From d7e7ecf841e7eef8dba77e8bbcf8272c44bc8261 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Thu, 20 Aug 2020 15:28:07 +0200
Subject: [PATCH] added initial apache configuration/setup

---
 CMS/none/Apache-unconfigured                  | 21 ++++++++++++++
 CMS/none/apache-conf.sh                       |  9 ++++++
 CoreModules/apache/apt.list                   |  2 +-
 CoreModules/apache/conf.sh                    | 29 +++++++++++++++++++
 .../apache/config/apache2/conf-custom.conf    |  1 +
 .../apache/config/apache2/site-unconfigured   |  6 ++++
 .../apache/config/apache2/site-wwwredir       |  4 +++
 .../config/apache2/site_ssl-unconfigured      | 16 ++++++++++
 .../apache/config/apache2/site_ssl-wwwredir   | 14 +++++++++
 .../apache/config/apache2/snippets-ssl.conf   |  7 +++++
 CoreModules/apache/preconf.sh                 |  1 +
 CoreModules/apache/reqmodules.sh              |  1 +
 12 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 CMS/none/Apache-unconfigured
 create mode 100644 CMS/none/apache-conf.sh
 create mode 100644 CoreModules/apache/conf.sh
 create mode 100644 CoreModules/apache/config/apache2/conf-custom.conf
 create mode 100644 CoreModules/apache/config/apache2/site-unconfigured
 create mode 100644 CoreModules/apache/config/apache2/site-wwwredir
 create mode 100644 CoreModules/apache/config/apache2/site_ssl-unconfigured
 create mode 100644 CoreModules/apache/config/apache2/site_ssl-wwwredir
 create mode 100644 CoreModules/apache/config/apache2/snippets-ssl.conf
 create mode 100644 CoreModules/apache/preconf.sh
 create mode 100644 CoreModules/apache/reqmodules.sh

diff --git a/CMS/none/Apache-unconfigured b/CMS/none/Apache-unconfigured
new file mode 100644
index 0000000..8c2f065
--- /dev/null
+++ b/CMS/none/Apache-unconfigured
@@ -0,0 +1,21 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/s2_error.log
+#CustomLog ${APACHE_LOG_DIR}/s2_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html;
+
+
+<Directory /var/www/site1.your_domain>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    allow from all
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf
\ No newline at end of file
diff --git a/CMS/none/apache-conf.sh b/CMS/none/apache-conf.sh
new file mode 100644
index 0000000..69bdefc
--- /dev/null
+++ b/CMS/none/apache-conf.sh
@@ -0,0 +1,9 @@
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Apache-unconfigured -O /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/apache/sites-available/"$sitename"_"$site_ext".conf
+mkdir -p /var/www/"$domain"/html
+
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload nginx
\ No newline at end of file
diff --git a/CoreModules/apache/apt.list b/CoreModules/apache/apt.list
index 2cc4251..c05a90a 100644
--- a/CoreModules/apache/apt.list
+++ b/CoreModules/apache/apt.list
@@ -1 +1 @@
-apache2 php-pear libapache2-mod-php phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-apache
\ No newline at end of file
+apache2 libapache2-mod-fcgid python-certbot-apache
\ No newline at end of file
diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh
new file mode 100644
index 0000000..5918e40
--- /dev/null
+++ b/CoreModules/apache/conf.sh
@@ -0,0 +1,29 @@
+systemctl stop apache2
+
+##############
+#   Apache   #
+##############
+
+a2enmod actions fcgid alias proxy_fcgi ssl headers
+
+mkdir -p /etc/apache2/snippets/
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/snippets-ssl.conf -O /etc/apache2/snippets/apa-ssl.conf
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/custom.conf -O /etc/apache2/conf-enabled/custom.conf
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+fi
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+ln -s /etc/apache2/sites-available/"$sitename"_nossl /etc/apache2/sites-enabled/"$sitename".conf
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_ssl.conf
+
+systemctl start apache2
\ No newline at end of file
diff --git a/CoreModules/apache/config/apache2/conf-custom.conf b/CoreModules/apache/config/apache2/conf-custom.conf
new file mode 100644
index 0000000..821b694
--- /dev/null
+++ b/CoreModules/apache/config/apache2/conf-custom.conf
@@ -0,0 +1 @@
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
\ No newline at end of file
diff --git a/CoreModules/apache/config/apache2/site-unconfigured b/CoreModules/apache/config/apache2/site-unconfigured
new file mode 100644
index 0000000..fcdf18c
--- /dev/null
+++ b/CoreModules/apache/config/apache2/site-unconfigured
@@ -0,0 +1,6 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+
+#ConfHere
+
+</VirtualHost>
diff --git a/CoreModules/apache/config/apache2/site-wwwredir b/CoreModules/apache/config/apache2/site-wwwredir
new file mode 100644
index 0000000..03ecf2c
--- /dev/null
+++ b/CoreModules/apache/config/apache2/site-wwwredir
@@ -0,0 +1,4 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / http://DOMAINname/
+</VirtualHost>
diff --git a/CoreModules/apache/config/apache2/site_ssl-unconfigured b/CoreModules/apache/config/apache2/site_ssl-unconfigured
new file mode 100644
index 0000000..fe060cd
--- /dev/null
+++ b/CoreModules/apache/config/apache2/site_ssl-unconfigured
@@ -0,0 +1,16 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName DOMAINname
+    SSLEngine on
+    SSLCertificateFile      /etc/letsencrypt/live/DOMAINname/cert.pem
+    SSLCertificateKeyFile   /etc/letsencrypt/live/DOMAINname/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/DOMAINname/chain.pem
+    Include snippets/apa-ssl.conf
+
+#ConfHere
+
+</VirtualHost>
\ No newline at end of file
diff --git a/CoreModules/apache/config/apache2/site_ssl-wwwredir b/CoreModules/apache/config/apache2/site_ssl-wwwredir
new file mode 100644
index 0000000..1b6fd32
--- /dev/null
+++ b/CoreModules/apache/config/apache2/site_ssl-wwwredir
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName www.DOMAINname
+    SSLEngine on
+    SSLCertificateFile      /etc/letsencrypt/live/DOMAINname/cert.pem
+    SSLCertificateKeyFile   /etc/letsencrypt/live/DOMAINname/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/DOMAINname/chain.pem
+    Include snippets/apa-ssl.conf
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
\ No newline at end of file
diff --git a/CoreModules/apache/config/apache2/snippets-ssl.conf b/CoreModules/apache/config/apache2/snippets-ssl.conf
new file mode 100644
index 0000000..3cbc060
--- /dev/null
+++ b/CoreModules/apache/config/apache2/snippets-ssl.conf
@@ -0,0 +1,7 @@
+Protocols h2 http/1.1
+Header always set Strict-Transport-Security "max-age=63072000"
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA2$
+SSLHonorCipherOrder     off
+SSLSessionTickets       off
+SSLUseStapling On
diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh
new file mode 100644
index 0000000..111461a
--- /dev/null
+++ b/CoreModules/apache/preconf.sh
@@ -0,0 +1 @@
+sudo add-apt-repository ppa:ondrej/apache2
\ No newline at end of file
diff --git a/CoreModules/apache/reqmodules.sh b/CoreModules/apache/reqmodules.sh
new file mode 100644
index 0000000..ae87c0f
--- /dev/null
+++ b/CoreModules/apache/reqmodules.sh
@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"
\ No newline at end of file