]> git.ipfire.org Git - ipfire-2.x.git/blob - src/initscripts/system/apache
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
suricata: Change midstream policy to "pass-flow"
[ipfire-2.x.git] / src / initscripts / system / apache
1 #!/bin/sh
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 . /etc/sysconfig/rc
23 . $rc_functions
24
25 generate_certificates() {
26 if [ ! -f "/etc/httpd/server.key" ]; then
27 boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
28 openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
29 chmod 600 /etc/httpd/server.key
30 evaluate_retval
31 fi
32
33 if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
34 boot_mesg "Generating HTTPS ECDSA server key..."
35 openssl ecparam -genkey -name secp384r1 -noout \
36 -out /etc/httpd/server-ecdsa.key &>/dev/null
37 chmod 600 /etc/httpd/server-ecdsa.key
38 evaluate_retval
39 fi
40
41 # Generate RSA CSR
42 if [ ! -f "/etc/httpd/server.csr" ]; then
43 sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
44 openssl req -new -key /etc/httpd/server.key \
45 -out /etc/httpd/server.csr &>/dev/null
46 fi
47
48 # Generate ECDSA CSR
49 if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
50 sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
51 openssl req -new -key /etc/httpd/server-ecdsa.key \
52 -out /etc/httpd/server-ecdsa.csr &>/dev/null
53 fi
54
55 if [ ! -f "/etc/httpd/server.crt" ]; then
56 boot_mesg "Signing RSA certificate..."
57 openssl x509 -req -days 999999 -sha256 \
58 -in /etc/httpd/server.csr \
59 -signkey /etc/httpd/server.key \
60 -out /etc/httpd/server.crt &>/dev/null
61 evaluate_retval
62 fi
63
64 if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
65 boot_mesg "Signing ECDSA certificate..."
66 openssl x509 -req -days 999999 -sha256 \
67 -in /etc/httpd/server-ecdsa.csr \
68 -signkey /etc/httpd/server-ecdsa.key \
69 -out /etc/httpd/server-ecdsa.crt &>/dev/null
70 evaluate_retval
71 fi
72 }
73
74 case "$1" in
75 start)
76 # Generate all required certificates
77 generate_certificates
78
79 # Update hostname
80 echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
81
82 boot_mesg "Starting Apache daemon..."
83 /usr/sbin/apachectl -k start
84 evaluate_retval
85 ;;
86
87 stop)
88 boot_mesg "Stopping Apache daemon..."
89 /usr/sbin/apachectl -k stop
90 evaluate_retval
91 ;;
92
93 restart)
94 $0 stop
95 $0 start
96 ;;
97
98 reload)
99 boot_mesg "Reloading Apache daemon..."
100 /usr/sbin/apachectl -k graceful
101 evaluate_retval
102 ;;
103
104 status)
105 statusproc /usr/sbin/httpd
106 ;;
107
108 *)
109 echo "Usage: $0 {start|stop|restart|status}"
110 exit 1
111 ;;
112 esac
IPFire 2.x development tree