#!/bin/bash # info: add password protection for web domain # options: USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART] # # example: v-add-web-domain-httpauth admin acme.com user02 super_pass # # This function is used for securing web domain with http auth #----------------------------------------------------------# # Variables & Functions # #----------------------------------------------------------# # Argument definition user=$1 domain=$2 auth_user=$3 password=$4 HIDE=4 restart=${5-yes} # Includes # shellcheck source=/etc/hestiacp/hestia.conf source /etc/hestiacp/hestia.conf # shellcheck source=/usr/local/hestia/func/main.sh source $HESTIA/func/main.sh # shellcheck source=/usr/local/hestia/func/domain.sh source $HESTIA/func/domain.sh # load config file source_conf "$HESTIA/conf/hestia.conf" # Defining htpasswd file htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd" docroot="$HOMEDIR/$user/web/$domain/public_html" # Perform verification if read-only mode is enabled check_hestia_demo_mode #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]' is_format_valid 'user' 'domain' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" is_password_valid get_domain_values 'web' is_user_format_valid "$auth_user" "Auth user" if [ -n "$(echo "$AUTH_USER" | tr : '\n' | grep ^$auth_user$)" ]; then echo "Error: auth user $auth_user already exists" log_event "$E_EXISTS" "$ARGUMENTS" exit "$E_EXISTS" fi #----------------------------------------------------------# # Action # #----------------------------------------------------------# # Adding htaccess password protection if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then htaccess="$HOMEDIR/$user/conf/web/$domain/nginx.conf_htaccess" shtaccess="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_htaccess" if [ ! -f "$htaccess" ]; then echo "auth_basic \"$domain password access\";" > $htaccess echo "auth_basic_user_file $htpasswd;" >> $htaccess ln -s $htaccess $shtaccess restart_required='yes' fi else htaccess="$HOMEDIR/$user/conf/web/$domain/apache2.conf_htaccess" shtaccess="$HOMEDIR/$user/conf/web/$domain/apache2.ssl.conf_htaccess" if [ ! -f "$htaccess" ]; then echo "" > $htaccess echo " AuthUserFile $htpasswd" >> $htaccess echo " AuthName \"$domain access\"" >> $htaccess echo " AuthType Basic" >> $htaccess echo " Require valid-user" >> $htaccess echo "" >> $htaccess ln -s $htaccess $shtaccess restart_required='yes' fi fi # Adding httpasswd user auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password) touch $htpasswd chmod 644 $htpasswd $htaccess chgrp $user $htpasswd $htaccess sed -i "/^$auth_user:/d" $htpasswd echo "$auth_user:$auth_hash" >> $htpasswd # Restarting web server if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then $BIN/v-restart-web if [ -n "$PROXY_SYSTEM" ]; then $BIN/v-restart-proxy fi fi #----------------------------------------------------------# # Hestia # #----------------------------------------------------------# # Preparing web.conf keys if [ -n "$AUTH_USER" ]; then auth_user="$AUTH_USER:$auth_user" auth_hash="$AUTH_HASH:$auth_hash" else # Adding new key into web.conf add_object_key "web" 'DOMAIN' "$domain" 'AUTH_USER' 'U_DISK' add_object_key "web" 'DOMAIN' "$domain" 'AUTH_HASH' 'U_DISK' fi # Updating config update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_USER' "$auth_user" update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash" # Logging $BIN/v-log-action "$user" "Info" "Web" "Password protection enabled (Domain: $domain, Username: $httpauth_user)." log_event "$OK" "$ARGUMENTS" exit