From 045f17366586979805bcc4420eca276810263919 Mon Sep 17 00:00:00 2001 From: Tobias Herre Date: Sat, 30 Sep 2023 09:58:07 +0200 Subject: [PATCH] Can be configured to use ssl or not --- apache.cf | 39 +++++++++++++++++++++-------- templates/httpd-vhost.conf.mustache | 8 +++--- templates/httpd.conf.mustache | 2 +- 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/apache.cf b/apache.cf index df9c354..3ab3059 100644 --- a/apache.cf +++ b/apache.cf @@ -118,11 +118,12 @@ vars: {m: "dav",f:"mod_dav"}, {m: "dav_svn", f:"mod_dav_svn"}, {m: "authz_svn", f:"mod_authz_svn"}, + {m: "ssl",f:"mod_ssl"} ]'; } -bundle agent install_apache(params) +bundle agent install_apache(raw) { classes: @@ -203,10 +204,14 @@ bundle agent apache_vhost classes: "delete" expression => $(site[disable]); "use_ssl" expression => $(site[ssl]); + "use_certbot" expression => strcmp("certbot","$(site[ssl_cert])"); + vars: "site_defaults" data => ' { "aliases":[], + "ssl_cert":"certbot", + "email":"$(apache.admin_email)" } '; @@ -222,11 +227,18 @@ vars: "domain_file" string => "$(apache.cfg_dir)/Vhosts/$(site[domain]).conf"; "domain_dir" string => "$(apache.www_dir)/$(site[domain])/"; -use_ssl:: - "vhostdeps" slist => {"apache_ssl_created$(site[domain])"}; -!use_ssl:: - "vhostdeps" slist => {}; -files: + "ssl_cert" string => ifelse( use_certbot, + "$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem", + "$(site[ssl_cert])"); + "ssl_key" string => ifelse( use_certbot, + "$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", + "$(site[ssl_key])"); + + use_ssl&(use_certbot):: + "vhostdeps" slist => {"apache_ssl_created$(site[domain])"}; + (!use_ssl)|(!use_certbot):: + "vhostdeps" slist => {}; + files: delete:: "$(domain_file)" @@ -248,16 +260,16 @@ files: perms => uperm("$(apache.www_user)","$(apache.www_group)","750"); methods: - use_ssl:: + use_ssl&use_certbot:: "any" usebundle => certbot_cert(@(site),"$(apache.default_html_dir)"), #,"$(site[domain])"), handle => "apache_ssl_created$(site[domain])"; - "apache_vhost_restart":: "any" usebundle => restart_apache("$(site[domain])"), depends_on => {"vhost_cfg_done$(site[domain])","apache_ssl_created$(site[domain])" }; + - !use_ssl:: + (!use_ssl)|(!use_certbot):: "apache_vhost_restart":: "any" usebundle => restart_apache("$(site[domain])"), depends_on => {"vhost_cfg_done$(site[domain])" }; @@ -265,6 +277,13 @@ methods: reports: +# "SSL_CERT: $(ssl_cert) $(ssl_key) "; +# use_ssl:: +# "USE SSL"; +# !use_ssl:: +# "NOT USE_SSL"; + +# "RAW: $(site[raw])"; } @@ -276,6 +295,6 @@ methods: "any" usebundle => apache_vhost(@(sites[$(idx)])); reports: - "IDXE $(idx)"; +# "IDXE $(idx)"; } diff --git a/templates/httpd-vhost.conf.mustache b/templates/httpd-vhost.conf.mustache index dbcb878..92b2cd4 100644 --- a/templates/httpd-vhost.conf.mustache +++ b/templates/httpd-vhost.conf.mustache @@ -44,12 +44,14 @@ CustomLog "{{vars.apache.log_dir}}/{{vars.apache_vhost.site.domain}}-access.log" combined # SSL SSLEngine on - SSLCertificateFile {{vars.certbot.certbot_dir}}/live/{{vars.apache_vhost.site.domain}}/fullchain.pem - SSLCertificateKeyFile {{vars.certbot.certbot_dir}}/live/{{vars.apache_vhost.site.domain}}/privkey.pem +# SSLCertificateFile {{vars.certbot.certbot_dir}}/live/{{vars.apache_vhost.site.domain}}/fullchain.pem +# SSLCertificateKeyFile {{vars.certbot.certbot_dir}}/live/{{vars.apache_vhost.site.domain}}/privkey.pem + SSLCertificateFile {{vars.apache_vhost.ssl_cert}} + SSLCertificateKeyFile {{vars.apache_vhost.ssl_key}} RewriteEngine On Alias /.well-known/acme-challenge/ "{{vars.apache.default_html_dir}}/.well-known/acme-challenge/" RewriteRule "^/.well-known/acme-challenge/" - [L] - {{vars.apache_vhost.site.raw}} + {{{vars.apache_vhost.site.raw}}} {{/vars.apache_vhost.site.ssl}} diff --git a/templates/httpd.conf.mustache b/templates/httpd.conf.mustache index 712b157..4a6a093 100644 --- a/templates/httpd.conf.mustache +++ b/templates/httpd.conf.mustache @@ -581,7 +581,7 @@ SSLRandomSeed connect builtin - +{{vars.install_apache.raw}} Include {{vars.apache.cfg_dir}}/Vhosts/*.conf