maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

only include acme.conf to vhosts if system has ssl and LE enabled (might not exist if not)

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2016-04-15 15:09:11 +02:00
parent e8f5fc1a8a
commit 28f0c3eac4
1 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -207,11 +207,11 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n"; $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
if ($row_ipsandports['ssl'] == '1') { if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
} }
if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array( $domain = array(
'id' => 'none', 'id' => 'none',
@@ -225,16 +225,16 @@ class nginx extends HttpConfigBase {
'loginname' => 'froxlor.panel', 'loginname' => 'froxlor.panel',
'documentroot' => $mypath, 'documentroot' => $mypath,
); );
$php = new phpinterface($domain); $php = new phpinterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n";
} else { } else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
} }
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n"; $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n"; $this->nginx_data[$vhost_filename] .= "\t}\n";
$this->nginx_data[$vhost_filename] .= "}\n\n"; $this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part // End of Froxlor server{}-part
} }
@@ -422,7 +422,11 @@ class nginx extends HttpConfigBase {
) { ) {
$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n"; $vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
} }
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
{
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
}
// if the documentroot is an URL we just redirect // if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
@@ -562,7 +566,7 @@ class nginx extends HttpConfigBase {
} }
if ($domain_or_ip['ssl_cert_file'] != '') { if ($domain_or_ip['ssl_cert_file'] != '') {
// check for existence, #1485 // check for existence, #1485
if (!file_exists($domain_or_ip['ssl_cert_file'])) { if (!file_exists($domain_or_ip['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
@@ -575,7 +579,7 @@ class nginx extends HttpConfigBase {
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n"; $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n"; $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
if ($domain_or_ip['ssl_key_file'] != '') { if ($domain_or_ip['ssl_key_file'] != '') {
// check for existence, #1485 // check for existence, #1485
if (!file_exists($domain_or_ip['ssl_key_file'])) { if (!file_exists($domain_or_ip['ssl_key_file'])) {
@@ -585,7 +589,7 @@ class nginx extends HttpConfigBase {
$sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n"; $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
} }
} }
if ($domain_or_ip['ssl_ca_file'] != '') { if ($domain_or_ip['ssl_ca_file'] != '') {
// check for existence, #1485 // check for existence, #1485
if (!file_exists($domain_or_ip['ssl_ca_file'])) { if (!file_exists($domain_or_ip['ssl_ca_file'])) {
@@ -595,7 +599,7 @@ class nginx extends HttpConfigBase {
$sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n"; $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
} }
} }
if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) { if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts']; $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
@@ -835,11 +839,11 @@ class nginx extends HttpConfigBase {
$phpopts .= "\t\tfastcgi_param HTTPS on;\n"; $phpopts .= "\t\tfastcgi_param HTTPS on;\n";
} }
$phpopts .= "\t}\n\n"; $phpopts .= "\t}\n\n";
} }
return $phpopts; return $phpopts;
} }
protected function getWebroot($domain, $ssl) { protected function getWebroot($domain, $ssl) {
$webroot_text = ''; $webroot_text = '';