maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge pull request #320 from guruevi/master

Browse Source 
Various fixes for failing nginx/LetsEncrypt
This commit is contained in:
Florian Aders
2016-02-22 12:14:12 +01:00
parent deb19f2625 83fd1ab0ca
commit 2286ea751e
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/classes/ssl/class.lescript.php
View File

@@ -324,7 +324,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
{
$res = openssl_pkey_new(array(
"private_key_type" => OPENSSL_KEYTYPE_RSA,
"private_key_bits" => Settings::Get('system.letsencryptkeysize'),
"private_key_bits" => (int)Settings::Get('system.letsencryptkeysize'),
));
if(!openssl_pkey_export($res, $privateKey)) {

4
lib/configfiles/trusty.xml
View File

@@ -273,10 +273,10 @@ fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<file name="/etc/nginx/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{settings.system.letsencryptchallengepath}};
alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;

11
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -422,6 +422,7 @@ class nginx extends HttpConfigBase {
) {
$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
}
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
// if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
@@ -567,7 +568,7 @@ class nginx extends HttpConfigBase {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
echo $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n";
} else {
// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
//$sslsettings .= "\t" . 'ssl on;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
@@ -595,13 +596,13 @@ class nginx extends HttpConfigBase {
}
}
if ($domain['hsts'] > 0) {
if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain['hsts'];
if ($domain['hsts_sub'] == 1) {
$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
if ($domain_or_ip['hsts_sub'] == 1) {
$vhost_content .= '; includeSubdomains';
}
if ($domain['hsts_preload'] == 1) {
if ($domain_or_ip['hsts_preload'] == 1) {
$vhost_content .= '; preload';
}
$vhost_content .= '";' . "\n";