[ipfire-2.x.git] / src / initscripts / system / apache

#!/bin/sh
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /etc/sysconfig/rc
. $rc_functions

generate_certificates() {
	if [ ! -f "/etc/httpd/server.key" ]; then
		boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
		chmod 600 /etc/httpd/server.key
		evaluate_retval
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
		boot_mesg "Generating HTTPS ECDSA server key..."
		openssl ecparam -genkey -name secp384r1 -noout \
			-out /etc/httpd/server-ecdsa.key &>/dev/null
		chmod 600 /etc/httpd/server-ecdsa.key
		evaluate_retval
	fi

	# Generate RSA CSR
	if [ ! -f "/etc/httpd/server.csr" ]; then
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
			openssl req -new -key /etc/httpd/server.key \
				-out /etc/httpd/server.csr &>/dev/null
	fi

	# Generate ECDSA CSR
	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
			openssl req -new -key /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.csr &>/dev/null
	fi

	if [ ! -f "/etc/httpd/server.crt" ]; then
		boot_mesg "Signing RSA certificate..."
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server.csr \
			-signkey /etc/httpd/server.key \
			-out /etc/httpd/server.crt &>/dev/null
		evaluate_retval
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
		boot_mesg "Signing ECDSA certificate..."
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server-ecdsa.csr \
			-signkey /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.crt &>/dev/null
		evaluate_retval
	fi
}

case "$1" in
	start)
		# Generate all required certificates
		generate_certificates

		# Update hostname
		echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf

		boot_mesg "Starting Apache daemon..."
		/usr/sbin/apachectl -k start
		evaluate_retval
		;;

	stop)
		boot_mesg "Stopping Apache daemon..."
		/usr/sbin/apachectl -k stop
		evaluate_retval
		;;

	restart)
		$0 stop
		$0 start
		;;

	reload)
		boot_mesg "Reloading Apache daemon..."
		/usr/sbin/apachectl -k graceful
		evaluate_retval
		;;

	status)
		statusproc /usr/sbin/httpd
		;;

	*)
		echo "Usage: $0 {start|stop|restart|status}"
		exit 1
		;;
esac
Commit	Line	Data
23104841	1	#!/bin/sh
66c36198 PM	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
23104841	21
23104841 MT	22	. /etc/sysconfig/rc
	23	. $rc_functions
	24
9064ba72 AF	25	generate_certificates() {
	26	if [ ! -f "/etc/httpd/server.key" ]; then
	27	boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
	28	openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
d4092860	29	chmod 600 /etc/httpd/server.key
9064ba72 AF	30	evaluate_retval
	31	fi
	32
	33	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
	34	boot_mesg "Generating HTTPS ECDSA server key..."
	35	openssl ecparam -genkey -name secp384r1 -noout \
	36	-out /etc/httpd/server-ecdsa.key &>/dev/null
d4092860	37	chmod 600 /etc/httpd/server-ecdsa.key
9064ba72 AF	38	evaluate_retval
	39	fi
	40
	41	# Generate RSA CSR
	42	if [ ! -f "/etc/httpd/server.csr" ]; then
	43	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams \| \
	44	openssl req -new -key /etc/httpd/server.key \
	45	-out /etc/httpd/server.csr &>/dev/null
	46	fi
	47
	48	# Generate ECDSA CSR
	49	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
	50	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams \| \
	51	openssl req -new -key /etc/httpd/server-ecdsa.key \
	52	-out /etc/httpd/server-ecdsa.csr &>/dev/null
	53	fi
	54
	55	if [ ! -f "/etc/httpd/server.crt" ]; then
	56	boot_mesg "Signing RSA certificate..."
	57	openssl x509 -req -days 999999 -sha256 \
	58	-in /etc/httpd/server.csr \
	59	-signkey /etc/httpd/server.key \
	60	-out /etc/httpd/server.crt &>/dev/null
	61	evaluate_retval
	62	fi
	63
	64	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
	65	boot_mesg "Signing ECDSA certificate..."
	66	openssl x509 -req -days 999999 -sha256 \
	67	-in /etc/httpd/server-ecdsa.csr \
	68	-signkey /etc/httpd/server-ecdsa.key \
	69	-out /etc/httpd/server-ecdsa.crt &>/dev/null
	70	evaluate_retval
	71	fi
	72	}
	73
23104841 MT	74	case "$1" in
23104841 MT	75	start)
9064ba72 AF	76	# Generate all required certificates
	77	generate_certificates
	78
6723afef MT	79	# Update hostname
	80	echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
	81
75474c3c	82	boot_mesg "Starting Apache daemon..."
23104841 MT	83	/usr/sbin/apachectl -k start
	84	evaluate_retval
	85	;;
	86
	87	stop)
	88	boot_mesg "Stopping Apache daemon..."
c7b8f363	89	/usr/sbin/apachectl -k stop
23104841 MT	90	evaluate_retval
	91	;;
	92
	93	restart)
c7b8f363 MT	94	$0 stop
c7b8f363 MT	95	$0 start
23104841	96	;;
66c36198	97
256575b3 CS	98	reload)
	99	boot_mesg "Reloading Apache daemon..."
	100	/usr/sbin/apachectl -k graceful
	101	evaluate_retval
	102	;;
23104841 MT	103
	104	status)
	105	statusproc /usr/sbin/httpd
	106	;;
	107
	108	*)
	109	echo "Usage: $0 {start\|stop\|restart\|status}"
	110	exit 1
	111	;;
	112	esac