
mkdir -p  /etc/php7/embed/ 2>/dev/null
cp -f $DIR_SHARE/php.ini /etc/php7/embed/

## on enpaiche lighttpd d'écouter sur toute la plage d'ipv4 localhost. pour empécher les erreurs a l'ouverture des socket de ctparental.
if [ $(grep -c "^server.bind" $MAINCONFHTTPD) -eq 1 ] ;then
    $SED "s?^server.port .*?server.port = 80?"  $MAINCONFHTTPD
    $SED "s?^server.bind .*?server.bind = \"$PRIVATE_IP4\"?"  $MAINCONFHTTPD
else
    $SED "s?^server.port .*?server.port = 80 \nserver.bind = \"$PRIVATE_IP4\"?"  $MAINCONFHTTPD
fi

if [ $(grep -c "^include.*$DIRCONFENABELEDHTTPD/\*.conf" $MAINCONFHTTPD) -eq 0 ] ;then
echo "include \"$DIRCONFENABELEDHTTPD/*.conf\"" >> $MAINCONFHTTPD

fi

# on active les modules indispensable et on desactive la page lighttpd par default.
rm -f $DIRCONFAVAILABLEHTTPD
ln -s -T "/etc/lighttpd/conf.d" "$DIRCONFAVAILABLEHTTPD"
mkdir $DIRCONFENABELEDHTTPD
ln -s $DIRCONFAVAILABLEHTTPD/fastcgi.conf $DIRCONFENABELEDHTTPD/fastcgi.conf 


{
echo '# -*- depends: fastcgi -*-
# /usr/share/doc/lighttpd/fastcgi.txt.gz
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions#mod_fastcgi-fastcgi

## Start an FastCGI server for php (needs the php5-cgi package)
fastcgi.server += ( ".php" => 
	((
		"bin-path" => "/usr/bin/php-cgi",
		"socket" => "/var/lib/lighttpd/sockets/php.socket",
		"max-procs" => 1,
		"bin-environment" => ( 
			"PHP_FCGI_CHILDREN" => "4",
			"PHP_FCGI_MAX_REQUESTS" => "100"
		),
		"bin-copy-environment" => (
			"PATH", "SHELL", "USER"
		),
		"broken-scriptfilename" => "enable"
	))
)'
} > $DIRCONFAVAILABLEHTTPD/15-fastcgi-php.conf
mkdir /var/run/lighttpd/
chown root:${GROUPHTTPD} /var/run/lighttpd/
chmod 770 /var/run/lighttpd/

ln -s $DIRCONFAVAILABLEHTTPD/15-fastcgi-php.conf $DIRCONFENABELEDHTTPD/15-fastcgi-php.conf

## on active les modules mod_redirect,mod_rewrite,mod_openssl dans /etc/lighttpd/modules.conf
$SED "s?^#.*mod_redirect\",.*?  \"mod_redirect\",?"  /etc/lighttpd/modules.conf
$SED "s?^#.*mod_rewrite\",.*?  \"mod_rewrite\",\n  \"mod_openssl\",?"  /etc/lighttpd/modules.conf

## on génaire le fichier de configuration pour l'interface d'administration + la page de redirection.
{

   echo "\$HTTP[\"host\"] =~ \"duckduckgo.com\" {
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/duckduckgo.pem\"
    url.redirect  = (\".*\" => \"https://safe.duckduckgo.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:80\" {
    url.redirect  = (\".*\" => \"https://safe.duckduckgo.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/duckduckgo.pem\"
    url.redirect  = (\".*\" => \"https://safe.duckduckgo.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:80\" {
    url.redirect  = (\".*\" => \"https://safe.duckduckgo.com\$0\" )
    }
}

\$HTTP[\"host\"] =~ \"www.qwant.com\" {
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/qwant.pem\"
    url.redirect  = (\".*\" => \"https://www.qwantjunior.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:80\" {
    url.redirect  = (\".*\" => \"https://www.qwantjunior.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/qwant.pem\"
    url.redirect  = (\".*\" => \"https://www.qwantjunior.com\$0\" )
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:80\" {
    url.redirect  = (\".*\" => \"https://www.qwantjunior.com\$0\" )
    }
}


\$HTTP[\"host\"] =~ \"$REALMADMINHTTPD\" {
    server.document-root = \"$DIRadminHTML\"
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:80\" {
        url.redirect  = (\".*\" => \"https://$REALMADMINHTTPD\$0\" )
    }
    \$SERVER[\"socket\"] == \"$ADMIN_IP4:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/$REALMADMINHTTPD.pem\"
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:80\" {
        url.redirect  = (\".*\" => \"https://$REALMADMINHTTPD\$0\" )
    }
    \$SERVER[\"socket\"] == \"[$ADMIN_IP6]:443\" {
    ssl.engine = \"enable\"
    ssl.pemfile = \"$PEMSRVDIR/$REALMADMINHTTPD.pem\"
    }
}

\$HTTP[\"host\"] =~ \"$ADMIN_IP6\" {
url.redirect  = (\".*\" => \"https://$REALMADMINHTTPD\" )
}
\$HTTP[\"host\"] =~ \"$ADMIN_IP4\" {
url.redirect  = (\".*\" => \"https://$REALMADMINHTTPD\" )
}
"
} > "$CTPARENTALCONFHTTPD"

ln -s $CTPARENTALCONFHTTPD /etc/lighttpd/conf-enabled/CTparental.conf

