| 2223 |
tom.houday |
1 |
#!/bin/bash
|
| 958 |
franck |
2 |
# $Id: alcasar-https.sh 3293 2025-07-16 22:50:45Z rexy $
|
| 843 |
richard |
3 |
|
| 3225 |
rexy |
4 |
# alcasar-https.sh
|
| 843 |
richard |
5 |
# by Rexy
|
|
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
|
|
7 |
|
|
|
8 |
# active ou désactive le chiffrement sur les flux d'authentification
|
|
|
9 |
# enable or disable encryption on authentication flows
|
|
|
10 |
|
|
|
11 |
SED="/bin/sed -i"
|
| 2324 |
tom.houday |
12 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
| 843 |
richard |
13 |
CHILLI_CONF_FILE="/etc/chilli.conf"
|
| 3293 |
rexy |
14 |
HTTPD_CONF_FILE="/etc/httpd/conf/sites.d/alcasar.conf"
|
|
|
15 |
HTTPD_80_CONF_FILE="/etc/httpd/conf/sites.d/00_default_vhosts.conf"
|
| 2324 |
tom.houday |
16 |
HOSTNAME=$(grep ^HOSTNAME= $CONF_FILE | cut -d'=' -f2)
|
|
|
17 |
DOMAIN=$(grep ^DOMAIN= $CONF_FILE | cut -d'=' -f2)
|
| 843 |
richard |
18 |
|
|
|
19 |
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}"
|
|
|
20 |
nb_args=$#
|
|
|
21 |
args=$1
|
|
|
22 |
if [ $nb_args -eq 0 ]
|
|
|
23 |
then
|
|
|
24 |
echo "$usage"
|
|
|
25 |
exit 1
|
|
|
26 |
fi
|
| 2324 |
tom.houday |
27 |
|
| 843 |
richard |
28 |
case $args in
|
|
|
29 |
-\? | -h* | --h*)
|
|
|
30 |
echo "$usage"
|
|
|
31 |
exit 0
|
|
|
32 |
;;
|
| 3293 |
rexy |
33 |
--off | -off) # Chilli : disable HTTPS (it will listen only on 3990 port) + Apache : remove "requireSSL" & redirection directive
|
| 2324 |
tom.houday |
34 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
|
| 2409 |
tom.houday |
35 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
|
| 2592 |
rexy |
36 |
$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
|
|
37 |
$SED "s?^redirssl.*?#&?" $CHILLI_CONF_FILE
|
|
|
38 |
$SED "s?^uamuissl.*?#&?" $CHILLI_CONF_FILE
|
| 1617 |
richard |
39 |
/usr/bin/systemctl restart chilli
|
| 3293 |
rexy |
40 |
$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE
|
|
|
41 |
$SED "/redirect/d" $HTTPD_80_CONF_FILE
|
|
|
42 |
/usr/bin/systemctl restart httpd
|
| 843 |
richard |
43 |
;;
|
| 3293 |
rexy |
44 |
--on | -on) # Chilli : enable HTTPS (it will listen on ports 3990 (http) and 3991 (https) + apache : add "requireSSL" & redirection directive
|
| 2324 |
tom.houday |
45 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
|
| 2879 |
rexy |
46 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
|
| 2592 |
rexy |
47 |
$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
|
|
48 |
$SED "s?^#redirssl.*?redirssl?" $CHILLI_CONF_FILE
|
|
|
49 |
$SED "s?^#uamuissl.*?uamuissl?" $CHILLI_CONF_FILE
|
| 1617 |
richard |
50 |
/usr/bin/systemctl restart chilli
|
| 3293 |
rexy |
51 |
$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE # if already exist
|
|
|
52 |
$SED "/<Directory \/var\/www\/html>/a\ SSLRequireSSL" $HTTPD_CONF_FILE
|
|
|
53 |
$SED "/redirect/d" $HTTPD_80_CONF_FILE # if already exist
|
|
|
54 |
$SED "/<\/VirtualHost>/i\ redirect permanent \/ https:\/\/$HOSTNAME.$DOMAIN" $HTTPD_80_CONF_FILE
|
|
|
55 |
/usr/bin/systemctl restart httpd
|
| 843 |
richard |
56 |
;;
|
|
|
57 |
*)
|
| 2324 |
tom.houday |
58 |
echo "Argument inconnu : $1"
|
| 843 |
richard |
59 |
echo "$usage"
|
|
|
60 |
exit 1
|
|
|
61 |
;;
|
|
|
62 |
esac
|