January 14, 2017

Editing the httpd.conf file using Augeas

Sometimes you might want to edit the httpd.conf file using a shell script. For example let’s say we have the following file on our CentOS 7 machine:


You can find all my latest posts on medium.
$ cat /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost

    AllowOverride none
    Require all denied

DocumentRoot "/var/www/html"

    AllowOverride None
    Require all granted

    Options Indexes FollowSymLinks
    AllowOverride None                    # I WANT TO EDIT THIS LINE ONLY
    Require all granted

    DirectoryIndex index.html

    Require all denied

ErrorLog "logs/error_log"
LogLevel warn

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    CustomLog "logs/access_log" combined

    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

    AllowOverride None
    Options None
    Require all granted

    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml

AddDefaultCharset UTF-8

    MIMEMagicFile conf/magic

EnableSendfile on
IncludeOptional conf.d/*.conf
LimitRequestLine 81900

The ls/print/get commands are not important, they are just there to help you see what’s happening, and are handy for troubleshooting. The actual command that makes the change is the set command. the ‘save’ command then applies the change to the httpd.conf file.

The above can now be run automatically inside a bash shell script like this:

yum install -y augeas
yum install -y httpd
systemctl start httpd

augtool <<-EOF
set /files/etc/httpd/conf/httpd.conf/Directory[arg='\"/var/www/html\"']/*[self::directive='AllowOverride']/arg ALL

systemctl restart httpd

Side note: editing the httpd.conf file isn't necessary, since you can override them by dropping your custom configurations in the conf.d folder instead, thanks to the IncludeOptional apache setting, shown in the above sample file.