[41/50] [abbrv] git commit: VPC : configure apache2 for each guest network

ahuang Mon, 10 Sep 2012 13:56:07 -0700

VPC : configure apache2 for each guest network


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/ba052246
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/ba052246
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/ba052246

Branch: refs/heads/4.0
Commit: ba0522461dd100dfdb16869b40b41003561b05e6
Parents: 5756a2a
Author: anthony <[email protected]>
Authored: Fri Jul 6 16:08:34 2012 -0700
Committer: Anthony Xu <[email protected]>
Committed: Fri Sep 7 18:10:42 2012 -0700

----------------------------------------------------------------------
 .../debian/config/etc/init.d/cloud-early-config    |   21 +++++++++++++++
 .../debian/config/opt/cloud/bin/vpc_acl.sh         |    1 -
 .../debian/config/opt/cloud/bin/vpc_guestnw.sh     |   12 --------
 3 files changed, 21 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/etc/init.d/cloud-early-config
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config 
b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 236abbd..a7f9b70 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -394,6 +394,26 @@ setup_sshd(){
   [ -f /etc/ssh/sshd_config ] && sed -i -e 
"s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
 }
 
+
+setup_vpc_apache2() {
+  log_it "Setting up apache web server for VPC"
+  chkconfig apache2 off
+  rm -f /etc/apache2/conf.d/vhost*.conf
+  [ -f /etc/apache2/sites-available/default ] && echo "" 
>/etc/apache2/sites-available/default
+  [ -f /etc/apache2/sites-available/default-ssl ] && echo 
"">/etc/apache2/sites-available/default-ssl
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens 
.*/ServerTokens Prod/g" /etc/apache2/conf.d/security
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature 
.*/ServerSignature Off/g" /etc/apache2/conf.d/security
+
+  # Disable listing of http://SSVM-IP/icons folder for security issue. see 
article 
http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
+  [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes 
MultiViews"/"Options -Indexes MultiViews"/ 
/etc/apache2/mods-available/alias.conf
+
+  echo "Options -Indexes" > /var/www/html/.htaccess
+}
+
+
 setup_apache2() {
   log_it "Setting up apache web server"
   local ip=$1
@@ -611,6 +631,7 @@ EOF
 
   echo "$ETH0_IP $NAME" >> /etc/hosts
   setup_sshd $ETH0_IP
+  setup_vpc_apache2
 
   enable_svc dnsmasq 1
   enable_svc haproxy 1

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh 
b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
index 4ebed3a..8a207e8 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
@@ -89,7 +89,6 @@ acl_chain_for_guest_network () {
   sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev  2>/dev/null
   # outbound
   sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
   sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr 
! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
 }
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh 
b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index ee9960c..7331c53 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -65,18 +65,6 @@ setup_apache2() {
   sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" 
/etc/apache2/conf.d/vhost$dev.conf
   sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
   sed -i -e "s/Listen .*:443/Listen $ip:443/g" 
/etc/apache2/conf.d/vhost$dev.conf
-  if [ -e "/etc/apache2/sites-enabled/000-default" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/000-default
-  fi
-  if [ -e "/etc/apache2/sites-enabled/default-ssl" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/default-ssl
-  fi
-  if [ -e "/etc/apache2/ports.conf" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/ports.conf
-  fi
   service apache2 restart
   sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 
-j ACCEPT
 }

[41/50] [abbrv] git commit: VPC : configure apache2 for each guest network

Reply via email to