LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Bash script to retrieving virtual hosts info from httpd.conf (https://www.linuxquestions.org/questions/programming-9/bash-script-to-retrieving-virtual-hosts-info-from-httpd-conf-4175599949/)

jjason 02-16-2017 09:29 PM
Bash script to retrieving virtual hosts info from httpd.conf
 
Hello,
I am trying to make a bash script for my nginx server because i use cPanel and they do not include nginx and it is a plugin. So i am trying to make a bash script so it looks in to the httpd.conf file for every virtual hosts that have SSL installed and to build the nginx ssl conf file and copy the cert, key and caboundle files to a ssl folder in nginx. my script is working but need fine tuning on the coding because right now it loops ever virtual hosts and i only need it to loop only the virtual hosts that use port 443 and have no idea how to do it.

I also notice that in my httpd.conf file there is virtual hosts that are the domain mail that are using mail.domain.com and my script is not including them.

I know my script not pretty but it works and i am not a programmer and did a lot of googling. is there a way to change the awk to only look for all <VirtualHost*:443> ?

Code:
#!/bin/bash

## Setting the variables for the Folder paths ##
CHAINPATH='/etc/nginx/ssl/caboundles';
CUSTOMCERTSPATH='/etc/nginx/ssl/certs';
CUSTOMKEYPATH='/etc/nginx/ssl/keys';
VHOSTPATH='/etc/nginx/ssl/vhosts';

echo "|--Searching the cPanel httpd.conf file for all domains that have SSL installed.....";
echo "|---------------------------------------------------------------";

while read ServerName SSLCertificateFile SSLCertificateKeyFile SSLCACertificateFile
do
        ## Making sure the SSL cert and key was found before creating the conf file ##
        if [[ -n $SSLCertificateFile ]] || [[ -n $SSLCertificateKeyFile ]]
        then
                ## Removing the . and - from the domain and replacing it with _ ##
                fqdn=${ServerName//./_};
                fqdnServerName=${fqdn//-/_};

                echo "|--|--Installing $ServerName nginx SSL conf file.........";
                echo "|--|--|--The SSL cert file was found and was copied to the $CUSTOMCERTSPATH folder.";
                cp $SSLCertificateFile $CUSTOMCERTSPATH/$fqdnServerName.crt;
                echo "|--|--|--|--SSL cert file: $CUSTOMCERTSPATH/$fqdnServerName.crt";

                echo "|--|--|--The SSL key file was found and was copied to the $CUSTOMKEYPATH folder.";
                cp $SSLCertificateKeyFile $CUSTOMKEYPATH/$fqdnServerName.key;
                echo "|--|--|--|--SSL key file: $CUSTOMKEYPATH/$fqdnServerName.key";
               
                ## checking to see if the CAboundle was found ##
                if [[ -n $SSLCACertificateFile ]]
                then
                        echo "|--|--|--The SSL CAboundle file was found and was copied to the $CHAINPATH folder.";
                        cp $SSLCACertificateFile $CHAINPATH/$fqdnServerName.pem;
                        echo "|--|--|--|--SSL CAboundle file: $CHAINPATH/$fqdnServerName.pem";

                        CABOUNDLEDATA=$"# ============ Start OCSP stapling protection ============
                                ssl_stapling on;
                                ssl_stapling_verify on;
                                ssl_trusted_certificate $CHAINPATH/$ServerName.pem;
                                # ============ End OCSP stapling protection ============
                        ";
                else
                        ## Displaying a error that the CAboundle was not found ##
                        echo "|--|--|--ERROR!";
                        echo "|--|--|--|--The SSL CAboundle file could not be found for this domain $ServerName";
                        echo "|--|--|--|--Could not add the OCSP stapling protection to the $fqdnServerName.conf file because the SSL CAboundle file is missing.";
                fi

## SSL domain_com.conf template ##
FILEDATA=$"# /**
#  * @version    1.7.2
#  * @package    Engintron for cPanel/WHM
#  * @author    Fotis Evangelou
#  * @url        https://engintron.com
#  * @copyright  Copyright (c) 2010 - 2016 Nuevvo Webware P.C. All rights reserved.
#  * @license    GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
#  */

server {
        listen 443 ssl http2;
        server_name $ServerName www.$ServerName;

        ssl_certificate      $CUSTOMCERTSPATH/$fqdnServerName.crt;
        ssl_certificate_key  $CUSTOMKEYPATH/$fqdnServerName.key;

        $CABOUNDLEDATA

        include ssl_proxy_params_common;
}";

