|
|
@@ -0,0 +1,166 @@
|
|
|
+#!/bin/bash
|
|
|
+#
|
|
|
+# setup_testenv.sh — Local test environment setup for Feuerwehr Getränkeautomat Status
|
|
|
+# Usage: sudo bash setup_testenv.sh
|
|
|
+# Prerequisite: Project must already be located under /var/www
|
|
|
+#
|
|
|
+
|
|
|
+set -euo pipefail
|
|
|
+
|
|
|
+# ── Determine project root (directory containing this script) ──────────────
|
|
|
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
+PROJECT_ROOT="$SCRIPT_DIR"
|
|
|
+
|
|
|
+# ── 1. Install Apache, PHP, and required modules ────────────────────────────
|
|
|
+echo "→ Installing Apache (httpd), PHP, and required modules..."
|
|
|
+
|
|
|
+sudo dnf install -y httpd php php-json php-mbstring php-xml jq
|
|
|
+
|
|
|
+echo "✓ Packages installed"
|
|
|
+
|
|
|
+# ── 2. Verify project is under /var/www ───────────────────────────────────
|
|
|
+if [[ "$PROJECT_ROOT" != /var/www* ]]; then
|
|
|
+ echo "ERROR: Project must be located under /var/www"
|
|
|
+ echo " Current location: $PROJECT_ROOT"
|
|
|
+ echo " Please move the project to /var/www (e.g. /var/www/feuerwehr-getraenkeautomat-status)"
|
|
|
+ echo " and run this script again from that location."
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+echo "✓ Project location verified: $PROJECT_ROOT"
|
|
|
+
|
|
|
+# ── 3. Update data/config.json to set base_path to /automat/ ───────────────
|
|
|
+CONFIG_FILE="$PROJECT_ROOT/data/config.json"
|
|
|
+
|
|
|
+if [[ ! -f "$CONFIG_FILE" ]]; then
|
|
|
+ echo "ERROR: Config file not found: $CONFIG_FILE"
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+echo "→ Updating config: app.base_path → /automat/"
|
|
|
+
|
|
|
+jq '.app.base_path = "/automat/"' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
|
|
|
+mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"
|
|
|
+
|
|
|
+echo "✓ Config updated"
|
|
|
+
|
|
|
+# ── 4. Set ownership and permissions for Apache + current user ─────────────
|
|
|
+CURRENT_USER=$(whoami)
|
|
|
+APACHE_USER="apache"
|
|
|
+APACHE_GROUP="apache"
|
|
|
+
|
|
|
+echo "→ Setting permissions for user '$CURRENT_USER' and Apache user '$APACHE_USER'..."
|
|
|
+
|
|
|
+# Ensure ACL support is available
|
|
|
+if ! command -v setfacl &>/dev/null; then
|
|
|
+ echo " Installing ACL tools..."
|
|
|
+ dnf install -y acl
|
|
|
+fi
|
|
|
+
|
|
|
+# Set ACLs so both the current user and Apache can read/write
|
|
|
+setfacl -R -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$PROJECT_ROOT"
|
|
|
+setfacl -R -d -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$PROJECT_ROOT"
|
|
|
+
|
|
|
+# Also ensure the data directory itself is writable
|
|
|
+chmod 0775 "$PROJECT_ROOT/data"
|
|
|
+chmod 0664 "$PROJECT_ROOT/data/"*.json 2>/dev/null || true
|
|
|
+
|
|
|
+echo "✓ Permissions configured (ACLs set for $CURRENT_USER and $APACHE_USER)"
|
|
|
+
|
|
|
+# ── 5. Create Apache alias config for /automat ─────────────────────────────
|
|
|
+APACHE_CONF="/etc/httpd/conf.d/automat.conf"
|
|
|
+
|
|
|
+echo "→ Creating Apache configuration: $APACHE_CONF"
|
|
|
+
|
|
|
+sudo cat > "$APACHE_CONF" << EOF
|
|
|
+Alias /automat "$PROJECT_ROOT"
|
|
|
+
|
|
|
+<Directory "$PROJECT_ROOT">
|
|
|
+ Options Indexes FollowSymLinks
|
|
|
+ AllowOverride All
|
|
|
+ Require all granted
|
|
|
+</Directory>
|
|
|
+EOF
|
|
|
+
|
|
|
+echo "✓ Apache configuration written"
|
|
|
+
|
|
|
+# ── 6. Enable and start httpd ─────────────────────────────────────────────
|
|
|
+echo "→ Enabling and starting httpd..."
