+check_apache_config()
+{
+
+ # Check that mpm_itk is installed and enabled
+ if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_itk'; then
+ # Check Apache version
+ APACHE_DISABLE_MPM_MSG=""
+ if /usr/sbin/apache2ctl -v | grep -q "Server version: Apache/2.4"; then
+ # mpm_event or mpm_worker need to be disabled first. mpm_itk depends
+ # on mpm_prefork, which is enabled if needed. See
+ # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734865
+ if /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_event'; then
+ APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_event ;"
+ elif /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_worker'; then
+ APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_worker ;"
+ # else mpm_prefork: a2enmod mpm_itk works
+ fi
+ # else Apache 2.2: a2enmod mpm_itk works
+ fi
+
+ cat 1>&2 <<EOM
+
+Koha requires mpm_itk to be enabled within Apache in order to run.
+Typically this can be enabled with:
+
+ $APACHE_DISABLE_MPM_MSG sudo a2enmod mpm_itk
+EOM
+
+ die
+ fi
+
+ # Check that mod_rewrite is installed and enabled.
+ if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'rewrite_module'; then
+ cat 1>&2 <<EOM
+
+Koha requires mod_rewrite to be enabled within Apache in order to run.
+Typically this can be enabled with:
+
+ sudo a2enmod rewrite
+EOM
+ die
+ fi
+
+ # Check that the CGI module is installed and enabled
+ # (Apache 2.4 may not have it by default.)
+ if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'cgi_module'; then
+ cat 1>&2 << EOM
+Koha requires mod_cgi to be enabled within Apache in order to run.
+Typically this can be enabled with:
+
+ sudo a2enmod cgi
+EOM
+ die
+ fi
+
+ # Check that mod_ssl is installed and enabled.
+ if [ "$CLO_LETSENCRYPT" = "yes" ]; then
+ if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'ssl_module'; then
+ cat 1>&2 <<EOM
+
+Koha requires mod_ssl to be enabled within Apache in order to run with --letsencrypt.
+Typically this can be enabled with:
+
+ sudo a2enmod ssl
+EOM
+ die
+ fi
+ fi
+
+}
+
+set_biblios_indexing_mode()
+{
+ local indexing_mode=$1
+ local marc_format=$2
+
+ case $indexing_mode in
+ "dom")
+ START_BIBLIOS_RETRIEVAL_INFO=`cat <<EOF
+ <xi:include href="\/etc\/koha\/$marc_format-retrieval-info-bib-dom.xml"\n
+ xmlns:xi="http:\/\/www.w3.org\/2001\/XInclude">\n
+ <xi:fallback>\n
+ <retrievalinfo>
+EOF`
+
+ END_BIBLIOS_RETRIEVAL_INFO=`cat <<EOF
+ <\/retrievalinfo>\n
+ <\/xi:fallback>\n
+ <\/xi:include>
+EOF`
+ BIBLIOS_INDEXING_MODE="dom"
+ ZEBRA_BIBLIOS_CFG="zebra-biblios-dom.cfg"
+ ;;
+ "grs1")
+ START_BIBLIOS_RETRIEVAL_INFO=" <retrievalinfo>"
+ END_BIBLIOS_RETRIEVAL_INFO=" <\/retrievalinfo>"
+ BIBLIOS_INDEXING_MODE="grs1"
+ ZEBRA_BIBLIOS_CFG="zebra-biblios.cfg"
+ ;;
+ *)
+ die "Error: '$indexing_mode' is not a valid indexing mode for bibliographic records."
+ ;;
+ esac
+}
+
+
+set_authorities_indexing_mode()
+{
+ local indexing_mode=$1
+ local marc_format=$2
+
+ case $indexing_mode in
+ "dom")
+ START_AUTHORITIES_RETRIEVAL_INFO=`cat <<EOF
+ <xi:include href="\/etc\/koha\/$marc_format-retrieval-info-auth-dom.xml"\n
+ xmlns:xi="http:\/\/www.w3.org\/2001\/XInclude">\n
+ <xi:fallback>\n
+ <retrievalinfo>
+EOF`
+
+ END_AUTHORITIES_RETRIEVAL_INFO=`cat <<EOF
+ <\/retrievalinfo>\n
+ <\/xi:fallback>\n
+ <\/xi:include>\n
+EOF`
+ AUTHORITIES_INDEXING_MODE="dom"
+ ZEBRA_AUTHORITIES_CFG="zebra-authorities-dom.cfg"
+ ;;
+ "grs1")
+ START_AUTHORITIES_RETRIEVAL_INFO=" <retrievalinfo>"
+ END_AUTHORITIES_RETRIEVAL_INFO=" <\/retrievalinfo>"
+ AUTHORITIES_INDEXING_MODE="grs1"
+ ZEBRA_AUTHORITIES_CFG="zebra-authorities.cfg"
+ ;;
+ *)
+ die "Error: '$indexing_mode' is not a valid indexing mode for authority records."
