tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SSL cert issue for phpMyadmin

main
Anthony 2025-10-20 23:36:39 +08:00
parent aa37cc0336
commit 54e5825dd3
1 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
scripts/pma-gateway/create_pma_gateway.sh
View File

@ -30,6 +30,51 @@ else
ENV_HOST=${ENV_HOST#node*-} # strip nodeXXXX- ENV_HOST=${ENV_HOST#node*-} # strip nodeXXXX-
fi fi
# ==============================================================================
# Step 1: Ensure xmlstarlet is installed for safe XML parsing
# ==============================================================================
if ! command -v xmlstarlet &> /dev/null; then
echo "xmlstarlet not found. Installing for safe XML parsing..." >&2
if ! sudo dnf install -y xmlstarlet; then
echo "FATAL: Failed to install xmlstarlet. Cannot safely read LiteSpeed config." >&2
exit 1
fi
fi
# ==============================================================================
# Step 2: Dynamically read SSL configuration from main LiteSpeed config
# ==============================================================================
LITESPEED_CONFIG="/var/www/conf/httpd_config.xml"
KEY_FILE_PATH=""
CERT_FILE_PATH=""
if [[ -f "$LITESPEED_CONFIG" ]]; then
echo "Reading SSL configuration from LiteSpeed main config..." >&2
# Query the main HTTPS listener (port 443) for keyFile and certFile
# This is the most specific and robust XPath
KEY_FILE_PATH=$(sudo xmlstarlet sel -t -v \
"//httpServerConfig/listenerList/listener[name='HTTPS' and secure='1' and address='*:443'][1]/keyFile" \
"$LITESPEED_CONFIG" 2>/dev/null | xargs)
CERT_FILE_PATH=$(sudo xmlstarlet sel -t -v \
"//httpServerConfig/listenerList/listener[name='HTTPS' and secure='1' and address='*:443'][1]/certFile" \
"$LITESPEED_CONFIG" 2>/dev/null | xargs)
fi
# ==============================================================================
# Step 3: Implement fallback to default self-signed certificate
# ==============================================================================
if [[ -z "$KEY_FILE_PATH" ]] || [[ -z "$CERT_FILE_PATH" ]]; then
echo "No custom SSL certificate found. Falling back to default self-signed certificate." >&2
# Use SINGLE quotes to write the literal string "$SERVER_ROOT" to the config,
# not the shell variable. This is critical.
KEY_FILE_PATH='$SERVER_ROOT/ssl/litespeed.key'
CERT_FILE_PATH='$SERVER_ROOT/ssl/litespeed.crt'
else
echo "Using SSL certificate: $CERT_FILE_PATH" >&2
fi
PMADB_DIR="/usr/share/phpMyAdmin" PMADB_DIR="/usr/share/phpMyAdmin"
GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php" GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php"
@ -120,8 +165,8 @@ if [ ! -s "$VHOST_CONFIG" ]; then
RewriteRule ^/nospider/ - [F]</rules> RewriteRule ^/nospider/ - [F]</rules>
</rewrite> </rewrite>
<vhssl> <vhssl>
<keyFile>/var/www/ssl/litespeed.key</keyFile> <keyFile>__KEY_FILE_PLACEHOLDER__</keyFile>
<certFile>/var/www/ssl/litespeed.crt</certFile> <certFile>__CERT_FILE_PLACEHOLDER__</certFile>
<certChain>1</certChain> <certChain>1</certChain>
</vhssl> </vhssl>
<frontPage> <frontPage>
@ -139,6 +184,20 @@ RewriteRule ^/nospider/ - [F]</rules>
</awstats> </awstats>
</virtualHostConfig> </virtualHostConfig>
EOF EOF
# ==============================================================================
# Step 5: Inject the discovered certificate paths using sed
# ==============================================================================
# Escape special characters (/, $, &, \, ') in paths for use with sed
ESCAPED_KEY_PATH=$(printf '%s\n' "$KEY_FILE_PATH" | sed 's/[\/&$\\'"'"']/\\&/g')
ESCAPED_CERT_PATH=$(printf '%s\n' "$CERT_FILE_PATH" | sed 's/[\/&$\\'"'"']/\\&/g')
# Replace placeholders with actual certificate paths
sudo sed -i "s|__KEY_FILE_PLACEHOLDER__|$ESCAPED_KEY_PATH|g" "$VHOST_CONFIG"
sudo sed -i "s|__CERT_FILE_PLACEHOLDER__|$ESCAPED_CERT_PATH|g" "$VHOST_CONFIG"
echo "SSL certificate paths injected into vhost configuration." >&2
NEEDS_RESTART=1 NEEDS_RESTART=1
fi fi