Mailing-List: contact cloudstack-commits-help@incubator.apache.org;
 run by ezmlm
Precedence: bulk
Reply-To: cloudstack-dev@incubator.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: ahuang@apache.org
To: cloudstack-commits@incubator.apache.org
Subject: [41/50] [abbrv] git commit: VPC : configure apache2 for each guest
 network
Message-Id: <20120910205552.E1A1F35239@tyr.zones.apache.org>
Date: Mon, 10 Sep 2012 20:55:52 +0000 (UTC)

VPC : configure apache2 for each guest network


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/ba052246
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/ba052246
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/ba052246

Branch: refs/heads/4.0
Commit: ba0522461dd100dfdb16869b40b41003561b05e6
Parents: 5756a2a
Author: anthony <anthony@cloud.com>
Authored: Fri Jul 6 16:08:34 2012 -0700
Committer: Anthony Xu <anthony@cloud.com>
Committed: Fri Sep 7 18:10:42 2012 -0700

----------------------------------------------------------------------
 .../debian/config/etc/init.d/cloud-early-config    |   21 +++++++++++++++
 .../debian/config/opt/cloud/bin/vpc_acl.sh         |    1 -
 .../debian/config/opt/cloud/bin/vpc_guestnw.sh     |   12 --------
 3 files changed, 21 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/etc/init.d/cloud-early-config
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 236abbd..a7f9b70 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -394,6 +394,26 @@ setup_sshd(){
   [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
 }
 
+
+setup_vpc_apache2() {
+  log_it "Setting up apache web server for VPC"
+  chkconfig apache2 off
+  rm -f /etc/apache2/conf.d/vhost*.conf
+  [ -f /etc/apache2/sites-available/default ] && echo "" >/etc/apache2/sites-available/default
+  [ -f /etc/apache2/sites-available/default-ssl ] && echo "">/etc/apache2/sites-available/default-ssl
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
+
+  # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
+  [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
+
+  echo "Options -Indexes" > /var/www/html/.htaccess
+}
+
+
 setup_apache2() {
   log_it "Setting up apache web server"
   local ip=$1
@@ -611,6 +631,7 @@ EOF
 
   echo "$ETH0_IP $NAME" >> /etc/hosts
   setup_sshd $ETH0_IP
+  setup_vpc_apache2
 
   enable_svc dnsmasq 1
   enable_svc haproxy 1

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
index 4ebed3a..8a207e8 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
@@ -89,7 +89,6 @@ acl_chain_for_guest_network () {
   sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev  2>/dev/null
   # outbound
   sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
   sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
 }
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ba052246/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index ee9960c..7331c53 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -65,18 +65,6 @@ setup_apache2() {
   sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf
   sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
   sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf
-  if [ -e "/etc/apache2/sites-enabled/000-default" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/000-default
-  fi
-  if [ -e "/etc/apache2/sites-enabled/default-ssl" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/default-ssl
-  fi
-  if [ -e "/etc/apache2/ports.conf" ]
-  then
-    sed -i -e "s/^#*/#/g" /etc/apache2/ports.conf
-  fi
   service apache2 restart
   sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
 }