script to quickly create vhost + dir + chrooted sftp user

Attention ! This script is a draft. A lot of checks are not made.

Note: This require a little configuration in /etc/ssh/sshd_config

#!/bin/bash
# File : new-site
# Author: Michaël Marinetti
# Description: Create a new vhost named "foo.com", for the user "foo"
# and add him to the sftp user (which is chrooted).
# Default vhost does not allow php.
#
# Created : 2012-07-21
# Modified :
#
# CHANGELOG
#
# TODO
# * apache check vhost syntax
# * template file for vhost
# * config file for default values
# * add --help and --verbose
# *

DEFAULT_MAIL=default.mail.to.use@example.com
# ServerAdmin mail
ADMINMAIL=admin@example.com

sitename="$1"
usermail="$2"

apache_sites_dir=/etc/apache2/sites-available
base_dir=/home/web
if (test "$usermail" = "" ) then
usermail=$DEFAULT_MAIL

fi

if (test "$sitename" = "" ) then
echo "error, sitename empty. USAGE: new-site [sitename] [user email]"
exit 1
fi

# test if this name is valid and available
valid_name=`echo "$sitename"|grep '^[0-9a-z.-]*\.\(com\|net\|fr\|org\|info\)$'`

if ( test "$valid_name" != "$sitename") then
echo "invalid domain name: must match the regex #^[a-z.-]*\.(com|net|fr|org|info)$#"
exit 2
fi

user=$(echo $sitename|sed 's#\(.*\)\.[^.]*#\1#' )

if ( test -e "$base_dir/$user" ) then
echo "oO, directory already exists"
exit 3
fi

if ( test -e "$apache_sites_dir/$sitename" ) then
echo "oO, vhost already exists"
exit 4
else
echo "no vhost of that name present (this is normal) "
fi

# creating user for that directory only :)
# username is, by default, the domain name without ".fr/.com" at the end
user=$(echo $sitename|sed 's#\(.*\)\.[^.]*#\1#' )
# let's generate an easy to remember random password with apg
pass=`apg -q -a 0 -n 1 -M NCL`
pass_crypted=$(perl -e "print crypt($pass, 'password')");

# creating directory with correct rights :)
mkdir -p $base_dir/$user/www $base_dir/$user/prive

useradd -s /bin/false -M -d $base_dir/$user -g sftp -p $pass_crypted $user
if (test $? -eq 0 ) then
echo "user $user created."
else
echo "User $user NOT CREATED...... MAYBE ALREADY EXIST ?"
fi

chown root:sftp $base_dir/$user -R && chmod 755 $base_dir/$user/www -R

chmod g+w $base_dir/$user/www $base_dir/$usr/prive
#@TODO use a template file
echo "ici" > $base_dir/$user/www/index.html

chmod +x $base_dir/$user -R

tmpfile=`mktemp`

vhost_def="
ServerAdmin $ADMINMAIL
ServerName $sitename
ServerAlias www.$sitename

php_admin_value engine off

Options FollowSymLinks
AllowOverride None


DocumentRoot /home/web/$user/www

Options FollowSymLinks
AllowOverride None


Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all


# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
ErrorLog \${APACHE_LOG_DIR}/error-$sitename.log
CustomLog \${APACHE_LOG_DIR}/access-$sitename.log combined

"
echo "$vhost_def" > $tmpfile

echo "$vhost_def"

echo "Validate (no will open edit) (y/n) ?"
read pouet
if (test "$pouet" != "y" -a "$pouet" != "Y") then
echo "Edition vhost ..."
# vim +":r! cat $tmpfile" $apache_sites_dir/$sitename
vim $tmpfile
fi

cp $tmpfile $apache_sites_dir/$sitename
# always cleaning after works is done
rm $tmpfile

echo "I'm really proud of that script which
- create vhost
- create sftp user and chroot him.
- m'envoie tout ça !

host $sitename
user $user
pass $pass
"|mail -s "sftp - new user password" $usermail
# how to handle password ?
# passwd
# how to send all this informations :p

# enabling vhost
a2ensite $sitename

# reload apache :)
service apache2 restart

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée.