mirror of
https://github.com/10h30/ols-docker-env.git
synced 2026-05-12 15:21:24 +09:00
update sh
This commit is contained in:
Cold-Egg
+73
-21
@@ -1,11 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
CK_RESULT=''
|
||||
HTTPD_CONF='httpd_config.conf'
|
||||
LSDIR='/usr/local/lsws'
|
||||
LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
|
||||
OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
|
||||
|
||||
help_message(){
|
||||
echo 'Command [-add|-del] [domain_name]'
|
||||
echo 'Example 1: domain-ctl.sh -add example.com'
|
||||
echo 'Example 2: domain-ctl.sh -del example.com'
|
||||
echo 'Example 1: domainctl.sh -add example.com'
|
||||
echo 'Example 2: domainctl.sh -del example.com'
|
||||
}
|
||||
|
||||
check_lsv(){
|
||||
if [ -f ${LSDIR}/bin/openlitespeed ]; then
|
||||
LSV='openlitespeed'
|
||||
elif [ -f ${LSDIR}/bin/litespeed ]; then
|
||||
LSV='lsws'
|
||||
else
|
||||
echo 'Version not exist, abort!'
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
dot_escape(){
|
||||
@@ -23,7 +36,7 @@ fst_match_after(){
|
||||
FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
|
||||
}
|
||||
lst_match_line(){
|
||||
fst_match_after ${1} ${2} '}'
|
||||
fst_match_after ${1} ${2} ${3}
|
||||
LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
|
||||
}
|
||||
|
||||
@@ -47,34 +60,73 @@ www_domain(){
|
||||
WWW_DOMAIN=$(echo www.${1})
|
||||
}
|
||||
|
||||
add_ls_domain(){
|
||||
fst_match_line 'ccl.xml</templateFile>' ${LS_HTTPD_CONF}
|
||||
NEWNUM=$((FIRST_LINE_NUM+1))
|
||||
sed -i "${NEWNUM}i \ \ \ \ \ \ <member>\n \ \ \ \ \ \ \ <vhName>${DOMAIN}</vhName>\n \ \ \ \ \ \ \ <vhDomain>${DOMAIN},${WWW_DOMAIN}</vhDomain>\n \ \ \ \ \ \ </member>" ${LS_HTTPD_CONF}
|
||||
}
|
||||
|
||||
add_ols_domain(){
|
||||
perl -0777 -p -i -e 's/(vhTemplate centralConfigLog \{[^}]+)\}*(^.*listeners.*$)/\1$2
|
||||
member '${DOMAIN}' {
|
||||
vhDomain '${DOMAIN},${WWW_DOMAIN}'
|
||||
}/gmi' ${OLS_HTTPD_CONF}
|
||||
}
|
||||
|
||||
add_domain(){
|
||||
check_lsv
|
||||
dot_escape ${1}
|
||||
DOMAIN=${ESCAPE}
|
||||
www_domain ${1}
|
||||
check_duplicate "member.*${DOMAIN}" ${HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" != '' ]; then
|
||||
echo "# It appears the domain already exist! Check the ${HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
else
|
||||
perl -0777 -p -i -e 's/(vhTemplate centralConfigLog \{[^}]+)\}*(^.*listeners.*$)/\1$2
|
||||
member '${1}' {
|
||||
vhDomain '${1},${WWW_DOMAIN}'
|
||||
}/gmi' ${HTTPD_CONF}
|
||||
if [ "${LSV}" = 'lsws' ]; then
|
||||
check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" != '' ]; then
|
||||
echo "# It appears the domain already exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
fi
|
||||
elif [ "${LSV}" = 'openlitespeed' ]; then
|
||||
check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" != '' ]; then
|
||||
echo "# It appears the domain already exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
add_ls_domain
|
||||
add_ols_domain
|
||||
}
|
||||
|
||||
del_ls_domain(){
|
||||
fst_match_line "<vhName>*${1}" ${LS_HTTPD_CONF}
|
||||
FIRST_LINE_NUM=$((FIRST_LINE_NUM-1))
|
||||
lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} '</member>'
