3
3
LPATH="/var/opt/roundcube/"
4
4
config_file_path="${LPATH}config/"
5
5
config_tmp="$FORMULA_DIR/config.tmp"
6
ssl_crt_f="/etc/ssl/certs/ssl-cert-roundcube.pem"
7
ssl_key_f="/etc/ssl/private/ssl-cert-roundcube.key"
7
9
hostname=`unit-get public-address`
8
10
juju-log "Retrieved hostname: $hostname"
12
#Get the des_key, or generate if it does not exist
13
function get-des-key {
14
# Generate a des key if not set yet
15
if [[ ! -e "${LPATH}config/des_key" ]]; then
16
[[ ! `which pwgen` ]] && apt-get -y install pwgen
18
echo $des_key > ${LPATH}config/des_key
19
juju-log "des key generated: $des_key"
21
des_key=$(cat ${LPATH}config/des_key)
22
juju-log "des key retrieved: $des_key"
29
#Write the des_key to the config
30
function set-des-key {
32
des_key=$(get-des-key)
36
cat > $LPATH/config/des_key.inc.php << EOF
38
\$rcmail_config['des_key'] = '$des_key';
42
chmod 0644 $LPATH/config/des_key.inc.php
43
chown root:www-data $LPATH/config/des_key.inc.php
48
#Write the ssl cert files
49
function set-ssl-cert {
50
if [[ $# == 2 ]]; then
51
#the content of the keys have been passed, write them
52
echo "$1" > $ssl_crt_f
53
echo "$2" > $ssl_key_f
55
#key files have been given to us? use them if they are not set yet
56
ssl_crt=$(config-get ssl_crt)
57
ssl_key=$(config-get ssl_key)
58
if [[ -n $ssl_crt ]] && [[ -n $ssl_key ]]; then
59
if [[ ! -e $ssl_crt ]]; then
60
juju-log "HTTPS cannot be activated: you must provide a valid full path to a SSL certificate file in ssl_crt"
63
if [[ ! -e $ssl_key ]]; then
64
juju-log "HTTPS cannot be activated: you must provide a valid full path to a SSL certificate key file in ssl_key"
67
cat $ssl_crt > $ssl_crt_f
68
cat $ssl_key > $ssl_key_f
70
juju-log "HTTPS cannot be activated: you must provide a valid full path to a SSL certificate file in ssl_crt & ssl_key"
74
#restrict access to cert files
77
chown root:www-data $ssl_crt_f
78
chown root:www-data $ssl_key_f
10
83
#Store the invariant part of the config file on disk, so that we can
11
84
#reuse it outside of a relation-changed hook. This is a workaround until
12
85
#we will be able to do relation-get <relation> <variable>
46
119
// include the juju.inc.php file which will overwrite the setting in this file
47
120
include( "${LPATH}config/juju.inc.php" );
121
include( "${LPATH}config/des_key.inc.php" );
49
123
chmod 0644 $LPATH/config/main.inc.php
50
124
chown root:www-data $LPATH/config/main.inc.php
53
127
. $FORMULA_DIR/do-dbconfig
56
132
#Set the configuration values that can be changed after the relation
57
133
#with the db has been done
58
134
function set-config {
59
135
if [[ ! -e $LPATH/config/db.juju.inc.php ]] ; then
60
136
juju-log "Database relation has not been established yet, can't write the config"
61
137
echo "Database relation has not been established yet, can't write the config"
65
141
juju-log "Writing roundcube config file"
66
143
# Write the config
67
145
. $FORMULA_DIR/do-mainconfig
70
150
#Do Apache SSL configuration if necessary
71
151
function set-https {
72
152
do_https=$(config-get do_https)
73
ssl_crt=$(config-get ssl_crt)
74
ssl_key=$(config-get ssl_key)
76
154
if [[ $do_https != 0 ]]; then
77
if [[ ! -e $ssl_crt ]]; then
155
if [[ ! -e $ssl_crt_f ]]; then
78
156
juju-log "HTTPS cannot be activated: you must provide a valid full path to a SSL certificate file in ssl_crt"
81
if [[ ! -e $ssl_key ]]; then
159
if [[ ! -e $ssl_key_f ]]; then
82
160
juju-log "HTTPS cannot be activated: you must provide a valid full path to a SSL certificate key file in ssl_key"
93
171
if [[ -e apache_config_file_path ]]; then
94
172
grep -q "Listen $do_https" apache_config_file_path
95
173
if [[ $? == 0 ]]; then
96
grep -q "SSLCertificateFile $ssl_crt" apache_config_file_path
174
grep -q "SSLCertificateFile $ssl_crt_f" apache_config_file_path
97
175
if [[ $? == 0 ]]; then
98
grep -q "SSLCertificateKeyFile $ssl_key" apache_config_file_path
176
grep -q "SSLCertificateKeyFile $ssl_key_f" apache_config_file_path
99
177
if [[ $? == 0 ]]; then
101
179
juju-log "Everything already set for HTTPS, no changes needed"
140
service apache2 restart
141
if [[ ! $? == 0 ]]; then
142
juju-log "Failed to start apache2, check that the SSL cert file are valid (most likely). Disabling https config and restarting without it for now."
143
a2dissite ${hostname}.ssl
144
service apache2 restart
145
if [[ ! $? == 0 ]]; then
146
juju-log "Something is wrong with apache, even after disabling the https site. Time to use that juju debug-hook command to see what's hapening over there..."
214
service apache2 restart && exit 0
215
juju-log "Failed to start apache2, check that the SSL cert file are valid (most likely). Disabling https config and restarting without it for now."
217
a2dissite ${hostname}.ssl
218
service apache2 restart && exit 0
219
juju-log "Something is wrong with apache, even after disabling the https site. Time to use that juju debug-hook command to see what's hapening over there..."
151
225
# Write the apache config
152
226
function apache-config {
153
227
# XXX a future branch will change this to use augtool
165
239
if [[ -n "$3" ]] && [[ "$3" == "https" ]]; then
166
240
https=" SSLEngine on
167
241
SSLOptions +StrictRequire
168
SSLCertificateFile $ssl_crt
169
SSLCertificateKeyFile $ssl_key
242
SSLCertificateFile $ssl_crt_f
243
SSLCertificateKeyFile $ssl_key_f