diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-10-15 15:42:12 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-10-15 15:42:12 -0400 |
commit | ed8f506b0f96d6133899078530d3ff6a63b0c5b6 (patch) | |
tree | 884235d24f780eff0941a29b76ae905ba3fd48ee /ipa-server/ipaserver/httpinstance.py | |
parent | a4143789da67693e73d9ba78641f159fed30b4cc (diff) | |
download | freeipa.git-ed8f506b0f96d6133899078530d3ff6a63b0c5b6.tar.gz freeipa.git-ed8f506b0f96d6133899078530d3ff6a63b0c5b6.tar.xz freeipa.git-ed8f506b0f96d6133899078530d3ff6a63b0c5b6.zip |
First step in enabling SSL in the IPA web server
Diffstat (limited to 'ipa-server/ipaserver/httpinstance.py')
-rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py new file mode 100644 index 00000000..81868278 --- /dev/null +++ b/ipa-server/ipaserver/httpinstance.py @@ -0,0 +1,76 @@ +# Authors: Rob Crittenden <rcritten@redhat.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 or later +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import subprocess +import string +import tempfile +import shutil +import logging +import pwd +from ipa.ipautil import * +import fileinput +import sys + +HTTPD_DIR = "/etc/httpd" +SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" +NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf" + +def update_file(filename, orig, subst): + if os.path.exists(filename): + pattern = "%s" % re.escape(orig) + p = re.compile(pattern) + for line in fileinput.input(filename, inplace=1): + if not p.search(line): + sys.stdout.write(line) + else: + sys.stdout.write(p.sub(subst, line)) + fileinput.close() + +class HTTPInstance: + def __init__(self): + pass + + def create_instance(self): + self.__disable_mod_ssl() + self.__set_mod_nss_port() + try: + self.restart() + except: + # TODO: roll back here? + print "Failed to restart httpd" + + def stop(self): + run(["/sbin/service", "httpd", "stop"]) + + def start(self): + run(["/sbin/service", "httpd", "start"]) + + def restart(self): + run(["/sbin/service", "httpd", "restart"]) + + def __disable_mod_ssl(self): + logging.debug("disabling mod_ssl in httpd") + if os.path.exists(SSL_CONF): + os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF) + logging.debug("done disabling mod_ssl") + + def __set_mod_nss_port(self): + logging.debug("Setting mod_nss port to 443") + update_file(NSS_CONF, '8443', '443') + logging.debug("done setting mod_nss port") |