Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
poloniumv
/
lcwm2
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ramo: master
Ramos Etiquetas
lcwm2
/
reconf_ng

reconf_ng 8.1 KB
Link permanente Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221 
  1. #!/usr/bin/perl
    2. 

  2. use strict;
    3. 

  3. use warnings;
    4. 

  4. use Config::General;
    5. 

  5. use Data::Dumper;
    6. 

  6. use Text::Xslate qw(mark_raw);
    7. 

  7. use File::Slurp;
    8. 

  8. use File::Copy;
    9. 

  9. open STDERR, '>', "/dev/null";
    10. 

  10. 

  11. my $LCWM             = '/etc/nginx/lcwm2';
    12. 

  12. my $A2CFG            = '/etc/httpd/conf/httpd.conf' ;
    13. 

  13. my $NGCFG            = '/etc/nginx/nginx.conf' ;
    14. 

  14. my $NGCFGen          = "$NGCFG.gen" ;
    15. 

  15. my $NGCFGbak         = "$NGCFG." . time() ;
    16. 

  16. my $A2PORT           = 81 ;
    17. 

  17. my $A2PORTS          = 8443 ;
    18. 

  18. my $NGPORT           = 80 ;
    19. 

  19. my $NGPORTS          = 443 ;
    20. 

  20. my $NGCFGBASE        = "$LCWM/nginx.base" ;
    21. 

  21. my $NGCFGVHOSTSTAT   = "$LCWM/vhost_static.conf" ;
    22. 

  22. my $NGCFG_CUSTOM_DIR = "$LCWM/custom";
    23. 

  23. my $A2CLEAN          = "$LCWM/ap2_clean.conf" ;
    24. 

  24. my $DEFLISTEN        = " default sndbuf=98304 backlog=2048 deferred" ;
    25. 

  25. 

  26. my $template_def_ips = qq{
    27. 

  27. # aka null.tld + $DEFLISTEN
    28. 

  28. server {
    29. 

  29.     : for \$ipv4 -> \$ip {
    30. 

  30.      listen <: \$ip :>:$NGPORT $DEFLISTEN;
    31. 

  31.     : }
    32. 

  32.     : for \$ipv6 -> \$ip {
    33. 

  33.      listen <: \$ip :>:$NGPORT $DEFLISTEN;
    34. 

  34.     : }
    35. 

  35.     access_log  off;
    36. 

  36.     error_log   /dev/null;
    37. 

  37.     server_name "";
    38. 

  38.     return      444;
    39. 

  39. }
    40. 

  40. };
    41. 

  41. my $template_ng_vhost = q{
    42. 

  42. #---vhost for domain <: $server_name :> on IP <: $listen :> <: $ssl :> ----
    43. 

  43. server {
    44. 

  44.     : for $ips.ipv4 -> $ip {
    45. 

  45.      listen <: $ip :>:<: $ngport :> <: $ssl :>;
    46. 

  46.     : }
    47. 

  47.     : for $ips.ipv6 -> $ip {
    48. 

  48.      listen <: $ip :>:<: $ngport :> <: $ssl :>;
    49. 

  49.     : }
    50. 

  50.     server_name   <: $server_name :> <: $alias :> ;
    51. 

  51.     root          <: $root :> ;
    52. 

  52.     access_log off; # /var/log/nginx/<: $server_name :>.access.log  main buffer=32k;
    53. 

  53.     error_log  /var/log/nginx/<: $server_name :>.error.log  warn;
    54. 

  54.     : if $include_slash == "" {
    55. 

  55.     location @apache {
    56. 

  56.         proxy_pass   http://<: $main_ip :>:<: $a2port :>;
    57. 

  57.         proxy_redirect http://<: $server_name :>:<: $a2port :> http://<: $server_name :>;
    58. 

  58.         proxy_redirect http://www.<: $server_name :>:<: $a2port :> http://www.<: $server_name :>;
    59. 

  59.         proxy_redirect http://webmail.<: $server_name :>:<: $a2port :> http://webmail.<: $server_name :>;
    60. 

  60.         proxy_redirect http://admin.<: $server_name :>:<: $a2port :> http://admin.<: $server_name :>;
    61. 

  61.     }
    62. 

  62.     location / {
    63. 

  63.         try_files maintenance.html @apache;
    64. 

  64.     }
    65. 

  65.     : } else {
    66. 

  66.     <: $include_slash :>
    67. 

  67.     : }
    68. 

  68.     <: $include_static :> 
    69. 

  69.     : if $ssl != "" {
    70. 

  70.     ssl_certificate           <: $ssl_certificate          :> ;
    71. 

  71.     ssl_certificate_key       <: $ssl_certificate_key      :> ;
    72. 

  72.     ssl_session_timeout 1d;
    73. 

  73.     ssl_session_cache shared:SSL:50m;
    74. 

  74.     ssl_session_tickets off;
    75. 

