[ipfire-2.x.git] / src / initscripts / system / apache

#!/bin/sh
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /etc/sysconfig/rc
. $rc_functions

PIDFILE="/var/run/httpd.pid"

generate_certificates() {
	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
		boot_mesg "Generating HTTPS ECDSA server key..."
		openssl ecparam -genkey -name secp384r1 -noout \
			-out /etc/httpd/server-ecdsa.key &>/dev/null
		chmod 600 /etc/httpd/server-ecdsa.key
		evaluate_retval
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
			openssl req -new -key /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.csr &>/dev/null
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
		boot_mesg "Signing ECDSA certificate..."
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server-ecdsa.csr \
			-signkey /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.crt &>/dev/null
		evaluate_retval
	fi
}

case "$1" in
	start)
		# Generate all required certificates
		generate_certificates

		# Update hostname
		echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf

		boot_mesg "Starting Apache daemon..."
		/usr/sbin/apachectl -k start
		evaluate_retval
		;;

	stop)
		boot_mesg "Stopping Apache daemon..."
		killproc /usr/sbin/httpd
		;;

	restart)
		$0 stop
		$0 start
		;;

	reload)
		boot_mesg "Reloading Apache daemon..."
		/usr/sbin/apachectl -k graceful
		evaluate_retval
		;;

	status)
		statusproc /usr/sbin/httpd
		;;

	*)
		echo "Usage: $0 {start|stop|restart|status}"
		exit 1
		;;
esac
Commit	Line	Data
23104841	1	#!/bin/sh
66c36198 PM	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
3b54d037	5	# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
66c36198 PM	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
23104841	21
23104841 MT	22	. /etc/sysconfig/rc
	23	. $rc_functions
	24
1724e5ac MT	25	PIDFILE="/var/run/httpd.pid"
1724e5ac MT	26
9064ba72	27	generate_certificates() {
9064ba72 AF	28	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
	29	boot_mesg "Generating HTTPS ECDSA server key..."
	30	openssl ecparam -genkey -name secp384r1 -noout \
	31	-out /etc/httpd/server-ecdsa.key &>/dev/null
d4092860	32	chmod 600 /etc/httpd/server-ecdsa.key
9064ba72 AF	33	evaluate_retval
	34	fi
	35
9064ba72 AF	36	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
	37	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams \| \
	38	openssl req -new -key /etc/httpd/server-ecdsa.key \
	39	-out /etc/httpd/server-ecdsa.csr &>/dev/null
	40	fi
	41
9064ba72 AF	42	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
	43	boot_mesg "Signing ECDSA certificate..."
	44	openssl x509 -req -days 999999 -sha256 \
	45	-in /etc/httpd/server-ecdsa.csr \
	46	-signkey /etc/httpd/server-ecdsa.key \
	47	-out /etc/httpd/server-ecdsa.crt &>/dev/null
	48	evaluate_retval
	49	fi
	50	}
	51
23104841 MT	52	case "$1" in
23104841 MT	53	start)
9064ba72 AF	54	# Generate all required certificates
	55	generate_certificates
	56
6723afef MT	57	# Update hostname
	58	echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
	59
75474c3c	60	boot_mesg "Starting Apache daemon..."
23104841 MT	61	/usr/sbin/apachectl -k start
	62	evaluate_retval
	63	;;
	64
	65	stop)
	66	boot_mesg "Stopping Apache daemon..."
1724e5ac	67	killproc /usr/sbin/httpd
23104841 MT	68	;;
	69
	70	restart)
c7b8f363 MT	71	$0 stop
c7b8f363 MT	72	$0 start
23104841	73	;;
66c36198	74
256575b3 CS	75	reload)
	76	boot_mesg "Reloading Apache daemon..."
	77	/usr/sbin/apachectl -k graceful
	78	evaluate_retval
	79	;;
23104841 MT	80
	81	status)
	82	statusproc /usr/sbin/httpd
	83	;;
	84
	85	*)
	86	echo "Usage: $0 {start\|stop\|restart\|status}"
	87	exit 1
	88	;;
	89	esac