source: trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py @ 1818

Last change on this file since 1818 was 1818, checked in by mitchb, 11 years ago
Move 389-ds's slapd-scripts.socket to /var/run It turns out that mode 777 directories containing files that daemons use is... not the most brilliant thing we've done. 389-ds has finally decided to insist on clobbering the permissions of /var/run/dirsrv to be less foolish, but several of our daemons and client programs need to be able to access the LDAP daemon's socket. Come visit it in its new home, conveniently located just two directories below the root.
  • Property svn:executable set to *
File size: 2.7 KB
Line 
1#!/usr/bin/python
2#
3# Converts an apacheConfig record from LDAP, as used by mod_vhost_ldap,
4# into a <VirtualHost> record as used in an Apache conf.d directory.
5# Useful for adding things like SSL server certs that mod_vhost_ldap
6# doesn't support.
7#
8# Usage:
9# scripts# cd /etc/httpd/vhosts.d
10# scripts# ./reify-vhost.py geofft > geofft.conf
11# scripts# service httpd graceful
12#
13# Geoffrey Thomas <geofft@mit.edu>, 2008, public domain.
14
15# Note: As of 1/2011 we are inserting SSLCertificateKeyFile into reified
16# hosts, because previously-acqured certificates were signed with an
17# older (1024-bit) key. Sometime around 2014 when our last cert with
18# this key expires, we can update /etc/httpd/conf/httpd.conf to point to
19# the current key instead of the old one, and stop inserting this into
20# individual vhost records. -geofft
21
22import ldap
23import ldap.filter
24import pwd
25import sys
26
27ll = ldap.initialize("ldapi://%2fvar%2frun%2fslapd-scripts.socket/")
28ll.simple_bind_s("", "")
29
30host = sys.argv[1]
31
32r = ll.search_s(
33    "ou=VirtualHosts,dc=scripts,dc=mit,dc=edu",
34    ldap.SCOPE_SUBTREE,
35    ldap.filter.filter_format(
36            "(&(objectClass=apacheConfig)" +
37            "(|(apacheServerName=%s)" +
38            "(apacheServerAlias=%s)))",
39           [host, host]))
40if len(r) != 0:
41    user = pwd.getpwuid(int(r[0][1]['apacheSuexecUid'][0]))
42    serveralias = ""
43    if 'apacheServerAlias' in r[0][1]:
44        serveralias = "ServerAlias "+" ".join(r[0][1]['apacheServerAlias'])
45    print """# do not trailing-slash DocumentRoot
46
47<VirtualHost *:80>
48        ServerName %(servername)s
49        %(serveralias)s
50        DocumentRoot %(docroot)s
51        Alias /~%(uname)s %(homedir)s/web_scripts
52        SuExecUserGroup %(uname)s %(uname)s
53        Include conf.d/vhosts-common.conf
54</VirtualHost>
55
56<IfModule ssl_module>
57        <VirtualHost *:443>
58                ServerName %(servername)s
59                %(serveralias)s
60                DocumentRoot %(docroot)s
61                Alias /~%(uname)s %(homedir)s/web_scripts
62                SuExecUserGroup %(uname)s %(uname)s
63                Include conf.d/vhosts-common-ssl.conf
64                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
65                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
66        </VirtualHost>
67        <VirtualHost *:444>
68                ServerName %(servername)s
69                %(serveralias)s
70                DocumentRoot %(docroot)s
71                Alias /~%(uname)s %(homedir)s/web_scripts
72                SuExecUserGroup %(uname)s %(uname)s
73                Include conf.d/vhosts-common-ssl.conf
74                Include conf.d/vhosts-common-ssl-cert.conf
75                SSLCertificateFile /etc/pki/tls/certs/%(hname)s.pem
76                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
77        </VirtualHost>
78</IfModule>""" % {
79    'servername': r[0][1]['apacheServerName'][0],
80    'serveralias': serveralias,
81    'docroot': r[0][1]['apacheDocumentRoot'][0],
82    'uname': user[0],
83    'homedir': user[5],
84    'hname': host
85}
86
87# vim: set ts=4 sw=4 et:
Note: See TracBrowser for help on using the repository browser.