[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /rewrites loncapa_rewrite_off.conf loncapa_rewrite_on.conf doc/loncapafiles loncapafiles.lpml webserver.piml
raeburn
raeburn@source.lon-capa.org
Thu, 26 May 2011 01:05:47 -0000
This is a MIME encoded message
--raeburn1306371947
Content-Type: text/plain
raeburn Thu May 26 01:05:47 2011 EDT
Added files:
/loncom/rewrites loncapa_rewrite_on.conf loncapa_rewrite_off.conf
Modified files:
/doc/loncapafiles webserver.piml loncapafiles.lpml
/loncom loncapa_apache.conf
Log:
- Bug 5925.
- Support for rewriting of http:// to https:// for external web requests
if mod_ssl and mod_rewrite enabled. Default is: Rewrite off.
- webserver.piml
- Update description to accommodate additional distros.
- Error message generated if Apache config file is missing tailored to
distro.
- Compare LON-CAPA config file to rewrite: http:// -> https:// with
default files (rewrite Off and rewrite On); report if neither matches.
- loncapafiles.lpml
- Only need /etc/httpd/conf directory for CentOS/Red Hat/SL/Fedora
- Default files for rewrites Off and rewrites On in loncom/rewrites
- loncapa_apache.conf
- Include conf/loncapa_rewrite.conf to support rewrite.
--raeburn1306371947
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20110526010547.txt"
Index: doc/loncapafiles/webserver.piml
diff -u doc/loncapafiles/webserver.piml:1.31 doc/loncapafiles/webserver.piml:1.32
--- doc/loncapafiles/webserver.piml:1.31 Sun Feb 27 18:54:59 2011
+++ doc/loncapafiles/webserver.piml Thu May 26 01:05:41 2011
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- webserver.piml -->
-<!-- $Id: webserver.piml,v 1.31 2011/02/27 18:54:59 raeburn Exp $ -->
+<!-- $Id: webserver.piml,v 1.32 2011/05/26 01:05:41 raeburn Exp $ -->
<!--
@@ -48,7 +48,7 @@
<target dist='suse9.2 suse9.3 sles9'>/etc/httpd/httpd.conf</target>
<target dist='sles10 sles11 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4'>/etc/apache2/default-server.conf</target>
<target dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10'>/etc/apache2/sites-available/loncapa</target>
-<note>This is for Apache 1.X for Red Hat, Fedora 2,3 and 4, and SusSE 9.2, 9.3 and SLES 9 distributions. This is for Apache 2.X for Fedora 5 and later, and SuSE 10.X, 11.X and SLES 10 distributions, and Debian 5, Ubuntu 6 and Ubuntu 8 LTS distributions</note>
+<note>This is for Apache 1.X for Red Hat 4ES, Fedora 2, 3 and 4, SusSE 9.2 and 9.3, and SLES 9 distributions. This is for Apache 2.X for Fedora 5, Red Hat 5, CentOS 5, Scientific Linux 5, SuSE 10.1, SLES 10, Debian 5, Ubuntu LTS 8 and later distributions</note>
<dependencies dist='default'>
/etc/httpd/conf/httpd.conf
</dependencies>
@@ -69,7 +69,8 @@
exit(1);
}
else {
- # Append loncapa_apache.conf inclusion to httpd.conf (or sites/available/loncapa) if not present.
+ # Append loncapa_apache.conf inclusion to httpd.conf
+ # (or sites-available/loncapa) if not present.
$flag=0;
open(IN,'<<TARGET />');
while (<IN>) {
@@ -126,15 +127,69 @@
}
close(IN);
if ($scriptalias_flag==1) {
- print('**** ERROR **** /etc/httpd/conf/httpd.conf has an overlapping definition of '.
- 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n".
- 'This conflicts with loncapa_apache.conf.'."\n");
+ my $conffile = '/etc/httpd/conf/httpd.conf';
+ if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
+ || '<DIST />' eq 'sles9') {
+ $conffile = '/etc/httpd/httpd.conf';
+ } elsif ('<DIST />' =~ /^(suse|sles)/) {
+ $conffile = '/etc/apache2/default-server.conf';
+ } elsif ('<DIST />' =~ /^(debian|ubuntu)/) {
+ $conffile = '/etc/apache2/sites-available/loncapa';
+ }
+ print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
+ 'ScriptAlias (it is incorrectly set to '.$scriptalias.').'."\n".