## Empty the CABOUNDLEDATA variables each time it loops so that we don't ##
## add the wrong CAboundle info in to the vhost that is being created ##
CABOUNDLEDATA="";

echo "$FILEDATA" > $VHOSTPATH/$fqdnServerName.conf;
echo "|--|--The SSL $fqdnServerName.conf file was successfully created";
echo "|--|--|-- SSL conf file: $VHOSTSPATH/$fqdnServerName.conf";
echo "|---------------------------------------------------------------";
fi
done< <(awk '/^<VirtualHost*/,/^<\/VirtualHost>/{if(/^<\/VirtualHost>/)p=1;if(/ServerName|SSLCertificateFile|SSLCertificateKeyFile|SSLCACertificateFile|## ServerName/)out = out (out?OFS:"") (/User/?$3:$2)}p{print out;p=0;out=""}' /usr/local/apache/conf/httpd.conf)
echo "|--Reloading nginx";
service nginx reload;
echo "|--Restarting nginx"
service nginx restart;

grail 02-17-2017 02:13 AM
As the main concern is the awk I will keep my focus there. If you only wish to return those using 443 then make that an item you look for so that when you enter the 'p' portion of your script you can test
to see if that was found.
Code:
p{if(443 was found)print out;p=0;out=""}

Habitual 02-17-2017 05:04 AM
Looks familiar :)

grail 02-17-2017 08:43 AM
Quote:
Originally Posted by Habitual (Post 5671950)
So familiar that you will see the OP in that thread and asked to start his/her own question ;)

Habitual 02-17-2017 10:24 AM
Yeah, stepped right in it at 6:04am local.

I'm out.
Peace and Coffee.

jjason 02-17-2017 02:19 PM
Yes Habitual part of the code was from that post because i am not a programmer and when i google to see how to look in the httpd.conf file that post came up and was what i was looking for.

I changed my awk to use this
Code:
p{if(443 was found)print out;p=0;out=""}
and not this
Code:
p{print out;p=0;out=""}
===Updated====
I forgot to ask is there a way to search for 2 different ports 443 and 444 because with my nginx plugin the apache SSL port is changed to 444 and it's also changed in the httpd.conf file.

grail 02-17-2017 02:26 PM
ummm ... not exactly that?? Sorry if I assumed too much, but you will need to set a variable which is looking for the presence of the string '443' and if it is found you set the variable to true (a 1 will suffice) and then use the 'if' to see if the variable is set to 1.

Let me know if that clears that up?

jjason 02-17-2017 02:35 PM
Quote:
Originally Posted by grail (Post 5672266)
ummm ... not exactly that?? Sorry if I assumed too much, but you will need to set a variable which is looking for the presence of the string '443' and if it is found you set the variable to true (a 1 will suffice) and then use the 'if' to see if the variable is set to 1.

Let me know if that clears that up?
Hello i am not sure what you mean i am not a programmer and trying to learn can you give me a example what you mean? I mostly do PHP scripting so i am not use to doing programming coding and have no idea how to put the 443 in to a variable so it can be checked in awk.

grail 02-17-2017 03:10 PM
The same way you set the variables p and out. So if you called it 'port_found', you would need to check the line contains '443', like you did for 'ServerName' and once found it is simply:
Code:
port_found = 1
Then you would place 'port_found' in the 'if' I first showed you. You would also need to set it back to zero inside the same 'if' so you wait until it gets set again.


If you can code in php, this shouldn't seem to foreign :)

jjason 02-17-2017 03:32 PM
Quote:
Originally Posted by grail (Post 5672292)
The same way you set the variables p and out. So if you called it 'port_found', you would need to check the line contains '443', like you did for 'ServerName' and once found it is simply:
Code:
port_found = 1
Then you would place 'port_found' in the 'if' I first showed you. You would also need to set it back to zero inside the same 'if' so you wait until it gets set again.


If you can code in php, this shouldn't seem to foreign :)
I am not sure how to do that because the port is in the <VirtualHost as <VirtualHost IP:443> unlike ServerName is after the <VirtualHost IP:443> was loaded.

grail 02-18-2017 01:07 AM
Shouldn't be a problem as each line will still be processed. Give it a try :)

jjason 03-08-2017 01:50 PM
Hello,
I added ServerAlias to my awk command but ServerAlias holders multiple domains that is like this
Code:
ServerAlias mail.domain.com sub.domain.com
Is there a way that i can have the awk command to put the ServerAlias in to a array so that i can use like a "for" to loop each array key?

Turbocapitalist 03-08-2017 02:08 PM
Quote:
Originally Posted by jjason (Post 5680797)
Is there a way that i can have the awk command to put the ServerAlias in to a array so that i can use like a "for" to loop each array key?
There are several ways.

Code:
awk '/ServerAlias/ { for ( i=2; i <= NF; i++ ) { serveralias[$i]++ }; } END { for ( server in serveralias) { print server } }'
As usual, check the manual page for awk for the details for your version and an explanation about loops.


All times are GMT -5. The time now is 08:35 PM.