#!/bin/bash # # setup_testenv.sh — Local test environment setup for Feuerwehr Getränkeautomat Status # Usage: sudo bash setup_testenv.sh # Prerequisite: Project must already be located under /var/www # set -euo pipefail # ── Determine project root (directory containing this script) ────────────── SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$SCRIPT_DIR" # ── 1. Install Apache, PHP, and required modules ──────────────────────────── echo "→ Installing Apache (httpd), PHP, and required modules..." sudo dnf install -y httpd php php-json php-mbstring php-xml jq echo "✓ Packages installed" # ── 2. Verify project is under /var/www ─────────────────────────────────── if [[ "$PROJECT_ROOT" != /var/www* ]]; then echo "ERROR: Project must be located under /var/www" echo " Current location: $PROJECT_ROOT" echo " Please move the project to /var/www (e.g. /var/www/feuerwehr-getraenkeautomat-status)" echo " and run this script again from that location." exit 1 fi echo "✓ Project location verified: $PROJECT_ROOT" # ── 3. Update data/config.json to set base_path to /automat/ ─────────────── CONFIG_FILE="$PROJECT_ROOT/data/config.json" if [[ ! -f "$CONFIG_FILE" ]]; then echo "ERROR: Config file not found: $CONFIG_FILE" exit 1 fi echo "→ Updating config: app.base_path → /automat/" jq '.app.base_path = "/automat/"' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp" mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE" echo "✓ Config updated" # ── 4. Set ownership and permissions for Apache + current user ───────────── CURRENT_USER=$(whoami) APACHE_USER="apache" APACHE_GROUP="apache" echo "→ Setting permissions for user '$CURRENT_USER' and Apache user '$APACHE_USER'..." # Ensure ACL support is available if ! command -v setfacl &>/dev/null; then echo " Installing ACL tools..." dnf install -y acl fi # Set ACLs so both the current user and Apache can read/write setfacl -R -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$PROJECT_ROOT" setfacl -R -d -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$PROJECT_ROOT" # Also ensure the data directory itself is writable chmod 0775 "$PROJECT_ROOT/data" chmod 0664 "$PROJECT_ROOT/data/"*.json 2>/dev/null || true echo "✓ Permissions configured (ACLs set for $CURRENT_USER and $APACHE_USER)" # ── 5. Create Apache alias config for /automat ───────────────────────────── APACHE_CONF="/etc/httpd/conf.d/automat.conf" echo "→ Creating Apache configuration: $APACHE_CONF" sudo cat > "$APACHE_CONF" << EOF Alias /automat "$PROJECT_ROOT" Options Indexes FollowSymLinks AllowOverride All Require all granted EOF echo "✓ Apache configuration written" # ── 6. Enable and start httpd ───────────────────────────────────────────── echo "→ Enabling and starting httpd..." systemctl enable httpd systemctl restart httpd echo "✓ Apache (httpd) is running" # ── 7. Configure SELinux permissions ───────────────────────────────────── echo "→ Configuring SELinux permissions..." # Check if SELinux is enabled if command -v getenforce &>/dev/null; then SELINUX_STATUS=$(getenforce 2>/dev/null || echo "Disabled") if [[ "$SELINUX_STATUS" != "Disabled" && "$SELINUX_STATUS" != "Permissive" ]]; then echo " SELinux is enabled ($SELINUX_STATUS), setting contexts..." # Install SELinux tools if not present if ! command -v semanage &>/dev/null; then echo " Installing SELinux management tools..." sudo dnf install -y policycoreutils-python-utils fi # Set SELinux context for web content (readable by httpd) echo " → Setting httpd_sys_content_t context for project files..." sudo semanage fcontext -a -t httpd_sys_content_t "$PROJECT_ROOT(/.*)?" 2>/dev/null || \ sudo semanage fcontext -m -t httpd_sys_content_t "$PROJECT_ROOT(/.*)?" 2>/dev/null || true # Set SELinux context for data directory (writable by httpd/PHP) echo " → Setting httpd_sys_rw_content_t context for data directory..." sudo semanage fcontext -a -t httpd_sys_rw_content_t "$PROJECT_ROOT/data(/.*)?" 2>/dev/null || \ sudo semanage fcontext -m -t httpd_sys_rw_content_t "$PROJECT_ROOT/data(/.*)?" 2>/dev/null || true # Apply the contexts sudo restorecon -Rv "$PROJECT_ROOT" 2>/dev/null || true # Allow httpd to read/write to the data directory via PHP echo " → Setting SELinux boolean: httpd_can_network_connect..." sudo setsebool -P httpd_can_network_connect on 2>/dev/null || true # If using PHP-FPM, allow httpd to connect to FPM socket if systemctl is-active php-fpm &>/dev/null; then echo " → Allowing httpd to connect to PHP-FPM..." sudo setsebool -P httpd_can_network_relay on 2>/dev/null || true fi echo "✓ SELinux contexts configured" else echo " SELinux is $SELINUX_STATUS, skipping SELinux configuration" fi else echo " (SELinux tools not found, skipping SELinux configuration)" fi # ── 8. Open firewall for HTTP ───────────────────────────────────────────── echo "→ Configuring firewall for HTTP..." if command -v firewall-cmd &>/dev/null; then firewall-cmd --permanent --add-service=http 2>/dev/null || true firewall-cmd --reload 2>/dev/null || true echo "✓ Firewall updated (HTTP service added)" else echo " (firewall-cmd not found, skipping firewall configuration)" fi # ── Done ─────────────────────────────────────────────────────────────────── echo "" echo "========================================" echo " Setup complete!" echo "========================================" echo "" echo " Project root : $PROJECT_ROOT" echo " Served at : http://localhost/automat/" echo "" echo " Next steps:" echo " 1. Open http://localhost/automat/ in your browser" echo " 2. Check httpd status: sudo systemctl status httpd" echo " 3. Check PHP errors: $PROJECT_ROOT/data/php_errors.log" echo " 4. Check SELinux denials: sudo ausearch -m AVC -ts recent" echo ""