From 461ce697b3f02dfe83059f47ad9aca95ae5cc401 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <msb@stackaas.com>
Date: Tue, 19 Jul 2022 13:18:12 -0700
Subject: [PATCH] webalizer install and configs

---
 etc/apache2/mods-available/macro.conf |  10 +++
 etc/cron.daily/webalizer              |  26 +++++++
 etc/logrotate.d/apache2               |  23 ++++++
 install.sh                            |  69 +++++++++--------
 sbin/split-apache-logfile.pl          | 103 ++++++++++++++++++++++++++
 5 files changed, 201 insertions(+), 30 deletions(-)
 create mode 100755 etc/cron.daily/webalizer
 create mode 100644 etc/logrotate.d/apache2
 create mode 100755 sbin/split-apache-logfile.pl

diff --git a/etc/apache2/mods-available/macro.conf b/etc/apache2/mods-available/macro.conf
index 2bc6aba..77a5770 100644
--- a/etc/apache2/mods-available/macro.conf
+++ b/etc/apache2/mods-available/macro.conf
@@ -79,6 +79,16 @@
     </FilesMatch>
     SSLEngine on
     SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
+    Alias /stats /srv/www/$vhost/stats
+    AddExternalAuth pwauth /usr/sbin/pwauth
+    SetExternalAuthMethod pwauth pipe
+    <Location /stats>
+      AuthType Basic
+      AuthName "Usage Statistics for $vhost"
+      AuthBasicProvider external
+      AuthExternal pwauth
+      Require user $username
+    </Location>
   </VirtualHost>
 </Macro>
 
diff --git a/etc/cron.daily/webalizer b/etc/cron.daily/webalizer
new file mode 100755
index 0000000..c9d9b37
--- /dev/null
+++ b/etc/cron.daily/webalizer
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# purge dns cache records older than 7 days
+if [[ -f /var/lib/webalizer_dns_cache.db ]]; then
+  /usr/bin/wcmgr -p7 /var/lib/webalizer_dns_cache.db
+fi
+
+# set virtualhosts array
+virtualhosts=(`ls -1 /srv/www|grep -v ^html$`)
+
+# only proceed if there are one or more virtualhosts
+if [ ${#virtualhosts[@]} -gt 0 ]; then
+  for virtualhost in "${virtualhosts[@]}"
+  do
+    if [[ -f /var/spool/apache2/$virtualhost.log ]]; then
+      user=$(stat -c '%U' /srv/www/$virtualhost)
+      if [[ ! -d /srv/www/$virtualhost/stats ]]; then
+        install --owner=$user --group=$user --mode=755 --directory /srv/www/$virtualhost/stats
+      fi
+      /usr/bin/webazolver -Q -N 20 -D /var/lib/webalizer_dns_cache.db -o /srv/www/$virtualhost/stats /var/spool/apache2/$virtualhost.log
+      /usr/bin/logger Running Webalizer for $virtualhost as user $user
+      su --shell=/bin/bash -c "/usr/bin/webalizer -Q -D /var/lib/webalizer_dns_cache.db -N 0 -p -f -n $virtualhost -o /srv/www/$virtualhost/stats /var/spool/apache2/$virtualhost.log" $user
+      /usr/bin/rm /var/spool/apache2/$virtualhost.log
+    fi
+  done
+fi
diff --git a/etc/logrotate.d/apache2 b/etc/logrotate.d/apache2
new file mode 100644
index 0000000..1008679
--- /dev/null
+++ b/etc/logrotate.d/apache2
@@ -0,0 +1,23 @@
+/var/log/apache2/*.log {
+        daily
+        missingok
+        rotate 8
+        compress
+        delaycompress
+        ifempty
+        create 640 root adm
+        sharedscripts
+        postrotate
+                if invoke-rc.d apache2 status > /dev/null 2>&1; then \
+                    invoke-rc.d apache2 reload > /dev/null 2>&1; \
+                fi;
+                if [ -f /var/log/apache2/access.log.1 ]; then
+                  /usr/local/sbin/split-apache-logfile.pl < /var/log/apache2/access.log.1
+                fi
+        endscript
+        prerotate
+                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+                        run-parts /etc/logrotate.d/httpd-prerotate; \
+                fi; \
+        endscript
+}
diff --git a/install.sh b/install.sh
index 3ecd68c..950cdee 100755
--- a/install.sh
+++ b/install.sh
@@ -127,11 +127,36 @@ else
   install --owner=vhost --group=vhost --mode=755 --directory /srv/www/html
 fi
 
+# Webalizer
+apt -y install webalizer
+cp etc/logrotate.d/apache2 /etc/logrotate.d/apache2
+chmod 644 /etc/logrotate.d/apache2
+cp etc/cron.daily/webalizer /etc/cron.daily/webalizer
+chmod 755 /etc/cron.daily/webalizer
+rmdir /srv/www/webalizer
+
 # install status.php
 cp html/status.php /srv/www/html
 chmod 644 /srv/www/html/status.php
 chown vhost:vhost /srv/www/html/status.php
 
+# phpMyAdmin
+apt -y install php-bz2 php-tcpdf
+cd /usr/local/src
+wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.gz
+tar zxf phpMyAdmin-5.1.1-all-languages.tar.gz
+rm -r phpMyAdmin-5.1.1-all-languages/setup/
+if [ -d "phpMyAdmin-5.1.1-all-languages/test/" ]; then
+  rm -r phpMyAdmin-5.1.1-all-languages/test/
+fi
+mv phpMyAdmin-5.1.1-all-languages /srv/www/html/phpMyAdmin
+cp html/phpMyAdmin/config.inc.php /srv/www/html/phpMyAdmin/config.inc.php
+blowfish_secret=`pwgen 32 -1`
+sed -i "s|changeme|$blowfish_secret|g" /srv/www/html/phpMyAdmin/config.inc.php
+find /srv/www/html/phpMyAdmin -type d -exec chmod 755 {} +
+find /srv/www/html/phpMyAdmin -type f -exec chmod 644 {} +
+chown -R vhost:vhost /srv/www/html/phpMyAdmin
+
 # jailkit
 apt -y install jailkit
 # bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
@@ -156,6 +181,16 @@ echo "[ruby]" >> /etc/jailkit/jk_init.ini
 echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini
 echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini
 
+# varnish
+apt -y install varnish
+# systemctl disable varnish
+# service varnish stop
+cp -a etc/varnish/* /etc/varnish/
+find /etc/varnish/ -type d -exec chmod 755 {} +
+find /etc/varnish/ -type f -exec chmod 644 {} +
+chown -R root:root /etc/varnish/
+## /usr/bin/varnishncsa
+
 mkdir /usr/jails
 if ! [ -d "/usr/local/libexec" ]; then
   install --owner=root --group=root --mode=755 --directory /usr/local/libexec
@@ -169,20 +204,6 @@ if ! [ -f "/etc/fstab.jails" ]; then
   echo "# /etc/fstab.jails: jail bind mounts information." > /etc/fstab.jails
 fi
 
-# varnish
-apt -y install varnish
-# systemctl disable varnish
-# service varnish stop
-cp -a etc/varnish/* /etc/varnish/
-find /etc/varnish/ -type d -exec chmod 755 {} +
-find /etc/varnish/ -type f -exec chmod 644 {} +
-chown -R root:root /etc/varnish/
-## /usr/bin/varnishncsa
-
-# install vhost scripts
-chmod 755 bin/*
-cp bin/* /usr/local/bin/
-
 # mini_sendmail so users can send out of jails
 cd /usr/local/src
 wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.9.tar.gz
@@ -193,19 +214,7 @@ cp mini_sendmail /usr/local/sbin
 gzip mini_sendmail.8
 cp mini_sendmail.8.gz /usr/local/share/man/man8
 
