vi /etc/httpd/conf/httpd.conf
<Perl>
use Apache::PerlSections();
use Cobalt::Ssl;
# Only a temp variable until we go the whole hog.
my (@ssl_conf,$ip,$group,$rewrite_rules,$proto,$ret);
open(HTTPD_CONF,"/etc/httpd/conf/httpd.conf") ||
die "What ? We can't read our own configuration file?: $!";
# O.K. What we bassically want to do is build up new section in the conf file
# for SSL sections.
while(<HTTPD_CONF>) {
if (/^<VirtualHost [\d\.]+>$/ ... /^<\/VirtualHost>$/) {
if ( /^<VirtualHost ([\d\.]+)>/o ) {
# New section. Clean up.
$ip = $1;
@ssl_conf = ();
$group = undef;
}
# Skip this bit, we don't need it now..
next if (/^<VirtualHost/);
# Just need to grab the group name out before we get on with
# the real work.
if ( /DocumentRoot \/home\/sites\/([^\/]+)\/web/ ){
$group = $1;
}
# These two are for the rewrite options
s/http/https/go if (/^Rewrite/);
s/80/443/go if (/^Rewrite/);
push @ssl_conf, $_;
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
$ret = ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
# ------------- INSERT THIS CODE -------------
$PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
$PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
$PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
# ------------- END INSERT -------------------
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= join(, @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
# ------------- INSERT THIS CODE -------------
$PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
$PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
$PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
# ------------- END INSERT -------------------
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= join(, @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}
}
}
}
close HTTPD_CONF;
# O.K. Now we're done with that ugliness the Rewrite rules to provide transistion
# from the user to the admin server need to be different depending on whether we have
# ssl active or not.
if ( ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$proto = 'https';
} else {
$proto = 'http';
}
# This many seem a little tortured as a way to do this, but the
# quoting is hell.
$rewrite_rules =
'RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteCond %{DOCUMENT_ROOT} !-d
RewriteRule .* proto://servername:81/.cobalt/error/forbidden.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/admin/?$ proto://servername:81/.cobalt/sysManage/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/siteadmin/?$ proto://servername:81/.cobalt/siteManage/%1/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/personal/?$ proto://servername:81/.cobalt/personal/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/.cobalt/(.+) proto://servername:81/.cobalt/$1 [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/cgi-bin/.cobalt/(.+) proto://servername:81/cgi-bin/.cobalt/$1 [L,R]
';
$rewrite_rules =~ s/servername/%1/g;
$rewrite_rules =~ s/proto/$proto/g;
$PerlConfig .= $rewrite_rules;
if ( -f "/etc/DEBUG" ) {
print STDERR Apache::PerlSections->dump();
}
</Perl>
Siehe auch
|
