#!/bin/bash ############################################################################# # Web Server Configuration Paths # Derives web server-specific configuration directories and files # Must be sourced AFTER lib/system-detect.sh has set SYS_* variables ############################################################################# # Source guard if [ -n "${_WEB_SERVER_CONFIG_LOADED:-}" ]; then return 0 fi readonly _WEB_SERVER_CONFIG_LOADED=1 ############################################################################# # APACHE/HTTPD CONFIGURATION ############################################################################# derive_apache_config() { if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then # Ubuntu/Debian Apache2 export SYS_APACHE_MAIN_CONFIG="/etc/apache2/apache2.conf" export SYS_APACHE_CONFIG_DIR="/etc/apache2" export SYS_APACHE_MODS_DIR="/etc/apache2/mods-enabled" export SYS_APACHE_MODS_AVAILABLE_DIR="/etc/apache2/mods-available" export SYS_APACHE_SITES_DIR="/etc/apache2/sites-enabled" export SYS_APACHE_SITES_AVAILABLE_DIR="/etc/apache2/sites-available" export SYS_APACHE_CONF_DIR="/etc/apache2/conf-enabled" export SYS_APACHE_CONF_AVAILABLE_DIR="/etc/apache2/conf-available" export SYS_APACHE_DEFAULT_SITE="/etc/apache2/sites-enabled/000-default.conf" else # RHEL/CentOS/AlmaLinux export SYS_APACHE_MAIN_CONFIG="/etc/httpd/conf/httpd.conf" export SYS_APACHE_CONFIG_DIR="/etc/httpd/conf" export SYS_APACHE_MODS_DIR="/etc/httpd/modules" export SYS_APACHE_CONF_DIR="/etc/httpd/conf.d" export SYS_APACHE_VHOSTS_DIR="/etc/httpd/conf.d" export SYS_APACHE_DEFAULT_SITE="/etc/httpd/conf.d/welcome.conf" fi # Modules commonly checked export SYS_APACHE_MOD_SSL="/etc/apache2/mods-enabled/ssl.conf" export SYS_APACHE_MOD_DEFLATE="/etc/apache2/mods-enabled/deflate.conf" export SYS_APACHE_MOD_REWRITE="/etc/apache2/mods-enabled/rewrite.load" # Common cPanel/cPanel EasyApache paths if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then export SYS_APACHE_CPANEL_INCLUDES="/etc/apache2/conf.d/includes" export SYS_APACHE_CPANEL_MAIN_GLOBAL="/etc/apache2/conf.d/includes/pre_main_global.conf" export SYS_APACHE_CPANEL_VHOST_DIR="/etc/httpd/conf.d" fi } ############################################################################# # NGINX CONFIGURATION ############################################################################# derive_nginx_config() { export SYS_NGINX_MAIN_CONFIG="/etc/nginx/nginx.conf" export SYS_NGINX_CONFIG_DIR="/etc/nginx" export SYS_NGINX_CONF_DIR="/etc/nginx/conf.d" export SYS_NGINX_SITES_DIR="/etc/nginx/sites-enabled" export SYS_NGINX_SITES_AVAILABLE_DIR="/etc/nginx/sites-available" export SYS_NGINX_DEFAULT_SITE="/etc/nginx/sites-enabled/default.conf" # Common Nginx modules/settings export SYS_NGINX_FASTCGI_PARAMS="/etc/nginx/fastcgi_params" export SYS_NGINX_PROXY_PARAMS="/etc/nginx/proxy_params" } ############################################################################# # LITESPEED CONFIGURATION ############################################################################# derive_litespeed_config() { export SYS_LITESPEED_HOME="/usr/local/lsws" export SYS_LITESPEED_CONF_DIR="/usr/local/lsws/conf" export SYS_LITESPEED_CONFIG="/usr/local/lsws/conf/httpd_config.conf" export SYS_LITESPEED_VHOSTS_DIR="/usr/local/lsws/conf/vhconf.conf.d" export SYS_LITESPEED_LOGS_DIR="/usr/local/lsws/logs" } ############################################################################# # SECURITY & PROTECTION MODULES ############################################################################# derive_security_modules() { # ModSecurity export SYS_MODSECURITY_CONF="/etc/apache2/mods-enabled/security.conf" export SYS_MODSECURITY_RULES_DIR="/etc/modsecurity" export SYS_MODSECURITY_AUDIT_LOG="/usr/local/apache/logs/modsec_audit.log" # Fail2Ban export SYS_FAIL2BAN_CONFIG="/etc/fail2ban/jail.conf" export SYS_FAIL2BAN_FILTER_DIR="/etc/fail2ban/filter.d" export SYS_FAIL2BAN_ACTION_DIR="/etc/fail2ban/action.d" # CSF Firewall export SYS_CSF_CONFIG="/etc/csf/csf.conf" export SYS_CSF_ALLOW="/etc/csf/csf.allow" export SYS_CSF_DENY="/etc/csf/csf.deny" export SYS_CSF_WHITELIST="/etc/csf/csf.whitelist" export SYS_CSF_REGEX="/etc/csf/csf.regex" } ############################################################################# # CACHING & OPTIMIZATION PATHS ############################################################################# derive_caching_paths() { # Varnish export SYS_VARNISH_CONFIG="/etc/varnish/default.vcl" export SYS_VARNISH_CACHE_DIR="/var/lib/varnish" # Package manager caches case "$SYS_OS_TYPE" in ubuntu|debian) export SYS_PACKAGE_CACHE="/var/cache/apt/archives" export SYS_PACKAGE_LISTS="/var/lib/apt/lists" ;; *) # RHEL/CentOS export SYS_PACKAGE_CACHE="/var/cache/yum" if command -v dnf &>/dev/null; then export SYS_PACKAGE_CACHE="/var/cache/dnf" fi ;; esac # PHP OPcache export SYS_PHP_OPCACHE_DIR="/var/cache/php" } ############################################################################# # SSL/TLS CERTIFICATE PATHS ############################################################################# derive_ssl_paths() { export SYS_SSL_CERT_DIR="/etc/ssl/certs" export SYS_SSL_KEY_DIR="/etc/ssl/private" export SYS_SSL_CONFIG="/etc/ssl/openssl.cnf" # Let's Encrypt export SYS_LETSENCRYPT_DIR="/etc/letsencrypt" export SYS_LETSENCRYPT_LIVE="/etc/letsencrypt/live" export SYS_LETSENCRYPT_ARCHIVE="/etc/letsencrypt/archive" # cPanel/WHM certificates if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then export SYS_CPANEL_SSL_DIR="/usr/local/cpanel/ssl" export SYS_CPANEL_DOMAINS_SSL="/var/cpanel/ssl" fi } ############################################################################# # MAIN DERIVATION FUNCTION ############################################################################# derive_all_web_server_config() { case "$SYS_WEB_SERVER" in apache|httpd) derive_apache_config ;; nginx) derive_nginx_config ;; litespeed|openlitespeed) derive_litespeed_config ;; esac # These apply to all web servers derive_security_modules derive_caching_paths derive_ssl_paths } # Auto-run if sourced with detection complete if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then derive_all_web_server_config fi