|
|
|
+
|
|
|
+systemctl enable httpd
|
|
|
+systemctl restart httpd
|
|
|
+
|
|
|
+echo "✓ Apache (httpd) is running"
|
|
|
+
|
|
|
+# ── 7. Configure SELinux permissions ─────────────────────────────────────
|
|
|
+echo "→ Configuring SELinux permissions..."
|
|
|
+
|
|
|
+# Check if SELinux is enabled
|
|
|
+if command -v getenforce &>/dev/null; then
|
|
|
+ SELINUX_STATUS=$(getenforce 2>/dev/null || echo "Disabled")
|
|
|
+ if [[ "$SELINUX_STATUS" != "Disabled" && "$SELINUX_STATUS" != "Permissive" ]]; then
|
|
|
+ echo " SELinux is enabled ($SELINUX_STATUS), setting contexts..."
|
|
|
+
|
|
|
+ # Install SELinux tools if not present
|
|
|
+ if ! command -v semanage &>/dev/null; then
|
|
|
+ echo " Installing SELinux management tools..."
|
|
|
+ sudo dnf install -y policycoreutils-python-utils
|
|
|
+ fi
|
|
|
+
|
|
|
+ # Set SELinux context for web content (readable by httpd)
|
|
|
+ echo " → Setting httpd_sys_content_t context for project files..."
|
|
|
+ sudo semanage fcontext -a -t httpd_sys_content_t "$PROJECT_ROOT(/.*)?" 2>/dev/null || \
|
|
|
+ sudo semanage fcontext -m -t httpd_sys_content_t "$PROJECT_ROOT(/.*)?" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Set SELinux context for data directory (writable by httpd/PHP)
|
|
|
+ echo " → Setting httpd_sys_rw_content_t context for data directory..."
|
|
|
+ sudo semanage fcontext -a -t httpd_sys_rw_content_t "$PROJECT_ROOT/data(/.*)?" 2>/dev/null || \
|
|
|
+ sudo semanage fcontext -m -t httpd_sys_rw_content_t "$PROJECT_ROOT/data(/.*)?" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Apply the contexts
|
|
|
+ sudo restorecon -Rv "$PROJECT_ROOT" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Allow httpd to read/write to the data directory via PHP
|
|
|
+ echo " → Setting SELinux boolean: httpd_can_network_connect..."
|
|
|
+ sudo setsebool -P httpd_can_network_connect on 2>/dev/null || true
|
|
|
+
|
|
|
+ # If using PHP-FPM, allow httpd to connect to FPM socket
|
|
|
+ if systemctl is-active php-fpm &>/dev/null; then
|
|
|
+ echo " → Allowing httpd to connect to PHP-FPM..."
|
|
|
+ sudo setsebool -P httpd_can_network_relay on 2>/dev/null || true
|
|
|
+ fi
|
|
|
+
|
|
|
+ echo "✓ SELinux contexts configured"
|
|
|
+ else
|
|
|
+ echo " SELinux is $SELINUX_STATUS, skipping SELinux configuration"
|
|
|
+ fi
|
|
|
+else
|
|
|
+ echo " (SELinux tools not found, skipping SELinux configuration)"
|
|
|
+fi
|
|
|
+
|
|
|
+# ── 8. Open firewall for HTTP ─────────────────────────────────────────────
|
|
|
+echo "→ Configuring firewall for HTTP..."
|
|
|
+
|
|
|
+if command -v firewall-cmd &>/dev/null; then
|
|
|
+ firewall-cmd --permanent --add-service=http 2>/dev/null || true
|
|
|
+ firewall-cmd --reload 2>/dev/null || true
|
|
|
+ echo "✓ Firewall updated (HTTP service added)"
|
|
|
+else
|
|
|
+ echo " (firewall-cmd not found, skipping firewall configuration)"
|
|
|
+fi
|
|
|
+
|
|
|
+# ── Done ───────────────────────────────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "========================================"
|
|
|
+echo " Setup complete!"
|
|
|
+echo "========================================"
|
|
|
+echo ""
|
|
|
+echo " Project root : $PROJECT_ROOT"
|
|
|
+echo " Served at : http://localhost/automat/"
|
|
|
+echo ""
|
|
|
+echo " Next steps:"
|
|
|
+echo " 1. Open http://localhost/automat/ in your browser"
|
|
|
+echo " 2. Check httpd status: sudo systemctl status httpd"
|
|
|
+echo " 3. Check PHP errors: $PROJECT_ROOT/data/php_errors.log"
|
|
|
+echo " 4. Check SELinux denials: sudo ausearch -m AVC -ts recent"
|
|
|
+echo ""
|
