Initial
This commit is contained in:
Alexey Berezhok
125
bin/v-add-web-domain-httpauth
Executable file
125
bin/v-add-web-domain-httpauth
Executable file
@@ -0,0 +1,125 @@
|
||||
#!/bin/bash
|
||||
# info: add password protection for web domain
|
||||
# options: USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]
|
||||
#
|
||||
# example: v-add-web-domain-httpauth admin acme.com user02 super_pass
|
||||
#
|
||||
# This function is used for securing web domain with http auth
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variables & Functions #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
auth_user=$3
|
||||
password=$4
|
||||
HIDE=4
|
||||
restart=${5-yes}
|
||||
|
||||
# Includes
|
||||
# shellcheck source=/etc/hestiacp/hestia.conf
|
||||
source /etc/hestiacp/hestia.conf
|
||||
# shellcheck source=/usr/local/hestia/func/main.sh
|
||||
source $HESTIA/func/main.sh
|
||||
# shellcheck source=/usr/local/hestia/func/domain.sh
|
||||
source $HESTIA/func/domain.sh
|
||||
# load config file
|
||||
source_conf "$HESTIA/conf/hestia.conf"
|
||||
|
||||
# Defining htpasswd file
|
||||
htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd"
|
||||
docroot="$HOMEDIR/$user/web/$domain/public_html"
|
||||
|
||||
# Perform verification if read-only mode is enabled
|
||||
check_hestia_demo_mode
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
||||
is_password_valid
|
||||
get_domain_values 'web'
|
||||
is_user_format_valid "$auth_user" "Auth user"
|
||||
if [ -n "$(echo "$AUTH_USER" | tr : '\n' | grep ^$auth_user$)" ]; then
|
||||
echo "Error: auth user $auth_user already exists"
|
||||
log_event "$E_EXISTS" "$ARGUMENTS"
|
||||
exit "$E_EXISTS"
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Adding htaccess password protection
|
||||
if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
|
||||
htaccess="$HOMEDIR/$user/conf/web/$domain/nginx.conf_htaccess"
|
||||
shtaccess="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_htaccess"
|
||||
if [ ! -f "$htaccess" ]; then
|
||||
echo "auth_basic \"$domain password access\";" > $htaccess
|
||||
echo "auth_basic_user_file $htpasswd;" >> $htaccess
|
||||
ln -s $htaccess $shtaccess
|
||||
restart_required='yes'
|
||||
fi
|
||||
else
|
||||
htaccess="$HOMEDIR/$user/conf/web/$domain/apache2.conf_htaccess"
|
||||
shtaccess="$HOMEDIR/$user/conf/web/$domain/apache2.ssl.conf_htaccess"
|
||||
if [ ! -f "$htaccess" ]; then
|
||||
echo "<Directory $docroot>" > $htaccess
|
||||
echo " AuthUserFile $htpasswd" >> $htaccess
|
||||
echo " AuthName \"$domain access\"" >> $htaccess
|
||||
echo " AuthType Basic" >> $htaccess
|
||||
echo " Require valid-user" >> $htaccess
|
||||
echo "</Directory>" >> $htaccess
|
||||
ln -s $htaccess $shtaccess
|
||||
restart_required='yes'
|
||||
fi
|
||||
fi
|
||||
|
||||
# Adding httpasswd user
|
||||
auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password)
|
||||
touch $htpasswd
|
||||
chmod 644 $htpasswd $htaccess
|
||||
chgrp $user $htpasswd $htaccess
|
||||
sed -i "/^$auth_user:/d" $htpasswd
|
||||
echo "$auth_user:$auth_hash" >> $htpasswd
|
||||
|
||||
# Restarting web server
|
||||
if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then
|
||||
$BIN/v-restart-web
|
||||
if [ -n "$PROXY_SYSTEM" ]; then
|
||||
$BIN/v-restart-proxy
|
||||
fi
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Hestia #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Preparing web.conf keys
|
||||
if [ -n "$AUTH_USER" ]; then
|
||||
auth_user="$AUTH_USER:$auth_user"
|
||||
auth_hash="$AUTH_HASH:$auth_hash"
|
||||
else
|
||||
# Adding new key into web.conf
|
||||
add_object_key "web" 'DOMAIN' "$domain" 'AUTH_USER' 'U_DISK'
|
||||
add_object_key "web" 'DOMAIN' "$domain" 'AUTH_HASH' 'U_DISK'
|
||||
fi
|
||||
|
||||
# Updating config
|
||||
update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_USER' "$auth_user"
|
||||
update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash"
|
||||
|
||||
# Logging
|
||||
$BIN/v-log-action "$user" "Info" "Web" "Password protection enabled (Domain: $domain, Username: $httpauth_user)."
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
Reference in New Issue
Block a user