[enh] ssl start of implementation
This commit is contained in:
Benjamin Sonntag
parent
6e9c3c3c63
commit
7ec1d068c8
|
|
@ -1 +0,0 @@
|
|||
/var/run/alternc-ssl IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
|
||||
|
|
@ -222,6 +222,9 @@ CREATE TABLE IF NOT EXISTS sub_domaines (
|
|||
web_action enum ('OK','UPDATE','DELETE') NOT NULL default 'UPDATE',
|
||||
web_result varchar(255) not null default '',
|
||||
enable enum ('ENABLED', 'ENABLE', 'DISABLED', 'DISABLE') NOT NULL DEFAULT 'ENABLED',
|
||||
`certificate_id` INT UNSIGNED NOT NULL DEFAULT '0',
|
||||
`provider` VARCHAR(16) NOT NULL DEFAULT '',
|
||||
`https` VARCHAR(4) NOT NULL, -- SET(http,https,both) (also the suffix of the template name in /etc/alternc/templates/apache2/)
|
||||
PRIMARY KEY (id)
|
||||
-- ,FOREIGN KEY (type) REFERENCES (domaines_type)
|
||||
) ENGINE=InnoDB;
|
||||
|
|
@ -471,6 +474,7 @@ CREATE TABLE IF NOT EXISTS `domaines_type` (
|
|||
`advanced` BOOLEAN DEFAULT TRUE, -- It's an advanced option
|
||||
`create_tmpdir` BOOLEAN NOT NULL DEFAULT FALSE, -- do we create tmp dir ?
|
||||
`create_targetdir` BOOLEAN NOT NULL DEFAULT FALSE, -- do we create target dir ?
|
||||
`has_https_option` BOOLEAN NOT NULL DEFAULT FALSE, -- shall we show the http/https/both dropdown ?
|
||||
PRIMARY KEY ( `name` )
|
||||
) ENGINE=InnoDB COMMENT = 'Type of domains allowed';
|
||||
|
||||
|
|
@ -767,16 +771,11 @@ CREATE TABLE IF NOT EXISTS `csrf` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='csrf tokens for AlternC forms';
|
||||
|
||||
|
||||
-- make it re-exec-proof
|
||||
DELETE FROM alternc_status WHERE name='alternc_version';
|
||||
INSERT INTO alternc_status SET name='alternc_version',value='3.4.8.sql';
|
||||
|
||||
-- SSL managment
|
||||
CREATE TABLE `certificates` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`uid` int(10) unsigned NOT NULL,
|
||||
`status` tinyint(3) unsigned NOT NULL,
|
||||
`shared` tinyint(3) unsigned NOT NULL,
|
||||
`fqdn` varchar(255) NOT NULL,
|
||||
`altnames` text NOT NULL,
|
||||
`validstart` datetime NOT NULL,
|
||||
|
|
@ -785,28 +784,13 @@ CREATE TABLE `certificates` (
|
|||
`sslkey` text NOT NULL,
|
||||
`sslcrt` text NOT NULL,
|
||||
`sslchain` text NOT NULL,
|
||||
`ssl_action` varchar(32) NOT NULL,
|
||||
`ssl_result` varchar(32) NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `uid` (`uid`),
|
||||
KEY `ssl_action` (`ssl_action`)
|
||||
KEY `uid` (`uid`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `certif_alias` (
|
||||
`name` varchar(255) NOT NULL,
|
||||
`content` text NOT NULL,
|
||||
`uid` int(10) unsigned NOT NULL,
|
||||
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
PRIMARY KEY (`name`),
|
||||
KEY `uid` (`uid`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Global aliases defined for SSL certificates FILE validation processes';
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `certif_hosts` (
|
||||
`certif` int(10) unsigned NOT NULL,
|
||||
`sub` int(10) unsigned NOT NULL,
|
||||
`uid` int(10) unsigned NOT NULL,
|
||||
PRIMARY KEY (`certif`,`sub`),
|
||||
KEY `uid` (`uid`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='VHosts of a user using defined or self-signed certificates';
|
||||
|
||||
INSERT IGNORE INTO defquotas VALUES ('ssl', 0, 'default');
|
||||
|
||||
|
||||
-- make it re-exec-proof
|
||||
DELETE FROM alternc_status WHERE name='alternc_version';
|
||||
INSERT INTO alternc_status SET name='alternc_version',value='3.5.0.2.php';
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
|
||||
DROP TABLE `certif_alias`;
|
||||
ALTER TABLE `certificates` DROP `shared`, DROP `ssl_action`, DROP `ssl_result`;
|
||||
|
||||
ALTER TABLE `sub_domaines`
|
||||
ADD `certificate_id` INT UNSIGNED NOT NULL DEFAULT '0' AFTER `enable`,
|
||||
ADD `provider` VARCHAR(16) NOT NULL DEFAULT '' AFTER `certificate_id`,
|
||||
ADD `https` VARCHAR(4) NOT NULL AFTER `provider`; -- SET(http,https,both) (also the suffix of the template name in /etc/alternc/templates/apache2/)
|
||||
|
||||
ALTER TABLE `domaines_type`
|
||||
ADD `has_https_option` BOOLEAN NOT NULL DEFAULT FALSE AFTER `create_targetdir`;
|
||||
|
||||
UPDATE `domaines_type` SET `has_https_option`=1 WHERE name='vhost';
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
<?php
|
||||
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
rm -f /var/run/alternc-ssl/generate_certif_alias
|
||||
|
||||
# Launched by incron when /tmp/generate_certif_alias exists
|
||||
# regenerate the list of global aliases used by Comodo for certificate ownership validation
|
||||
# FIXME: how do we lock that, ensuring we don't launch this more than once ?
|
||||
APACHECONF=/etc/apache2/conf.d/alternc-ssl_cert-alias.conf
|
||||
TMP=/tmp/alternc-ssl_cert-alias_${$}.tmp
|
||||
FILEDIR=/var/lib/alternc/ssl-cert-alias
|
||||
|
||||
|
||||
rm -f "$TMP"
|
||||
mkdir -p "$FILEDIR"
|
||||
|
||||
echo "# this file is autogenerated from /usr/lib/alternc/ssl_alias_manager.sh" >$TMP
|
||||
echo "# Please do not edit, your changes will be overwritten" >>$TMP
|
||||
|
||||
mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "SELECT name,content FROM certif_alias;" | while read name content
|
||||
do
|
||||
echo "alias /$name ${FILEDIR}/${name}" >>$TMP
|
||||
echo "$content" >"${FILEDIR}/${name}"
|
||||
done
|
||||
if ! diff -q "$TMP" "$APACHECONF"
|
||||
then
|
||||
mv -f "$TMP" "$APACHECONF"
|
||||
service apache2 reload
|
||||
else
|
||||
rm -f "$TMP"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue