add new 'http2 on' directive for nginx >=1.25.1

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-23 00:01:12 +01:00
parent c4cf8ededc
commit 2629718b22
2 changed files with 24 additions and 6 deletions
--- a/lib/Froxlor/Cron/Http/Nginx.php
+++ b/lib/Froxlor/Cron/Http/Nginx.php
@@ -46,10 +46,9 @@ class Nginx extends HttpConfigBase
 	// protected
 	protected $needed_htpasswds = [];
-	protected $auth_backend_loaded = false;
+	protected $http2_on_directive = false;
 	protected $htpasswds_data = [];
 	protected $known_htpasswdsfilenames = [];
 	protected $mod_accesslog_loaded = '0';
 	protected $vhost_root_autoindex = false;
 	/**
@@ -60,6 +59,18 @@ class Nginx extends HttpConfigBase
 	 */
 	private $deactivated = false;
 	public function __construct()
 	{
 		$nores = false;
 		$res = FileDir::safe_exec('nginx -v 2>&1', $nores, ['>', '&']);
 		$ver_str = array_shift($res);
 		$cNginxVer = substr($ver_str, strrpos($ver_str, "/") + 1);
 		if (version_compare($cNginxVer, '1.25.1', '>=')) {
 			// at least 1.25.1
 			$this->http2_on_directive = true;
 		}
 	}
 	public function createVirtualHosts()
 	{
 		return;
@@ -162,8 +173,10 @@ class Nginx extends HttpConfigBase
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
+				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
-
+				if ($http2 && $this->http2_on_directive) {
 					$this->nginx_data[$vhost_filename] .= "\t" . 'http2 on;' . "\n";
 				}
 				$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
 				$aliases = "";
@@ -481,6 +494,7 @@ class Nginx extends HttpConfigBase
 		$vhost_content = '';
 		$_vhost_content = '';
 		$has_http2_on = false;
 		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
 			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
@@ -531,7 +545,11 @@ class Nginx extends HttpConfigBase
 			}
 			$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');
-			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
+			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
 			if ($http2 && $this->http2_on_directive && !$has_http2_on) {
 				$vhost_content .= "\t" . 'http2 on;' . "\n";
 				$has_http2_on = true;
 			}
 		}
 		// get all server-names
--- a/lib/Froxlor/UI/Callbacks/Domain.php
+++ b/lib/Froxlor/UI/Callbacks/Domain.php
@@ -179,7 +179,7 @@ class Domain
 	{
 		if (Settings::Get('system.use_ssl') == '1'
 			&& DDomain::domainHasSslIpPort($attributes['fields']['id'])
-			&& (int)$attributes['fields']['caneditdomain'] == 1
+			&& (CurrentUser::isAdmin() || (!CurrentUser::isAdmin() && (int)$attributes['fields']['caneditdomain'] == 1))
 			&& (int)$attributes['fields']['letsencrypt'] == 0
 			&& (!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0))
 			&& !$attributes['fields']['deactivated']