-server.conf
-    sed -i 's|<Directory "/srv|<Directory "/usr/share/susemanager|g' /etc/apache2/conf.d/zz-spacewalk-www.conf
-    sed -i 's|ScriptAlias /cgi-bin/ "/srv|ScriptAlias /cgi-bin/ "/usr/share/susemanager|g' /etc/apache2/default-server.conf
-    sed -i 's|DocumentRoot "/srv|DocumentRoot "/usr/share/susemanager|g' /etc/apache2/vhosts.d/vhost-ssl.conf
-    sed -i 's|DocumentRoot "/srv|DocumentRoot "/usr/share/susemanager|g' /etc/apache2/vhosts.d/vhost-ssl.template
-}
-
-#TODO move this on the permission check function
-setup_permission() {
-    chown tomcat:tomcat -R /usr/share/susemanager/www/htdocs
-    chmod 777 -R /usr/share/susemanager/www/htdocs
-}
-
 setup_spacewalk() {
     CERT_COUNTRY=`echo -n $CERT_COUNTRY|tr '[:lower:]' '[:upper:]'`
 
@@ -526,10 +506,6 @@ ssl-server-key = $SERVER_KEY" >> /root/spacewalk-answers
         /usr/sbin/mgr-package-rpm-certificate-osimage
     fi
 
-    setup_apache
-
-    setup_permission
-
     # rm /root/spacewalk-answers
     if [ "$SWRET" != "0" ]; then
         echo "ERROR: spacewalk-setup failed" >&2