From 28f0c3eac401b5793c8ca9e9750d99421683cb96 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Fri, 15 Apr 2016 15:09:11 +0200 Subject: [PATCH] only include acme.conf to vhosts if system has ssl and LE enabled (might not exist if not) Signed-off-by: Michael Kaufmann (d00p) --- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index babc15ea..5069d223 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -207,11 +207,11 @@ class nginx extends HttpConfigBase { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n"; $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n"; - + if ($row_ipsandports['ssl'] == '1') { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n"; } - + if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { $domain = array( 'id' => 'none', @@ -225,16 +225,16 @@ class nginx extends HttpConfigBase { 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, ); - + $php = new phpinterface($domain); $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n"; } else { $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n"; } - + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n"; $this->nginx_data[$vhost_filename] .= "\t}\n"; - + $this->nginx_data[$vhost_filename] .= "}\n\n"; // End of Froxlor server{}-part } @@ -422,7 +422,11 @@ class nginx extends HttpConfigBase { ) { $vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n"; } - $vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n"; + + if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1') + { + $vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n"; + } // if the documentroot is an URL we just redirect if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { @@ -562,7 +566,7 @@ class nginx extends HttpConfigBase { } if ($domain_or_ip['ssl_cert_file'] != '') { - + // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_cert_file'])) { $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); @@ -575,7 +579,7 @@ class nginx extends HttpConfigBase { $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n"; $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n"; - + if ($domain_or_ip['ssl_key_file'] != '') { // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_key_file'])) { @@ -585,7 +589,7 @@ class nginx extends HttpConfigBase { $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n"; } } - + if ($domain_or_ip['ssl_ca_file'] != '') { // check for existence, #1485 if (!file_exists($domain_or_ip['ssl_ca_file'])) { @@ -595,7 +599,7 @@ class nginx extends HttpConfigBase { $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n"; } } - + if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) { $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts']; @@ -835,11 +839,11 @@ class nginx extends HttpConfigBase { $phpopts .= "\t\tfastcgi_param HTTPS on;\n"; } $phpopts .= "\t}\n\n"; - + } return $phpopts; } - + protected function getWebroot($domain, $ssl) { $webroot_text = '';