+ ;;
+ esac
+}
+
+
+set_memcached()
+{
+ local instance="$1"
+
+ if [ "$CLO_MEMCACHED_SERVERS" != "" ]; then
+ MEMCACHED_SERVERS=$CLO_MEMCACHED_SERVERS
+ else
+ if [ "$MEMCACHED_SERVERS" = "" ]; then
+ MEMCACHED_SERVERS=$DEFAULT_MEMCACHED_SERVERS
+ # else: was set by the koha-sites.conf file
+ fi
+ fi
+
+ if [ "$CLO_MEMCACHED_PREFIX" != "" ]; then
+ MEMCACHED_NAMESPACE="$CLO_MEMCACHED_PREFIX$instance"
+ else
+ if [ "$MEMCACHED_PREFIX" != "" ]; then
+ MEMCACHED_NAMESPACE="$MEMCACHED_PREFIX$instance"
+ else
+ MEMCACHED_NAMESPACE="$DEFAULT_MEMCACHED_PREFIX$instance"
+ fi
+ fi
+
+}
+
+set_upload_path()
+{
+ local instance="$1"
+
+ if [ "$CLO_UPLOAD_PATH" != "" ]; then
+ UPLOAD_PATH=$CLO_UPLOAD_PATH
+ else
+ UPLOAD_PATH="$UPLOAD_PATH_BASE/$instance/$UPLOAD_DIR"
+ fi
+}
+
+enable_sru_server()
+{
+ # remove the commenting symbols
+ START_SRU_PUBLICSERVER=""
+ END_SRU_PUBLICSERVER=""
+ if [ "$SRU_SERVER_PORT" = "" ]; then
+ # --sru-port not passed, use the default
+ SRU_SERVER_PORT=$DEFAULT_SRU_SERVER_PORT
+ fi
+}
+
+check_letsencrypt()
+{
+ if [ $(dpkg-query -W -f='${Status}' letsencrypt 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+ set +e
+ apt-cache show letsencrypt &>/dev/null
+ local aptcacheshow=$?
+ set -e
+ if [ $aptcacheshow -eq 0 ]; then
+ read -r -p "The letsencrypt package is not installed. Do it now? [y/N] " response
+ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ local debrelease="$(lsb_release -c -s)"
+ if [ $debrelease = "jessie" ]; then
+ apt-get install -y -t jessie-backports letsencrypt
+ else
+ apt-get install -y letsencrypt
+ fi
+ else
+ die "You have to install letsencrypt to use the --letsencrypt parameter."
+ fi
+ else
+ echo "No installation candidate available for package letsencrypt."
+ if [[ -f /usr/bin/letsencrypt ]]; then
+ read -r -p "If you have a symlink from /usr/bin/letsencrypt to letsencrypt-auto, it should work. [y/N] " response
+ if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ die "You have to install letsencrypt to use the --letsencrypt parameter."
+ fi
+ else
+ die "You can create a symlink from /usr/bin/letsencrypt to letsencrypt-auto."
+ fi
+ fi
+ fi
+}
+
+letsencrypt_instance()
+{
+ # Get letsencrypt certificates
+ letsencrypt --agree-tos --renew-by-default --webroot certonly \
+ -w /usr/share/koha/opac/htdocs/ -d $opacdomain -w /usr/share/koha/intranet/htdocs/ -d $intradomain
+ # enable all ssl settings (apache won't start with these before certs are present)
+ sed -i "s:^\s*#\(\s*SSL.*\)$:\1:" "/etc/apache2/sites-available/$name.conf"
+ # change port from 80 to 443. (apache won't start if it is 443 without certs present)
+ sed -i "s:^\s*\(<VirtualHost \*\:\)80> #https$:\1443>:" "/etc/apache2/sites-available/$name.conf"
+ # enable redirect from http to https on port 80
+ sed -i "s:^\s*#\(.*\)#nohttps$:\1:" "/etc/apache2/sites-available/$name.conf"
+ # make koha-list --letsencrypt aware of this instance # could be done by checking apache conf instead
+ echo -e "opacdomain=\"$opacdomain\"\nintradomain=\"$intradomain\"" > /var/lib/koha/$name/letsencrypt.enabled
+ # restart apache with working certs
+ service apache2 restart
+}
+