source: trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py @ 1768

Last change on this file since 1768 was 1768, checked in by geofft, 14 years ago
Rename current scripts.key to scripts-1024.key. * httpd.conf: Default to scripts-1024.key for now. * Blue Sun vhosts: Refer to scripts.key instead of scripts-new.key. * reify-vhost: Add SSLCertificateKeyFile scripts.key for now for newly-reified vhosts, and a comment about what we're doing.
  • Property svn:executable set to *
File size: 2.7 KB
RevLine 
[854]1#!/usr/bin/python
2#
3# Converts an apacheConfig record from LDAP, as used by mod_vhost_ldap,
4# into a <VirtualHost> record as used in an Apache conf.d directory.
5# Useful for adding things like SSL server certs that mod_vhost_ldap
6# doesn't support.
7#
8# Usage:
9# scripts# cd /etc/httpd/vhosts.d
10# scripts# ./reify-vhost.py geofft > geofft.conf
11# scripts# service httpd graceful
12#
13# Geoffrey Thomas <geofft@mit.edu>, 2008, public domain.
14
[1768]15# Note: As of 1/2011 we are inserting SSLCertificateKeyFile into reified
16# hosts, because previously-acqured certificates were signed with an
17# older (1024-bit) key. Sometime around 2014 when our last cert with
18# this key expires, we can update /etc/httpd/conf/httpd.conf to point to
19# the current key instead of the old one, and stop inserting this into
20# individual vhost records. -geofft
21
[854]22import ldap
23import ldap.filter
24import pwd
25import sys
26
[978]27ll = ldap.initialize("ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/")
[854]28ll.simple_bind_s("", "")
29
30host = sys.argv[1]
31
32r = ll.search_s(
33    "ou=VirtualHosts,dc=scripts,dc=mit,dc=edu",
34    ldap.SCOPE_SUBTREE,
35    ldap.filter.filter_format(
36            "(&(objectClass=apacheConfig)" +
37            "(|(apacheServerName=%s)" +
38            "(apacheServerAlias=%s)))",
39           [host, host]))
40if len(r) != 0:
41    user = pwd.getpwuid(int(r[0][1]['apacheSuexecUid'][0]))
[1445]42    serveralias = ""
43    if 'apacheServerAlias' in r[0][1]:
[1449]44        serveralias = "ServerAlias "+" ".join(r[0][1]['apacheServerAlias'])
[854]45    print """# do not trailing-slash DocumentRoot
46
47<VirtualHost *:80>
48        ServerName %(servername)s
[1446]49        %(serveralias)s
[854]50        DocumentRoot %(docroot)s
51        Alias /~%(uname)s %(homedir)s/web_scripts
52        SuExecUserGroup %(uname)s %(uname)s
53        Include conf.d/vhosts-common.conf
54</VirtualHost>
55
56<IfModule ssl_module>
[869]57        <VirtualHost *:443>
[854]58                ServerName %(servername)s
[1445]59                %(serveralias)s
[854]60                DocumentRoot %(docroot)s
61                Alias /~%(uname)s %(homedir)s/web_scripts
62                SuExecUserGroup %(uname)s %(uname)s
63                Include conf.d/vhosts-common-ssl.conf
[870]64                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
[1768]65                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[854]66        </VirtualHost>
[869]67        <VirtualHost *:444>
68                ServerName %(servername)s
[1445]69                %(serveralias)s
[869]70                DocumentRoot %(docroot)s
71                Alias /~%(uname)s %(homedir)s/web_scripts
72                SuExecUserGroup %(uname)s %(uname)s
73                Include conf.d/vhosts-common-ssl.conf
74                Include conf.d/vhosts-common-ssl-cert.conf
[870]75                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
[1768]76                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[869]77        </VirtualHost>
[854]78</IfModule>""" % {
79    'servername': r[0][1]['apacheServerName'][0],
[1445]80    'serveralias': serveralias,
[854]81    'docroot': r[0][1]['apacheDocumentRoot'][0],
82    'uname': user[0],
83    'homedir': user[5],
84    'hname': host
85}
86
87# vim: set ts=4 sw=4 et:
Note: See TracBrowser for help on using the repository browser.