+ 'This conflicts with loncapa_apache.conf.'."\n");
}
if ($documentroot_flag==1) {
- print('**** ERROR **** /etc/httpd/conf/httpd.conf has an overlapping definition of '.
- 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n".
- 'This conflicts with loncapa_apache.conf.'."\n");
+ print('**** ERROR **** '.$conffile.' has an overlapping definition of '.
+ 'DocumentRoot (it is incorrectly set to '.$documentroot.').'."\n".
+ 'This conflicts with loncapa_apache.conf.'."\n");
}
+
+# Checking for rewrites of http:// to https://
+ my $rewrite_dir = '/etc/httpd/conf/rewrites';
+ my $curr_rewrite = '/etc/httpd/conf/loncapa_rewrite.conf';
+ if ('<DIST />' eq 'suse9.2' || '<DIST />' eq 'suse9.3'
+ || '<DIST />' eq 'sles9') {
+ $rewrite_dir = '/etc/httpd/rewrites/';
+ $curr_rewrite = '/etc/httpd/loncapa_rewrite.conf';
+ } elsif ('<DIST />' =~ /^(suse|sles|debian|ubuntu)/) {
+ $rewrite_dir = '/etc/apache2/rewrites';
+ $curr_rewrite = '/etc/apache2/loncapa_rewrite.conf';
+ }
+ my $rewrite_off = $rewrite_dir.'/loncapa_rewrite_off.conf';
+ my $rewrite_on = $rewrite_dir.'/loncapa_rewrite_on.conf';
+ if (!-e $curr_rewrite) {
+ system("cp $rewrite_off $curr_rewrite");
+ chmod(0644, $curr_rewrite);
+ } else {
+ my ($not_rewrite_on,$not_rewrite_off);
+ if (open(PIPE, "diff --brief $rewrite_off $curr_rewrite |")) {
+ my $diffres = <PIPE> ;
+ close(PIPE);
+ chomp($diffres);
+ if ($diffres) {
+ $not_rewrite_off = 1;
+ }
+ }
+ if (open(PIPE, "diff --brief $rewrite_on $curr_rewrite |")) {
+ my $diffres = <PIPE> ;
+ close(PIPE);
+ chomp($diffres);
+ if ($diffres) {
+ $not_rewrite_on = 1;
+ }
+ }
+ unless ($not_rewrite_off || $not_rewrite_on) {
+ print('**** WARNING **** '.$curr_rewrite.' does not match '.
+ 'either: '.$rewrite_on.' - the file used to enable rewriting '.
+ 'of requests for http:// to https:// or: '.$rewrite_off.
+ ' - the file used to disable such rewriting'."\n\n".
+ 'This may be because '. $curr_rewrite.' has been '.
+ 'previously customized, or it may be because of a change '.
+ 'to the files in '.$rewrite_dir."\n");
+ }
+ }
}
</perlscript>
</file>
Index: doc/loncapafiles/loncapafiles.lpml
diff -u doc/loncapafiles/loncapafiles.lpml:1.748 doc/loncapafiles/loncapafiles.lpml:1.749
--- doc/loncapafiles/loncapafiles.lpml:1.748 Tue May 24 14:13:24 2011
+++ doc/loncapafiles/loncapafiles.lpml Thu May 26 01:05:41 2011
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/lpml.dtd">
<!-- loncapafiles.lpml -->
-<!-- $Id: loncapafiles.lpml,v 1.748 2011/05/24 14:13:24 raeburn Exp $ -->
+<!-- $Id: loncapafiles.lpml,v 1.749 2011/05/26 01:05:41 raeburn Exp $ -->
<!--
@@ -250,10 +250,22 @@
<directory dist='default'>
<protectionlevel>never_delete</protectionlevel>
<targetdir dist='default'>etc/httpd/conf</targetdir>
+ <targetdir dist='suse9.2 suse9.3 sles9'>etc/httpd</targetdir>
+ <targetdir dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 suse9.2 suse9.3 sles9 sles10 sles11 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4'>etc/apache2</targetdir>
<categoryname>standard</categoryname>
<description>web configuration files</description>
</directory>
<directory dist='default'>
+ <protectionlevel>modest_delete</protectionlevel>
+ <targetdir dist='default'>etc/httpd/conf/rewrites</targetdir>
+ <targetdir dist='suse9.2 suse9.3 sles9'>etc/httpd/rewrites</targetdir>
