Subversion Repositories ALCASAR

Rev

Rev 3293 | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2223 tom.houday 1 
#!/bin/bash
958 franck 2 
# $Id: alcasar-https.sh 3294 2025-07-20 22:26:38Z rexy $
843 richard 3 
 
3225 rexy 4 
# alcasar-https.sh
843 richard 5 
# by Rexy
6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
8 
# active ou désactive le chiffrement sur les flux d'authentification
9 
# enable or disable encryption on authentication flows
10 
 
11 
SED="/bin/sed -i"
2324 tom.houday 12 
CONF_FILE="/usr/local/etc/alcasar.conf"
843 richard 13 
CHILLI_CONF_FILE="/etc/chilli.conf"
3293 rexy 14 
HTTPD_CONF_FILE="/etc/httpd/conf/sites.d/alcasar.conf"
15 
HTTPD_80_CONF_FILE="/etc/httpd/conf/sites.d/00_default_vhosts.conf"
2324 tom.houday 16 
HOSTNAME=$(grep ^HOSTNAME= $CONF_FILE | cut -d'=' -f2)
17 
DOMAIN=$(grep ^DOMAIN= $CONF_FILE | cut -d'=' -f2)
843 richard 18 
 
19 
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}"
20 
nb_args=$#
21 
args=$1
22 
if [ $nb_args -eq 0 ]
23 
then
24 
	echo "$usage"
25 
	exit 1
26 
fi
2324 tom.houday 27 
 
843 richard 28 
case $args in
29 
	-\? | -h* | --h*)
30 
		echo "$usage"
31 
		exit 0
32 
		;;
3293 rexy 33 
	--off | -off)	# Chilli : disable HTTPS (it will listen only on 3990 port) + Apache : remove "requireSSL" & redirection directive
2324 tom.houday 34 
		$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
2409 tom.houday 35 
		$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
2592 rexy 36 
		$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
37 
		$SED "s?^redirssl.*?#&?" $CHILLI_CONF_FILE
38 
		$SED "s?^uamuissl.*?#&?" $CHILLI_CONF_FILE
1617 richard 39 
		/usr/bin/systemctl restart chilli
3293 rexy 40 
		$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE
41 
		$SED "/redirect/d" $HTTPD_80_CONF_FILE
42 
		/usr/bin/systemctl restart httpd
843 richard 43 
		;;
3293 rexy 44 
	--on | -on)	# Chilli : enable HTTPS (it will listen on ports 3990 (http) and 3991 (https) + apache : add "requireSSL" & redirection directive
2324 tom.houday 45 
		$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
2879 rexy 46 
		$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
2592 rexy 47 
		$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
48 
		$SED "s?^#redirssl.*?redirssl?" $CHILLI_CONF_FILE
49 
		$SED "s?^#uamuissl.*?uamuissl?" $CHILLI_CONF_FILE
1617 richard 50 
		/usr/bin/systemctl restart chilli
3294 rexy 51 
		$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE # remove if already exist
3293 rexy 52 
		$SED "/<Directory \/var\/www\/html>/a\        SSLRequireSSL" $HTTPD_CONF_FILE
3294 rexy 53 
		$SED "/redirect/d" $HTTPD_80_CONF_FILE # remove if already exist
3293 rexy 54 
		$SED "/<\/VirtualHost>/i\    redirect permanent \/ https:\/\/$HOSTNAME.$DOMAIN" $HTTPD_80_CONF_FILE
55 
		/usr/bin/systemctl restart httpd
843 richard 56 
		;;
57 
	*)
2324 tom.houday 58 
		echo "Argument inconnu : $1"
843 richard 59 
		echo "$usage"
60 
		exit 1
61 
		;;
62 
esac