From 101e791addf55702917820015eee7d4dbd5d4b4c Mon Sep 17 00:00:00 2001 From: Johannes Feichtner Date: Sat, 27 Feb 2016 20:19:50 +0100 Subject: [PATCH] Vhost templates: Extended the cron scripts to check for the designated webserver and referential integrity --- .../jobs/cron_tasks.inc.http.10.apache.php | 17 ++++--- .../jobs/cron_tasks.inc.http.20.lighttpd.php | 19 ++++---- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 47 ++++++++++--------- 3 files changed, 46 insertions(+), 37 deletions(-) diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 7b2a5e09..5762a1ff 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -868,15 +868,18 @@ class apache extends HttpConfigBase { // check if vhost config template is set and if so, merge it if ($domain['vhostsettingid'] != 0) { - $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " WHERE `id` = :id LIMIT 1;"); + $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " + WHERE `webserver` = 'apache2' AND `id` = :id LIMIT 1;"); $vhostconfig = Database::pexecute_first($vhostsettings_stmt, array('id' => $domain['vhostsettingid'])); - $vhost_content .= $this->processSpecialConfigTemplate( - $vhostconfig['vhostsettings'], - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost) . "\n"; + if (is_array($vhostconfig)) { + $vhost_content .= $this->processSpecialConfigTemplate( + $vhostconfig['vhostsettings'], + $domain, + $domain['ip'], + $domain['port'], + $ssl_vhost) . "\n"; + } } if ($domain['specialsettings'] != '') { diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index 89c1521b..facb5749 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -457,15 +457,18 @@ class lighttpd extends HttpConfigBase { // check if vhost config template is set and if so, merge it if ($domain['vhostsettingid'] != 0) { - $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " WHERE `id` = :id LIMIT 1;"); + $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " + WHERE `webserver` = 'lighttpd' AND `id` = :id LIMIT 1;"); $vhostconfig = Database::pexecute_first($vhostsettings_stmt, array('id' => $domain['vhostsettingid'])); - $vhost_content .= $this->processSpecialConfigTemplate( - $vhostconfig['vhostsettings'], - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost) . "\n"; + if (is_array($vhostconfig)) { + $vhost_content .= $this->processSpecialConfigTemplate( + $vhostconfig['vhostsettings'], + $domain, + $domain['ip'], + $domain['port'], + $ssl_vhost) . "\n"; + } } if ($domain['specialsettings'] != "") { @@ -531,7 +534,7 @@ class lighttpd extends HttpConfigBase { if ($domain['ssl_ca_file'] != '') { $ssl_settings.= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n"; } - + if ($domain['hsts'] > 0) { $vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts']; diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index 2f5a39f3..fbfaac8a 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -207,11 +207,11 @@ class nginx extends HttpConfigBase { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n"; $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n"; - + if ($row_ipsandports['ssl'] == '1') { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n"; } - + if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { $domain = array( 'id' => 'none', @@ -225,16 +225,16 @@ class nginx extends HttpConfigBase { 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, ); - + $php = new phpinterface($domain); $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n"; } else { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n"; } - + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n"; $this->nginx_data[$vhost_filename] .= "\t}\n"; - + $this->nginx_data[$vhost_filename] .= "}\n\n"; // End of Froxlor server{}-part } @@ -446,20 +446,23 @@ class nginx extends HttpConfigBase { // check if vhost config template is set and if so, merge it if ($domain['vhostsettingid'] != 0) { - $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " WHERE `id` = :id LIMIT 1;"); + $vhostsettings_stmt = Database::prepare("SELECT `description`, `vhostsettings` FROM " . TABLE_PANEL_VHOSTCONFIGS . " + WHERE `webserver` = 'nginx' AND `id` = :id LIMIT 1;"); $vhostconfig = Database::pexecute_first($vhostsettings_stmt, array('id' => $domain['vhostsettingid'])); - // replace {SOCKET} var with unix socket - $php = new phpinterface($domain); - $vhostconfig['vhostsettings'] = str_replace("{SOCKET}", $php->getInterface()->getSocketFile(), $vhostconfig['vhostsettings']); + if (is_array($vhostconfig)) { + // replace {SOCKET} var with unix socket + $php = new phpinterface($domain); + $vhostconfig['vhostsettings'] = str_replace("{SOCKET}", $php->getInterface()->getSocketFile(), $vhostconfig['vhostsettings']); - $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate( - $vhostconfig['vhostsettings'], - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost - )); + $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate( + $vhostconfig['vhostsettings'], + $domain, + $domain['ip'], + $domain['port'], + $ssl_vhost + )); + } } if ($domain['specialsettings'] != "") { @@ -580,7 +583,7 @@ class nginx extends HttpConfigBase { } if ($domain_or_ip['ssl_cert_file'] != '') { - + // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_cert_file'])) { $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); @@ -593,7 +596,7 @@ class nginx extends HttpConfigBase { $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n"; $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n"; - + if ($domain_or_ip['ssl_key_file'] != '') { // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_key_file'])) { @@ -603,7 +606,7 @@ class nginx extends HttpConfigBase { $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n"; } } - + if ($domain_or_ip['ssl_ca_file'] != '') { // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_ca_file'])) { @@ -613,7 +616,7 @@ class nginx extends HttpConfigBase { $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n"; } } - + if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) { $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts']; @@ -853,11 +856,11 @@ class nginx extends HttpConfigBase { $phpopts .= "\t\tfastcgi_param HTTPS on;\n"; } $phpopts .= "\t}\n\n"; - + } return $phpopts; } - + protected function getWebroot($domain, $ssl) { $webroot_text = '';