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
|
||||
}
|
||||
|
||||
del_ols_domain(){
|
||||
fst_match_line ${1} ${OLS_HTTPD_CONF}
|
||||
lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}
|
||||
}
|
||||
|
||||
del_domain(){
|
||||
check_lsv
|
||||
dot_escape ${1}
|
||||
DOMAIN=${ESCAPE}
|
||||
check_duplicate "member.*${DOMAIN}" ${HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" = '' ]; then
|
||||
echo "# We couldn't find the domain you wanted to remove! Check the ${HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
else
|
||||
fst_match_line ${1} ${HTTPD_CONF}
|
||||
lst_match_line ${FIRST_LINE_NUM} ${HTTPD_CONF}
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${HTTPD_CONF}
|
||||
if [ "${LSV}" = 'lsws' ]; then
|
||||
check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" = '' ]; then
|
||||
echo "# Domain non-exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
fi
|
||||
elif [ "${LSV}" = 'openlitespeed' ]; then
|
||||
check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
|
||||
if [ "${CK_RESULT}" = '' ]; then
|
||||
echo "# Domain non-exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
del_ls_domain ${1}
|
||||
del_ols_domain ${1}
|
||||
}
|
||||
|
||||
check_input ${1}
|
||||
|
||||
+73
-11
@@ -2,7 +2,8 @@
|
||||
LSDIR='/usr/local/lsws'
|
||||
OWASP_DIR="${LSDIR}/conf/owasp"
|
||||
RULE_FILE='modsec_includes.conf'
|
||||
HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
|
||||
LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
|
||||
OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
|
||||
|
||||
help_message(){
|
||||
echo 'Command [-enable|-disable]'
|
||||
@@ -11,6 +12,17 @@ help_message(){
|
||||
exit 0
|
||||
}
|
||||
|
||||
check_lsv(){
|
||||
if [ -f ${LSDIR}/bin/openlitespeed ]; then
|
||||
LSV='openlitespeed'
|
||||
elif [ -f ${LSDIR}/bin/litespeed ]; then
|
||||
LSV='lsws'
|
||||
else
|
||||
echo 'Version not exist, abort!'
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_input(){
|
||||
if [ -z "${1}" ]; then
|
||||
help_message
|
||||
@@ -36,12 +48,12 @@ fst_match_after(){
|
||||
FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
|
||||
}
|
||||
lst_match_line(){
|
||||
fst_match_after ${1} ${2} '}'
|
||||
fst_match_after ${1} ${2} ${3}
|
||||
LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
|
||||
}
|
||||
|
||||
enable_modsec(){
|
||||
grep 'module mod_security {' ${HTTPD_CONF} >/dev/null 2>&1
|
||||
enable_ols_modsec(){
|
||||
grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
|
||||
if [ ${?} -eq 0 ] ; then
|
||||
echo "Already configured for modsecurity."
|
||||
else
|
||||
@@ -49,22 +61,70 @@ enable_modsec(){
|
||||
sed -i "s=module cache=module mod_security {\nmodsecurity on\
|
||||
\nmodsecurity_rules \`\nSecRuleEngine On\n\`\nmodsecurity_rules_file \
|
||||
${OWASP_DIR}/${RULE_FILE}\n ls_enabled 1\n}\
|
||||
\n\nmodule cache=" ${HTTPD_CONF}
|
||||
\n\nmodule cache=" ${OLS_HTTPD_CONF}
|
||||
fi
|
||||
}
|
||||
|
||||
disable_modesec(){
|
||||
grep 'module mod_security {' ${HTTPD_CONF} >/dev/null 2>&1
|
||||
enable_ls_modsec(){
|
||||
grep '<enableCensorship>1</enableCensorship>' ${LS_HTTPD_CONF} >/dev/null 2>&1
|
||||
if [ ${?} -eq 0 ] ; then