  75.     ssl_dhparam /etc/ssl/certs/dhparam.pem;
    76. 

  76.     ssl_protocols TLSv1.2;
    77. 

  77.     ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    78. 

  78.     ssl_prefer_server_ciphers on;
    79. 

  79.     #ssl_stapling on;
    80. 

  80.     #ssl_stapling_verify on;
    81. 

  81.     resolver 8.8.8.8;
    82. 

  82.     : }
    83. 

  83. }
    84. 

  84. };
    85. 

  85. 

  86. 

  87. sub update_pem {
    88. 

  88. # Bash analog:
    89. 

  89. # cat $SSLSERT > $SSLSERT".pem"
    90. 

  90. # cat $SSLCA  >> $SSLSERT".pem"
    91. 

  91. #
    92. 

  92.     my ($SSLSERT, $SSLCA) = @_ ;
    93. 

  93.     my $OUT = $SSLSERT . ".pem";
    94. 

  94.     write_file( $OUT, {append => 0 }, read_file($SSLSERT) ) ;
    95. 

  95.     write_file( $OUT, {append => 1 }, read_file($SSLCA) ) if ( $SSLCA );
    96. 

  96.     return $OUT;
    97. 

  97. }
    98. 

  98. 

  99. sub uniq {
    100. 

  100. # remove duplicates from array
    101. 

  101. #
    102. 

  102.     my %seen;
    103. 

  103.     return grep { !$seen{$_}++ } @_;
    104. 

  104. }
    105. 

  105. 

  106. sub get_ips {
    107. 

  107. # get array of ips from VirtualHost string, like this "IP1:http IP2:http [ipv6_1]:http [ipv6_2]:http"
    108. 

  108. #
    109. 

  109.     my ($text) = @_ ;
    110. 

  110.     my %hash;
    111. 

  111.     my @ipv6 = uniq ( $text =~ m/\[.+?\]/sg    ) ;
    112. 

  112.     my @ipv6_wo_local = grep ! /\[fe80/, @ipv6 ;
    113. 

  113.        @ipv6_wo_local = grep ! /\[2001/, @ipv6_wo_local ;
    114. 

  114.     my @ipv4 = uniq ( $text =~ m/[0-9.]{7,}/sg ) ;
    115. 

  115.     $hash{ipv6} = \@ipv6_wo_local ;
    116. 

  116.     $hash{ipv4} = \@ipv4 ;
    117. 

  117.     return \%hash ;
    118. 

  118.     }
    119. 

  119. 

  120. sub cook_ng_vhost {
    121. 

  121. # convert [httpd.conf->Config::General]=>@vh_array->{$vhost} to %ng_hash=>[Text::Xslate->nginx.conf]
    122. 

  122. #
    123. 

  123.     my ($vh, $ip_port) = @_ ;
    124. 

  124.     my $port = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
    125. 

  125.     my %hash;
    126. 

  126.     my $server_name = $vh->{ServerName};
    127. 

  127.     my @statics = glob "/home/*/configs/$server_name.static /etc/nginx/*/custom/$server_name.static";
    128. 

  128.     my @slashes = glob "/home/*/configs/$server_name.slash  /etc/nginx/*/custom/$server_name.slash";
    129. 

  129.     my $include_static = "/fake_path";
    130. 

  130.     my $include_slash  = "/fake_path";
    131. 

  131.     $include_static = $statics[0] if $statics[0] ;
    132. 

  132.     $include_slash  = $slashes[0] if $slashes[0] ;
    133. 

  133.     #print $server_name . " " . $include_static  . " " . $include_slash . "\n";
    134. 

  134.     $hash{'alias'}                   = ref $vh->{ServerAlias} eq 'ARRAY' ? join(" ", @{$vh->{ServerAlias}}) : $vh->{ServerAlias} ;
    135. 

  135.     $hash{'root'}                    = $vh->{DocumentRoot} ;
    136. 

  136.     $hash{'server_name'}             = $vh->{ServerName} ;
    137. 

  137.     $hash{'main_ip'}                 = get_ips($ip_port)->{ipv4}[0] ;
    138. 

  138.     $hash{'a2port'}                  = $A2PORT ;
    139. 

  139.     $hash{'ips'}                     = get_ips($ip_port) ;
    140. 

  140.     $hash{'ngport'}                  = $vh->{SSLEngine} ? $NGPORTS : $NGPORT ;
    141. 

  141.     $hash{'ssl'}                     = $vh->{SSLEngine} ? "ssl" : "";
    142. 

  142.     $hash{'ssl_certificate'}         = $vh->{SSLEngine} ? update_pem( $vh->{SSLCertificateFile}, $vh->{SSLCACertificateFile} ) : "" ;
    143. 

  143.     $hash{'ssl_certificate_key'}     = $vh->{SSLCertificateKeyFile} ;
    144. 