-# phpMyAdmin
-apt -y install php-bz2 php-tcpdf
-cd /usr/local/src
-wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.gz
-tar zxf phpMyAdmin-5.1.1-all-languages.tar.gz
-rm -r phpMyAdmin-5.1.1-all-languages/setup/
-if [ -d "phpMyAdmin-5.1.1-all-languages/test/" ]; then
-  rm -r phpMyAdmin-5.1.1-all-languages/test/
-fi
-mv phpMyAdmin-5.1.1-all-languages /srv/www/html/phpMyAdmin
-cp html/phpMyAdmin/config.inc.php /srv/www/html/phpMyAdmin/config.inc.php
-blowfish_secret=`pwgen 32 -1`
-sed -i "s|changeme|$blowfish_secret|g" /srv/www/html/phpMyAdmin/config.inc.php
-find /srv/www/html/phpMyAdmin -type d -exec chmod 755 {} +
-find /srv/www/html/phpMyAdmin -type f -exec chmod 644 {} +
-chown -R vhost:vhost /srv/www/html/phpMyAdmin
+# install vhost scripts
+chmod 755 bin/*
+cp bin/* /usr/local/bin/
+
diff --git a/sbin/split-apache-logfile.pl b/sbin/split-apache-logfile.pl
new file mode 100755
index 0000000..4568a8d
--- /dev/null
+++ b/sbin/split-apache-logfile.pl
@@ -0,0 +1,103 @@
+#!/usr/bin/perl
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Modified 2022 by Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
+# to work with vhost-stack https://git.stack-source.com/msb/vhost-stack
+#
+#
+# This script will take a combined Web server access
+# log file and break its contents into separate files.
+# It assumes that the first field of each line is the
+# virtual host identity (put there by "%v"), and that
+# the logfiles should be named that+".log" in the current
+# directory.
+#
+# The combined log file is read from stdin. Records read
+# will be appended to any existing log files.
+#
+# use strict;
+use warnings;
+
+my %log_file = ();
+
+# read all files from /srv/www
+opendir(DIR, "/srv/www") or die "couldn't open /srv/www/ to get list of virtualhosts: $!\n";
+my @dir = readdir DIR;
+closedir DIR;
+
+# create virtualhosts array from /srv/www listing
+my %virtualhosts = ();
+foreach $virtualhost (@dir) {
+  if ($virtualhost ne "." && $virtualhost ne ".." && $virtualhost ne "html") {
+    if (-d "/srv/www/$virtualhost") {
+      $virtualhosts{ $virtualhost } = $virtualhost;
+    }
+  }
+}
+
+# set spool dir for temporary apache files
+$spool_dir="/var/spool/apache2";
+
+# remove any previous files from spool dir
+system("/usr/bin/find $spool_dir -type f -name '*.log' -exec rm {} +");
+
+while (my $log_line = <STDIN>) {
+    #
+    # Get the first token from the log record; it's the
+    # identity of the virtual host to which the record
+    # applies.
+    #
+    my ($vhost) = split (/\s/, $log_line);
+    #
+    # Normalize the virtual host name to all lowercase.
+    # If it's blank, the request was handled by the default
+    # server, so supply a default name.  This shouldn't
+    # happen, but caution rocks.
+    #
+    $vhost = lc ($vhost) || "access";
+    #
+    # Strip of leading www.
+    #
+    $vhost =~ s/^www\.//;
+    #
+    # Strip of the trailing port number
+    #
+    $vhost =~ s/\:.*//;
+    #
+    # if the vhost contains a "/" or "\", it is illegal so just use
+    # the default log to avoid any security issues due if it is interprted
+    # as a directory separator.
+    if ($vhost =~ m#[/\\]#) { $vhost = "access" }
+    #
+    # If the log file for this virtual host isn't opened
+    # yet, do it now.
+    #
+    if (exists($virtualhosts{$vhost})) {
+      if (! $log_file{$vhost}) {
+          open $log_file{$vhost}, ">>$spool_dir/${vhost}.log"
+              or die ("Can't open $spool_dir/${vhost}.log");
+      }
+      #
+      # Strip off the first token (which may be null in the
+      # case of the default server), and write the edited
+      # record to the current log file.
+      #
+      $log_line =~ s/^\S*\s+//;
+      print {$log_file{$vhost}} $log_line;
+    }
+}
+exit 0;