| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 3206 2024-06-16 22:31:29Z rexy $
|
2 |
# $Id: alcasar-conf.sh 3230 2024-11-06 23:38:15Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 296... |
Line 296... |
| 296 |
$DIR_BIN/alcasar-dns-local.sh --reload
|
296 |
$DIR_BIN/alcasar-dns-local.sh --reload
|
| 297 |
# Logout everybody
|
297 |
# Logout everybody
|
| 298 |
$DIR_BIN/alcasar-logout.sh all
|
298 |
$DIR_BIN/alcasar-logout.sh all
|
| 299 |
# Services stop
|
299 |
# Services stop
|
| 300 |
echo -n "Stop services : "
|
300 |
echo -n "Stop services : "
|
| 301 |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
|
301 |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network httpd
|
| 302 |
do
|
302 |
do
|
| 303 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
303 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
| 304 |
done
|
304 |
done
|
| 305 |
echo
|
305 |
echo
|
| 306 |
fi
|
306 |
fi
|
| Line 351... |
Line 351... |
| 351 |
fi
|
351 |
fi
|
| 352 |
done < /tmp/hosts
|
352 |
done < /tmp/hosts
|
| 353 |
rm -f /tmp/hosts
|
353 |
rm -f /tmp/hosts
|
| 354 |
# MOTD
|
354 |
# MOTD
|
| 355 |
$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
|
355 |
$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
|
| 356 |
# Lighttpd
|
356 |
# httpd
|
| 357 |
$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
|
357 |
$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf
|
| 358 |
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar-with-ssl.conf /etc/lighttpd/vhosts.d/alcasar-without-ssl.conf
|
358 |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| - |
|
359 |
$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| 359 |
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar-with-ssl.conf /etc/lighttpd/vhosts.d/alcasar-without-ssl.conf
|
360 |
$SED "s/^ ServerName.*/ ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/vhosts.d/00_default_vhosts.conf /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
|
| - |
|
361 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
|
| - |
|
362 |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
|
| - |
|
363 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
|
| - |
|
364 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| 360 |
# FreeRADIUS
|
365 |
# FreeRADIUS
|
| 361 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
366 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
| 362 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
367 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
| 363 |
# CoovaChilli
|
368 |
# CoovaChilli
|
| 364 |
$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
369 |
$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| Line 466... |
Line 471... |
| 466 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
|
471 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
|
| 467 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
|
472 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
|
| 468 |
$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" /etc/chilli.conf
|
473 |
$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" /etc/chilli.conf
|
| 469 |
$SED "s?^#redirssl.*?redirssl?" /etc/chilli.conf
|
474 |
$SED "s?^#redirssl.*?redirssl?" /etc/chilli.conf
|
| 470 |
$SED "s?^#uamuissl.*?uamuissl?" /etc/chilli.conf
|
475 |
$SED "s?^#uamuissl.*?uamuissl?" /etc/chilli.conf
|
| 471 |
rm -f /etc/lighttpd/vhosts.d/alcasar.conf
|
- |
|
| 472 |
ln -s /etc/lighttpd/vhosts.d/alcasar-with-ssl.conf /etc/lighttpd/vhosts.d/alcasar.conf
|
- |
|
| 473 |
else
|
476 |
else
|
| 474 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
|
477 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
|
| 475 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
|
478 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
|
| 476 |
$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" /etc/chilli.conf
|
479 |
$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" /etc/chilli.conf
|
| 477 |
$SED "s?^redirssl.*?#&?" /etc/chilli.conf
|
480 |
$SED "s?^redirssl.*?#&?" /etc/chilli.conf
|
| 478 |
$SED "s?^uamuissl.*?#&?" /etc/chilli.conf
|
481 |
$SED "s?^uamuissl.*?#&?" /etc/chilli.conf
|
| 479 |
rm -f /etc/lighttpd/vhosts.d/alcasar.conf
|
- |
|
| 480 |
ln -s /etc/lighttpd/vhosts.d/alcasar-without-ssl.conf /etc/lighttpd/vhosts.d/alcasar.conf
|
- |
|
| 481 |
fi
|
482 |
fi
|
| 482 |
# Services start
|
483 |
# Services start
|
| 483 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
484 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
| 484 |
then
|
485 |
then
|
| 485 |
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
|
486 |
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
|
| Line 488... |
Line 489... |
| 488 |
do
|
489 |
do
|
| 489 |
sleep 1
|
490 |
sleep 1
|
| 490 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
491 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
| 491 |
done
|
492 |
done
|
| 492 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables"
|
493 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables"
|
| 493 |
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
|
494 |
/usr/bin/systemctl restart httpd && echo -n ", httpd"
|
| 494 |
fi
|
495 |
fi
|
| 495 |
# Email user registration
|
496 |
# Email user registration
|
| 496 |
$DIR_BIN/alcasar-mail-install.sh
|
497 |
$DIR_BIN/alcasar-mail-install.sh
|
| 497 |
# Start / Stop LDAP authentification
|
498 |
# Start / Stop LDAP authentification
|
| 498 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
499 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|