maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

merge

Browse Source
This commit is contained in:
Udo Waechter
2018-03-25 11:30:04 +02:00
parent 2ab6b9f6f3 5c30961d3c
commit 3dcd109ee2
136 changed files with 17184 additions and 6944 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/classes/class.DnsBase.php
View File

@@ -233,7 +233,7 @@ abstract class DnsBase
$pubkey_file_handler = fopen($pubkey_filename, "w");
fwrite($pubkey_file_handler, $domain['dkim_pubkey']);
fclose($pubkey_file_handler);
safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
safe_exec("chmod 0644 " . escapeshellarg($pubkey_filename));
}
$dkimdomains .= $domain['domain'] . "\n";

83
scripts/classes/class.Extrausers.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2017 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2017-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
class Extrausers
{
public static function generateFiles(&$cronlog)
{
// passwd
$passwd = '/var/lib/extrausers/passwd';
$sql = "SELECT username,'x' as password,uid,gid,'Froxlor User' as comment,homedir,shell, login_enabled FROM ftp_users ORDER BY uid ASC";
self::_generateFile($passwd, $sql, $cronlog);
// group
$group = '/var/lib/extrausers/group';
$sql = "SELECT groupname,'x' as password,gid,members FROM ftp_groups ORDER BY gid ASC";
self::_generateFile($group, $sql, $cronlog);
// shadow
$shadow = '/var/lib/extrausers/shadow';
$sql = "SELECT username,password FROM ftp_users ORDER BY gid ASC";
self::_generateFile($shadow, $sql, $cronlog);
// set correct permissions
@chmod('/var/lib/extrausers/', 0755);
@chmod('/var/lib/extrausers/passwd', 0644);
@chmod('/var/lib/extrausers/group', 0644);
@chmod('/var/lib/extrausers/shadow', 0640);
}
private static function _generateFile($file, $query, &$cronlog)
{
$type = basename($file);
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Creating ' . $type . ' file');
if (! file_exists($file)) {
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, $type . ' file does not yet exist');
@mkdir(dirname($file), 0750, true);
touch($file);
}
$data_sel_stmt = Database::query($query);
$data_content = "";
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Writing ' . $data_sel_stmt->rowCount() . ' entries to ' . $type . ' file');
while ($u = $data_sel_stmt->fetch(PDO::FETCH_ASSOC)) {
switch ($type) {
case 'passwd':
if ($u['login_enabled'] != 'Y') {
$u['password'] = '*';
$u['shell'] = '/bin/false';
$u['comment'] = 'Locked Froxlor User';
}
$line = $u['username'] . ':' . $u['password'] . ':' . $u['uid'] . ':' . $u['gid'] . ':' . $u['comment'] . ':' . $u['homedir'] . ':' . $u['shell'] . PHP_EOL;
break;
case 'group':
$line = $u['groupname'] . ':' . $u['password'] . ':' . $u['gid'] . ':' . $u['members'] . PHP_EOL;
break;
case 'shadow':
$line = $u['username'] . ':' . $u['password'] . ':' . floor(time() / 86400 - 1) . ':0:99999:7:::' . PHP_EOL;
break;
}
$data_content .= $line;
}
if (file_put_contents($file, $data_content) !== false) {
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Succesfully wrote ' . $type . ' file');
} else {
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Error when writing ' . $type . ' file entries');
}
}
}

19
scripts/froxlor_master_cronjob.php
View File

@@ -68,6 +68,9 @@ for ($x = 1; $x < count($argv); $x++) {
$cronlog->setCronDebugFlag(defined('CRON_DEBUG_FLAG'));
$tasks_cnt_stmt = Database::query("SELECT COUNT(*) as jobcnt FROM `panel_tasks`");
$tasks_cnt = $tasks_cnt_stmt->fetch(PDO::FETCH_ASSOC);
// do we have anything to include?
if (count($jobs_to_run) > 0) {
// include all jobs we want to execute
@@ -76,6 +79,22 @@ if (count($jobs_to_run) > 0) {
$cronfile = getCronFile($cron);
require_once $cronfile;
}
if ($tasks_cnt['jobcnt'] > 0)
{
if (Settings::Get('system.nssextrausers') == 1)
{
include_once makeCorrectFile(FROXLOR_INSTALL_DIR.'/scripts/classes/class.Extrausers.php');
Extrausers::generateFiles($cronlog);
}
// clear NSCD cache if using fcgid or fpm, #1570
if (Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
$false_val = false;
safe_exec('nscd -i passwd 1> /dev/null', $false_val, array('>'));
safe_exec('nscd -i group 1> /dev/null', $false_val, array('>'));
}
}
}
fwrite($debugHandler, 'Cronfiles have been included' . "\n");

8
scripts/jobs/cron_letsencrypt.php
View File

@@ -20,6 +20,12 @@ if (! defined('MASTER_CRONJOB'))
*
*/
if (Settings::Get('system.leapiversion') == '2') {
// use ACME v2 is specified
require_once __DIR__ . '/cron_letsencrypt_v2.php';
exit;
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
if (! extension_loaded('curl')) {
@@ -43,6 +49,7 @@ $certificates_stmt = Database::query("
dom.`ssl_redirect`,
cust.`leprivatekey`,
cust.`lepublickey`,
cust.`leregistered`,
cust.`customerid`,
cust.`loginname`
FROM
@@ -103,6 +110,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
'documentroot' => FROXLOR_INSTALL_DIR,
'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => null,
'ssl_cert_file' => null,