|
||||
echo "LSWS already configured for modsecurity"
|
||||
else
|
||||
echo 'Enable modsecurity'
|
||||
sed -i \
|
||||
"s=<enableCensorship>0</enableCensorship>=<enableCensorship>1</enableCensorship>=" ${LS_HTTPD_CONF}
|
||||
sed -i \
|
||||
"s=</censorshipControl>=</censorshipControl>\n\
|
||||
<censorshipRuleSet>\n\
|
||||
<name>ModSec</name>\n\
|
||||
<enabled>1</enabled>\n\
|
||||
<ruleSet>include ${OWASP_DIR}/modsec_includes.conf</ruleSet>\n\
|
||||
</censorshipRuleSet>=" ${LS_HTTPD_CONF}
|
||||
fi
|
||||
}
|
||||
|
||||
enable_modsec(){
|
||||
if [ "${LSV}" = 'lsws' ]; then
|
||||
enable_ls_modsec
|
||||
elif [ "${LSV}" = 'openlitespeed' ]; then
|
||||
enable_ols_modsec
|
||||
fi
|
||||
}
|
||||
|
||||
disable_ols_modesec(){
|
||||
grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
|
||||
if [ ${?} -eq 0 ] ; then
|
||||
echo 'Disable modsecurity'
|
||||
fst_match_line 'module mod_security' ${HTTPD_CONF}
|
||||
lst_match_line ${FIRST_LINE_NUM} ${HTTPD_CONF}
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${HTTPD_CONF}
|
||||
fst_match_line 'module mod_security' ${OLS_HTTPD_CONF}
|
||||
lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}
|
||||
else
|
||||
echo 'Already disabled for modsecurity'
|
||||
fi
|
||||
}
|
||||
|
||||
disable_ls_modesec(){
|
||||
grep '<enableCensorship>0</enableCensorship>' ${LS_HTTPD_CONF}
|
||||
if [ ${?} -eq 0 ] ; then
|
||||
echo 'Already disabled for modsecurity'
|
||||
else
|
||||
echo 'Disable modsecurity'
|
||||
sed -i \
|
||||
"s=<enableCensorship>1</enableCensorship>=<enableCensorship>0</enableCensorship>=" ${LS_HTTPD_CONF}
|
||||
fst_match_line 'censorshipRuleSet' ${LS_HTTPD_CONF}
|
||||
lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} '/censorshipRuleSet'
|
||||
sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
|
||||
fi
|
||||
}
|
||||
|
||||
disable_modsec(){
|
||||
if [ "${LSV}" = 'lsws' ]; then
|
||||
disable_ls_modesec
|
||||
elif [ "${LSV}" = 'openlitespeed' ]; then
|
||||
disable_ols_modesec
|
||||
fi
|
||||
}
|
||||
|
||||
install_git(){
|
||||
if [ ! -f /usr/bin/git ]; then
|
||||
echo 'Install git'
|
||||
@@ -145,10 +205,12 @@ while [ ! -z "${1}" ]; do
|
||||
;;
|
||||
-enable | -e | -E)
|
||||
main_owasp
|
||||
check_lsv
|
||||
enable_modsec
|
||||
;;
|
||||
-disable | -d | -D)
|
||||
disable_modesec
|
||||
check_lsv
|
||||
disable_modsec
|
||||
;;
|
||||
*)
|
||||
help_message
|
||||
|
||||
+3
-1
@@ -39,12 +39,14 @@ mod_secure(){
|
||||
}
|
||||
|
||||
ls_upgrade(){
|
||||
echo 'Upgrade web server to latest stable version.'
|
||||
docker-compose exec ${CONT_NAME} su -c '/usr/local/lsws/admin/misc/lsup.sh 2>/dev/null'
|
||||
}
|
||||
|
||||
set_web_admin(){
|
||||
echo 'Update web admin password.'
|
||||
docker-compose exec ${CONT_NAME} su -s /bin/bash lsadm -c \
|
||||
'echo "admin:$(/usr/local/lsws/admin/fcgi-bin/admin_php -q /usr/local/lsws/admin/misc/htpasswd.php '${1}')" > /usr/local/lsws/admin/conf/htpasswd';
|
||||
'echo "admin:$(/usr/local/lsws/admin/fcgi-bin/admin_php* -q /usr/local/lsws/admin/misc/htpasswd.php '${1}')" > /usr/local/lsws/admin/conf/htpasswd';
|
||||
}
|
||||
|
||||
main(){
|
||||
|
||||
Reference in New Issue
Block a user