+ <targetdir dist='debian5 debian6 ubuntu6 ubuntu8 ubuntu10 suse9.2 suse9.3 sles9 sles10 sles11 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4'>etc/apache2/rewrites</targetdir>
+ <categoryname>standard</categoryname>
+ <description>
+ default configuration files to enable/disable http:// -> https:// rewrites
+ </description>
+</directory>
+<directory dist='default'>
<protectionlevel>never_delete</protectionlevel>
<targetdir dist='default'>etc/pam.d</targetdir>
<categoryname>standard</categoryname>
@@ -1006,6 +1018,28 @@
</description>
</link>
<file>
+<source>loncom/rewrites/loncapa_rewrite_on.conf</source>
+<target dist='default'>etc/httpd/conf/rewrites/loncapa_rewrite_on.conf</target>
+<target dist='sles9'>etc/apache/rewrites/loncapa_rewrite_on.conf</target>
+<target dist='sles10 sles11 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 debian5 debian6 ubuntu6 ubuntu8 ubuntu10'>etc/apache2/rewrites/loncapa_rewrite_on.conf</target>
+<categoryname>static conf</categoryname>
+<description>
+File to copy to /etc/apache2/loncapa_rewrite.conf (SuSE/SLES/Debian/Ubuntu LTS) or to /etc/httpd/conf/loncapa_rewrite.conf to enable rewriting of
+external requests for http:// to https://
+</description>
+</file>
+<file>
+<source>loncom/rewrites/loncapa_rewrite_off.conf</source>
+<target dist='default'>etc/httpd/conf/rewrites/loncapa_rewrite_off.conf</target>
+<target dist='sles9'>etc/apache/rewrites/loncapa_rewrite_off.conf</target>
+<target dist='sles10 sles11 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 debian5 debian6 ubuntu6 ubuntu8 ubuntu10'>etc/apache2/rewrites/loncapa_rewrite_off.conf</target>
+<categoryname>static conf</categoryname>
+<description>
+File to copy to /etc/apache2/loncapa_rewrite.conf (SuSE/SLES/Debian/Ubuntu LTS) or to /etc/httpd/conf/loncapa_rewrite.conf to disable rewriting of
+external requests for http:// to https://
+</description>
+</file>
+<file>
<source>loncom/thesaurus/thesaurus.db</source>
<target dist='default'>home/httpd/lonTabs/thesaurus.db</target>
<categoryname>system file</categoryname>
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.203 loncom/loncapa_apache.conf:1.204
--- loncom/loncapa_apache.conf:1.203 Sat Apr 23 16:02:27 2011
+++ loncom/loncapa_apache.conf Thu May 26 01:05:47 2011
@@ -1,7 +1,7 @@
##
## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
##
-## $Id: loncapa_apache.conf,v 1.203 2011/04/23 16:02:27 www Exp $
+## $Id: loncapa_apache.conf,v 1.204 2011/05/26 01:05:47 raeburn Exp $
##
#
@@ -1569,6 +1569,9 @@
#-------------------------------------------------------------------------
+# ====================================== Include support for SSL rewrites
+
+Include conf/loncapa_rewrite.conf
# ====================================== Include machine-specific configuration
Index: loncom/rewrites/loncapa_rewrite_on.conf
+++ loncom/rewrites/loncapa_rewrite_on.conf
<IfModule mod_ssl.c>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_HOST} 127.0.0.1
RewriteRule (.*) - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
</IfModule>
</IfModule>
Index: loncom/rewrites/loncapa_rewrite_off.conf
+++ loncom/rewrites/loncapa_rewrite_off.conf
<IfModule mod_ssl.c>
<IfModule mod_rewrite.c>
RewriteEngine off
RewriteCond %{REMOTE_HOST} 127.0.0.1
RewriteRule (.*) - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
</IfModule>
</IfModule>
--raeburn1306371947--