  144.     $hash{'include_static'}          = (-f $include_static ) ? read_file( $include_static ) : "include $NGCFGVHOSTSTAT;" ; 
    145. 

  145.     $hash{'include_slash'}           = (-f $include_slash  ) ? read_file( $include_slash  ) : "" ;
    146. 

  146.     $hash{'include_static'}          = mark_raw( $hash{'include_static'} ) ;
    147. 

  147.     $hash{'include_slash'}           = mark_raw( $hash{'include_slash'}  ) ;
    148. 

  148.     return \%hash;
    149. 

  149. }
    150. 

  150. 

  151. sub cook_ng_array {
    152. 

  152.     open(my $a2cfg,   '<:encoding(utf8)', $A2CFG  ) or die "unable to open $A2CFG: $!\n";
    153. 

  153.     open(my $a2clean, "+>",               $A2CLEAN) or die "$0: can't create temporary file: $!\n";
    154. 

  154.     while (<$a2cfg>) { print $a2clean "$_" if ( /^\<VirtualHost/ .. /\<\/VirtualHost\>/ ) } ;
    155. 

  155.     close   $a2cfg; 
    156. 

  156.     close   $a2clean;
    157. 

  157. 

  158.     my %conf = Config::General->new($A2CLEAN)->getall();
    159. 

  159.     unlink  $A2CLEAN;
    160. 

  160.     my @ng_array = ();
    161. 

  161.     for my $ip_port (keys %{$conf{VirtualHost}}) { 
    162. 

  162.         if ( ref $conf{VirtualHost}{$ip_port} eq 'ARRAY' ) {
    163. 

  163.             for my $vh ( @{$conf{VirtualHost}{$ip_port}} ) {
    164. 

  164.                 if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
    165. 

  165.                     push  @ng_array, cook_ng_vhost($vh, $ip_port);
    166. 

  166.                 }
    167. 

  167.             }
    168. 

  168.         } else { 
    169. 

  169.             my $vh = $conf{VirtualHost}{$ip_port} ;
    170. 

  170.             if (exists $vh->{ServerName} and exists $vh->{ServerAlias}) {
    171. 

  171.                 push  @ng_array, cook_ng_vhost( $vh, $ip_port);
    172. 

  172.             }
    173. 

  173.         }
    174. 

  174.     }
    175. 

  175.     return \@ng_array;
    176. 

  176. }
    177. 

  177. 

  178. sub render_ng {
    179. 

  179.     my $tx = Text::Xslate->new();
    180. 

  180.     write_file($NGCFGen, {append => 0 }, read_file( $NGCFGBASE ) );
    181. 

  181.     #print Dumper @ng_array;
    182. 

  182.     ## TO DO, rm durty code
    183. 

  183.     my $get_string_with_all_ips = `grep VirtualHost $A2CFG`;
    184. 

  184.     write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_def_ips, get_ips ( $get_string_with_all_ips ) ) );
    185. 

  185.     ## /TO DO
    186. 

  186.     foreach my $vhost (values cook_ng_array){
    187. 

  187.         write_file( $NGCFGen, {append => 1 }, $tx->render_string( $template_ng_vhost, $vhost ) );
    188. 

  188.     }
    189. 

  189.     write_file( $NGCFGen, {append => 1 }, "\n\#close section http {\n}" ) ;
    190. 

  190.     print "Config done ... " ;
    191. 

  191. }
    192. 

  192. 

  193. sub reconf_ng {
    194. 

  194.     my @args = ("/usr/sbin/nginx", "-t", "-c", "$NGCFGen" );
    195. 

  195.     # Debug
    196. 

  196.     copy($NGCFGen, '/etc/nginx/test.conf');
    197. 

  197.     # -----
    198. 

  198.     if ( system(@args) == 0 ) {
    199. 

  199.         print "syntax is ok ... ";
    200. 

  200.     } else {
    201. 

  201.         print "syntax check failed ...\n";
    202. 

  202.         die "system @args failed: $?";
    203. 

  203.     }
    204. 

  204.     move($NGCFG, $NGCFGbak);
    205. 

  205.     copy($NGCFGen, $NGCFG);
    206. 

  206.     print "backup done ... ";
    207. 

  207.     #@args = ("/usr/sbin/nginx", "-s", "reload" );
    208. 

  208.     @args = ("service", "nginx", "restart" );
    209. 

  209.     if ( system(@args) == 0  or system(@args) == 256) {
    210. 

  210.         print "nginx reloaded. ALL OK\n";
    211. 

  211.     } else {
    212. 

  212.         print system(@args);
    213. 

  213.         copy($NGCFGbak, $NGCFG);
    214. 

  214.         print "nginx reload failed, revert config done ...\n";
    215. 

  215.         die "system @args failed: $?";
    216. 

  216.     }
    217. 

  217. 

  218. }
    219. 

  219. 

  220. render_ng ;
    221. 

  221. reconf_ng ;
    222.