2014-04-13 18:01:30 +00:00
|
|
|
module Propellor.Property.Apache where
|
|
|
|
|
|
|
|
import Propellor
|
|
|
|
import qualified Propellor.Property.File as File
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
2014-04-13 18:36:19 +00:00
|
|
|
import qualified Propellor.Property.Service as Service
|
2014-10-31 21:47:52 +00:00
|
|
|
import Utility.SafeCommand
|
2014-04-13 18:01:30 +00:00
|
|
|
|
|
|
|
type ConfigFile = [String]
|
|
|
|
|
|
|
|
siteEnabled :: HostName -> ConfigFile -> RevertableProperty
|
2015-01-25 02:38:10 +00:00
|
|
|
siteEnabled hn cf = enable <!> disable
|
2014-04-13 18:01:30 +00:00
|
|
|
where
|
2014-12-09 04:34:24 +00:00
|
|
|
enable = combineProperties ("apache site enabled " ++ hn)
|
|
|
|
[ siteAvailable hn cf
|
2014-10-31 21:47:52 +00:00
|
|
|
`requires` installed
|
|
|
|
`onChange` reloaded
|
2014-12-09 04:34:24 +00:00
|
|
|
, check (not <$> isenabled) $
|
|
|
|
cmdProperty "a2ensite" ["--quiet", hn]
|
|
|
|
`requires` installed
|
|
|
|
`onChange` reloaded
|
|
|
|
]
|
2014-10-31 21:47:52 +00:00
|
|
|
disable = combineProperties
|
2014-07-22 19:25:07 +00:00
|
|
|
("apache site disabled " ++ hn)
|
|
|
|
(map File.notPresent (siteCfg hn))
|
2014-04-13 18:01:30 +00:00
|
|
|
`onChange` cmdProperty "a2dissite" ["--quiet", hn]
|
2014-04-13 18:36:19 +00:00
|
|
|
`requires` installed
|
|
|
|
`onChange` reloaded
|
2014-10-31 21:47:52 +00:00
|
|
|
isenabled = boolSystem "a2query" [Param "-q", Param "-s", Param hn]
|
2014-04-13 18:01:30 +00:00
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
siteAvailable :: HostName -> ConfigFile -> Property NoInfo
|
2014-07-22 19:25:07 +00:00
|
|
|
siteAvailable hn cf = combineProperties ("apache site available " ++ hn) $
|
|
|
|
map (`File.hasContent` (comment:cf)) (siteCfg hn)
|
2014-04-13 18:01:30 +00:00
|
|
|
where
|
|
|
|
comment = "# deployed with propellor, do not modify"
|
|
|
|
|
2014-04-13 18:36:19 +00:00
|
|
|
modEnabled :: String -> RevertableProperty
|
2015-01-25 02:38:10 +00:00
|
|
|
modEnabled modname = enable <!> disable
|
2014-04-13 18:36:19 +00:00
|
|
|
where
|
2014-10-31 21:47:52 +00:00
|
|
|
enable = check (not <$> isenabled) $
|
|
|
|
cmdProperty "a2enmod" ["--quiet", modname]
|
|
|
|
`describe` ("apache module enabled " ++ modname)
|
|
|
|
`requires` installed
|
|
|
|
`onChange` reloaded
|
|
|
|
disable = check isenabled $
|
|
|
|
cmdProperty "a2dismod" ["--quiet", modname]
|
|
|
|
`describe` ("apache module disabled " ++ modname)
|
|
|
|
`requires` installed
|
|
|
|
`onChange` reloaded
|
|
|
|
isenabled = boolSystem "a2query" [Param "-q", Param "-m", Param modname]
|
2014-04-13 18:36:19 +00:00
|
|
|
|
2014-07-22 19:25:07 +00:00
|
|
|
-- This is a list of config files because different versions of apache
|
2014-10-31 21:47:52 +00:00
|
|
|
-- use different filenames. Propellor simply writes them all.
|
2014-07-22 19:25:07 +00:00
|
|
|
siteCfg :: HostName -> [FilePath]
|
|
|
|
siteCfg hn =
|
|
|
|
-- Debian pre-2.4
|
|
|
|
[ "/etc/apache2/sites-available/" ++ hn
|
|
|
|
-- Debian 2.4+
|
|
|
|
, "/etc/apache2/sites-available/" ++ hn ++ ".conf"
|
|
|
|
]
|
2014-04-13 18:36:19 +00:00
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
installed :: Property NoInfo
|
2014-04-13 18:36:19 +00:00
|
|
|
installed = Apt.installed ["apache2"]
|
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
restarted :: Property NoInfo
|
2014-09-23 17:19:26 +00:00
|
|
|
restarted = Service.restarted "apache2"
|
2014-04-13 18:01:30 +00:00
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
reloaded :: Property NoInfo
|
2014-04-13 18:36:19 +00:00
|
|
|
reloaded = Service.reloaded "apache2"
|
2014-04-14 01:04:34 +00:00
|
|
|
|
|
|
|
-- | Configure apache to use SNI to differentiate between
|
|
|
|
-- https hosts.
|
2015-01-25 02:38:10 +00:00
|
|
|
multiSSL :: Property NoInfo
|
2014-04-14 01:04:34 +00:00
|
|
|
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
|
|
|
|
[ "NameVirtualHost *:443"
|
|
|
|
, "SSLStrictSNIVHostCheck off"
|
|
|
|
]
|
|
|
|
`describe` "apache SNI enabled"
|
|
|
|
`onChange` reloaded
|
2014-07-22 20:40:11 +00:00
|
|
|
|
|
|
|
-- | Config file fragment that can be inserted into a <Directory>
|
|
|
|
-- stanza to allow global read access to the directory.
|
|
|
|
--
|
|
|
|
-- Works with multiple versions of apache that have different ways to do
|
|
|
|
-- it.
|
|
|
|
allowAll :: String
|
|
|
|
allowAll = unlines
|
|
|
|
[ "<IfVersion < 2.4>"
|
|
|
|
, "Order allow,deny"
|
|
|
|
, "allow from all"
|
|
|
|
, "</IfVersion>"
|
|
|
|
, "<IfVersion >= 2.4>"
|
|
|
|
, "Require all granted"
|
|
|
|
, "</IfVersion>"
|
|
|
|
]
|