From ee39a098acb2386abd5382de5c9476cc4ffe2e03 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 7 Apr 2020 18:31:51 +0200 Subject: apache: normalize installation (docs and script)s over all distros Signed-off-by: Markus Heiser --- utils/filtron.sh | 8 +- utils/lib.sh | 119 +++++++++++++++++---- utils/lxc.sh | 9 +- utils/makefile.include | 4 +- utils/morty.sh | 9 +- utils/searx.sh | 30 +++--- utils/templates/etc/apache2 | 1 + .../etc/apache2/sites-available/morty.conf | 26 ----- .../etc/apache2/sites-available/searx.conf:filtron | 33 ------ .../etc/apache2/sites-available/searx.conf:uwsgi | 27 ----- .../templates/etc/httpd/sites-available/morty.conf | 28 +++++ .../etc/httpd/sites-available/searx.conf:filtron | 33 ++++++ .../etc/httpd/sites-available/searx.conf:uwsgi | 27 +++++ 13 files changed, 211 insertions(+), 143 deletions(-) create mode 120000 utils/templates/etc/apache2 delete mode 100644 utils/templates/etc/apache2/sites-available/morty.conf delete mode 100644 utils/templates/etc/apache2/sites-available/searx.conf:filtron delete mode 100644 utils/templates/etc/apache2/sites-available/searx.conf:uwsgi create mode 100644 utils/templates/etc/httpd/sites-available/morty.conf create mode 100644 utils/templates/etc/httpd/sites-available/searx.conf:filtron create mode 100644 utils/templates/etc/httpd/sites-available/searx.conf:uwsgi (limited to 'utils') diff --git a/utils/filtron.sh b/utils/filtron.sh index 6c58b07a2..0fbf74787 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -441,14 +441,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SIT ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to continue?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - a2enmod headers - a2enmod proxy - a2enmod proxy_http - echo apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}" diff --git a/utils/lib.sh b/utils/lib.sh index aaeb5093b..2c0c179bb 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -627,21 +627,56 @@ EOF # Apache # ------ -# FIXME: Arch Linux & RHEL should be added +apache_distro_setup() { + # shellcheck disable=SC2034 + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + # debian uses the /etc/apache2 path, while other distros use + # the apache default at /etc/httpd + APACHE_SITES_AVAILABLE="/etc/apache2/sites-available" + APACHE_SITES_ENABLED="/etc/apache2/sites-enabled" + APACHE_MODULES="/usr/lib/apache2/modules" + APACHE_PACKAGES="apache2" + ;; + arch-*) + APACHE_SITES_AVAILABLE="/etc/httpd/sites-available" + APACHE_SITES_ENABLED="/etc/httpd/sites-enabled" + APACHE_MODULES="modules" + APACHE_PACKAGES="apache" + ;; + fedora-*) + APACHE_SITES_AVAILABLE="/etc/httpd/sites-available" + APACHE_SITES_ENABLED="/etc/httpd/sites-enabled" + APACHE_MODULES="modules" + APACHE_PACKAGES="httpd" + ;; + *) + err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented" + ;; + esac +} -if [[ -z "${APACHE_SITES_AVAILABE}" ]]; then - APACHE_SITES_AVAILABE="/etc/apache2/sites-available" -fi +apache_distro_setup -apache_is_installed() { +install_apache(){ + info_msg "installing apache ..." + pkg_install "$APACHE_PACKAGES" case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) - (command -v apachectl \ - && command -v a2ensite \ - && command -v a2dissite ) &>/dev/null + arch-*|fedora-*) + if ! grep "IncludeOptional sites-enabled" "/etc/httpd/conf/httpd.conf"; then + echo "IncludeOptional sites-enabled/*.conf" >> "/etc/httpd/conf/httpd.conf" + fi + systemctl enable httpd + systemctl start httpd ;; - arch) (command -v httpd) ;; - fedora) (command -v httpd) ;; + esac +} + +apache_is_installed() { + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) (command -v apachectl) &>/dev/null;; + arch-*) (command -v httpd) &>/dev/null;; + fedora-*) (command -v httpd) &>/dev/null;; esac } @@ -649,8 +684,16 @@ apache_reload() { info_msg "reload apache .." echo - sudo -H apachectl configtest - sudo -H service apache2 force-reload + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H apachectl configtest + sudo -H systemctl force-reload apache2 + ;; + arch-*| fedora-*) + sudo -H httpd -t + sudo -H systemctl force-reload httpd + ;; + esac } apache_install_site() { @@ -670,9 +713,8 @@ apache_install_site() { done install_template "${template_opts[@]}" \ - "${APACHE_SITES_AVAILABE}/${pos_args[1]}" \ + "${APACHE_SITES_AVAILABLE}/${pos_args[1]}" \ root root 644 - apache_enable_site "${pos_args[1]}" info_msg "installed apache site: ${pos_args[1]}" } @@ -683,15 +725,32 @@ apache_remove_site() { info_msg "remove apache site: $1" apache_dissable_site "$1" - rm -f "${APACHE_SITES_AVAILABE}/$1" + rm -f "${APACHE_SITES_AVAILABLE}/$1" } apache_enable_site() { # usage: apache_enable_site - info_msg "enable apache site: $1" - sudo -H a2ensite -q "$1" + local CONF="$1" + + info_msg "enable apache site: ${CONF}" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H a2ensite -q "${CONF}" + ;; + arch-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + fedora-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + esac apache_reload } @@ -699,9 +758,25 @@ apache_dissable_site() { # usage: apache_disable_site - info_msg "disable apache site: $1" - sudo -H a2dissite -q "$1" - apache_reload + local CONF="$1" + + info_msg "disable apache site: ${CONF}" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H a2dissite -q "${CONF}" + ;; + arch-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + fedora-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + esac } # uWSGI @@ -741,7 +816,7 @@ uWSGI_distro_setup() { uWSGI_GROUP="uwsgi" ;; *) - info_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented" + err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented" ;; esac } diff --git a/utils/lxc.sh b/utils/lxc.sh index 9eb28f498..6a26f80eb 100755 --- a/utils/lxc.sh +++ b/utils/lxc.sh @@ -98,7 +98,7 @@ start/stop show :info: show info of all (or ) containers from LXC suite :config: show config of all (or ) containers from the LXC suite - :suite: show services of all the containers from the LXC suite + :suite: show services of all (or ) containers from the LXC suite :images: show information of local images cmd use single qoutes to evaluate in container's bash, e.g. 'echo $(hostname)' @@ -294,11 +294,9 @@ main() { build_all_containers() { rst_title "Build all LXC containers of suite" + echo usage_containers lxc_copy_images_localy - echo - rst_title "build containers" section - echo lxc_init_all_containers lxc_config_all_containers lxc_boilerplate_all_containers @@ -368,7 +366,6 @@ remove_containers() { lxc_copy_images_localy() { rst_title "copy images" section - echo for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}" done @@ -477,7 +474,7 @@ lxc_init_all_containers() { local container_name for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${image_name}" + lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" done } diff --git a/utils/makefile.include b/utils/makefile.include index 933d2b57a..65aca70f0 100644 --- a/utils/makefile.include +++ b/utils/makefile.include @@ -1,9 +1,11 @@ # -*- coding: utf-8; mode: makefile-gmake -*- ifeq (,$(wildcard /.lxcenv.mk)) -PHONY += lxc-activate +PHONY += lxc-activate lxc-purge lxc-activate: @$(MAKE) -s -f /share/searx/utils/makefile.lxc lxc-activate +lxc-purge: + $(Q)rm -rf ./lxc else include /.lxcenv.mk endif diff --git a/utils/morty.sh b/utils/morty.sh index 17039a05e..4de411999 100755 --- a/utils/morty.sh +++ b/utils/morty.sh @@ -402,15 +402,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE} ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to continue?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - a2enmod headers - a2enmod proxy - a2enmod proxy_http - - echo apache_install_site "${APACHE_MORTY_SITE}" info_msg "testing public url .." diff --git a/utils/searx.sh b/utils/searx.sh index 86b651696..6a8588c23 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -75,21 +75,23 @@ texlive-xetex-bin texlive-collection-fontsrecommended texlive-collection-latex dejavu-sans-fonts dejavu-serif-fonts dejavu-sans-mono-fonts" -case $DIST_ID in - ubuntu|debian) +case $DIST_ID-$DIST_VERS in + ubuntu-16.04|ubuntu-18.04) SEARX_PACKAGES="${SEARX_PACKAGES_debian}" BUILD_PACKAGES="${BUILD_PACKAGES_debian}" - APACHE_PACKAGES="libapache2-mod-uwsgi" + APACHE_PACKAGES="$APACHE_PACKAGES libapache2-mod-proxy-uwsgi" ;; - arch) + ubuntu-*|debian-*) + SEARX_PACKAGES="${SEARX_PACKAGES_debian}" + BUILD_PACKAGES="${BUILD_PACKAGES_debian}" + ;; + arch-*) SEARX_PACKAGES="${SEARX_PACKAGES_arch}" BUILD_PACKAGES="${BUILD_PACKAGES_arch}" - APACHE_PACKAGES="uwsgi" ;; - fedora) + fedora-*) SEARX_PACKAGES="${SEARX_PACKAGES_fedora}" BUILD_PACKAGES="${BUILD_PACKAGES_fedora}" - APACHE_PACKAGES="uwsgi" ;; esac @@ -462,6 +464,7 @@ EOF wait_key info_msg "install needed python packages" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" +pip install wheel ${SEARX_SRC}/manage.sh update_packages EOF } @@ -735,21 +738,14 @@ This installs the searx uwsgi app as apache site. If your server is public to the internet, you should instead use a reverse proxy (filtron) to block excessively bot queries." - case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) : ;; - *) err_msg "sorry distro $DIST_ID $DIST_VERS not yet supported"; exit 42 ;; - esac - ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - pkg_install "$APACHE_PACKAGES" - a2enmod uwsgi - - echo apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}" if ! service_is_available "${PUBLIC_URL}"; then diff --git a/utils/templates/etc/apache2 b/utils/templates/etc/apache2 new file mode 120000 index 000000000..558a90717 --- /dev/null +++ b/utils/templates/etc/apache2 @@ -0,0 +1 @@ +httpd \ No newline at end of file diff --git a/utils/templates/etc/apache2/sites-available/morty.conf b/utils/templates/etc/apache2/sites-available/morty.conf deleted file mode 100644 index 4421cdd51..000000000 --- a/utils/templates/etc/apache2/sites-available/morty.conf +++ /dev/null @@ -1,26 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -ProxyPreserveHost On - - - - - SecRuleEngine Off - - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPass http://${MORTY_LISTEN} - RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY} - - # In Apache it seems, that setting HTTP_HOST header directive here does have - # no effect. I needed to set 'ProxyPreserveHost On' (see above). - - # RequestHeader set Host ${PUBLIC_HOST} - - diff --git a/utils/templates/etc/apache2/sites-available/searx.conf:filtron b/utils/templates/etc/apache2/sites-available/searx.conf:filtron deleted file mode 100644 index 2d6af7889..000000000 --- a/utils/templates/etc/apache2/sites-available/searx.conf:filtron +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -ProxyPreserveHost On - -# SecRuleRemoveById 981054 -# SecRuleRemoveById 981059 -# SecRuleRemoveById 981060 -# SecRuleRemoveById 950907 - - - - - SecRuleEngine Off - - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPass http://${FILTRON_LISTEN} - RequestHeader set X-Script-Name ${FILTRON_URL_PATH} - - # In Apache it seems, that setting HTTP_HOST header directive here does have - # no effect. I needed to set 'ProxyPreserveHost On' (see above). HTTP_HOST - # (ProxyPreserveHost On) is needed by searx to render correct *Search URL* - # in the *Link* box and *saved preference*. - - # RequestHeader set Host ${PUBLIC_HOST} - - diff --git a/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi b/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi deleted file mode 100644 index 21e01ac4e..000000000 --- a/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - - - - # SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog - # CustomLog /dev/null combined env=dontlog - - - - - SecRuleEngine Off - - - Require all granted - - Options FollowSymLinks Indexes - SetHandler uwsgi-handler - uWSGISocket ${SEARX_UWSGI_SOCKET} - - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - - - diff --git a/utils/templates/etc/httpd/sites-available/morty.conf b/utils/templates/etc/httpd/sites-available/morty.conf new file mode 100644 index 000000000..326fcc755 --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/morty.conf @@ -0,0 +1,28 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so +#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog +# CustomLog /dev/null combined env=dontlog + + + + + SecRuleEngine Off + + + Require all granted + + Order deny,allow + Deny from all + #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass http://${MORTY_LISTEN} + RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY} + + diff --git a/utils/templates/etc/httpd/sites-available/searx.conf:filtron b/utils/templates/etc/httpd/sites-available/searx.conf:filtron new file mode 100644 index 000000000..11dd360bc --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/searx.conf:filtron @@ -0,0 +1,33 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so +#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog + +# SecRuleRemoveById 981054 +# SecRuleRemoveById 981059 +# SecRuleRemoveById 981060 +# SecRuleRemoveById 950907 + + + + + SecRuleEngine Off + + + Require all granted + + Order deny,allow + Deny from all + #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass http://${FILTRON_LISTEN} + RequestHeader set X-Script-Name ${FILTRON_URL_PATH} + + diff --git a/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi b/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi new file mode 100644 index 000000000..ef702de3a --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi @@ -0,0 +1,27 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so +# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog + + + + + SecRuleEngine Off + + + Require all granted + + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/ + + -- cgit v1.2.3-54-g00ecf