294
scripts/jobs/cron_letsencrypt_v2.php Normal file
View File

@@ -0,0 +1,294 @@
<?php
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Aders <kontakt-froxlor@neteraser.de>
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.35
*
*/
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
if (! extension_loaded('curl')) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
exit();
}
$certificates_stmt = Database::query("
SELECT
domssl.`id`,
domssl.`domainid`,
domssl.expirationdate,
domssl.`ssl_cert_file`,
domssl.`ssl_key_file`,
domssl.`ssl_ca_file`,
domssl.`ssl_csr_file`,
dom.`domain`,
dom.`wwwserveralias`,
dom.`iswildcarddomain`,
dom.`documentroot`,
dom.`id` AS 'domainid',
dom.`ssl_redirect`,
cust.`leprivatekey`,
cust.`lepublickey`,
cust.`leregistered`,
cust.`customerid`,
cust.`loginname`
FROM
`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
`" . TABLE_PANEL_DOMAINS . "` AS dom
LEFT JOIN
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
dom.`id` = domssl.`domainid`
WHERE
dom.`customerid` = cust.`customerid`
AND dom.`letsencrypt` = 1
AND dom.`aliasdomain` IS NULL
AND dom.`iswildcarddomain` = 0
AND (
domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
OR domssl.`expirationdate` IS NULL
)
");
$aliasdomains_stmt = Database::prepare("
SELECT
dom.`id` as domainid,
dom.`domain`,
dom.`wwwserveralias`,
dom.`iswildcarddomain`
FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
WHERE
dom.`aliasdomain` = :id
AND dom.`letsencrypt` = 1
AND dom.`iswildcarddomain` = 0
");
$updcert_stmt = Database::prepare("
REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET
`id` = :id,
`domainid` = :domainid,
`ssl_cert_file` = :crt,
`ssl_key_file` = :key,
`ssl_ca_file` = :ca,
`ssl_cert_chainfile` = :chain,
`ssl_csr_file` = :csr,
`expirationdate` = :expirationdate
");
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
// flag for re-generation of vhost files
$changedetected = 0;
// first - generate LE for system-vhost if enabled
if (Settings::Get('system.le_froxlor_enabled') == '1') {
$certrow = array(
'loginname' => 'froxlor.panel',
'domain' => Settings::Get('system.hostname'),
'domainid' => 0,
'documentroot' => FROXLOR_INSTALL_DIR,
'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => null,
'ssl_cert_file' => null,
'ssl_key_file' => null,
'ssl_ca_file' => null,
'ssl_csr_file' => null,
'id' => null
);
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
$insert_or_update_required = true;
if ($froxlor_ssl) {
$certrow['id'] = $froxlor_ssl['id'];
$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
} else {
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
$insert_or_update_required = false;
}
}
if ($insert_or_update_required) {
$domains = array(
$certrow['domain']
);
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
try {
// Initialize Lescript with documentroot
$le = new lescript_v2($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow, true);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Settings::Set('system.le_froxlor_redirect', '1');
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
}
}
// customer domains
$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($certrows as $certrow) {
// set logger to corresponding loginname for the log to appear in the users system-log
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
$domains = array(
$certrow['domain']
);
if ($certrow['iswildcarddomain'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: *." . $certrow['domain']);
$domains[] = '*.' . $certrow['domain'];
}
elseif ($certrow['wwwserveralias'] == 1) {
// add www.<domain> to SAN list
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
$domains[] = 'www.' . $certrow['domain'];
}
// add alias domains (and possibly www.<aliasdomain>) to SAN list
Database::pexecute($aliasdomains_stmt, array(
'id' => $certrow['domainid']
));
$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($aliasdomains as $aliasdomain) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
$domains[] = $aliasdomain['domain'];
if ($aliasdomain['iswildcarddomain'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: *." . $aliasdomain['domain']);
$domains[] = '*.' . $aliasdomain['domain'];
}
elseif ($aliasdomain['wwwserveralias'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
$domains[] = 'www.' . $aliasdomain['domain'];
}
}
try {
// Initialize Lescript with documentroot
$le = new lescript_v2($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Database::pexecute($upddom_stmt, array(
'domainid' => $certrow['domainid']
));
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
}
}
// If we have a change in a certificate, we need to update the webserver - configs
// This is easiest done by just creating a new task ;)
if ($changedetected) {
inserttask(1);
}
// reset logger
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => 'cronjob'
));
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");

2
scripts/jobs/cron_tasks.inc.dns.20.pdns.php
View File

@@ -227,7 +227,7 @@ class pdns extends DnsBase
// build up connection string
$driver = 'mysql';
$dsn = $driver.":";
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');
$dbconf = array();

463
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

File diff suppressed because it is too large Load Diff

49
scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
View File

@@ -23,7 +23,7 @@ class apache_fcgid extends apache
{
$php_options_text = '';
if($domain['phpenabled'] == '1')
if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
{
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
@@ -44,7 +44,15 @@ class apache_fcgid extends apache
if (Settings::Get('system.apache24') == '1'
&& Settings::Get('phpfpm.use_mod_proxy') == '1'
) {
$php_options_text.= ' <FilesMatch \.php$>'. "\n";
$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];
$extensions = explode(" ", $filesmatch);
$filesmatch = "";
foreach ($extensions as $ext) {
$filesmatch .= substr($ext, 1).'|';
}
// start block, cut off last pipe and close block
$filesmatch = '('.str_replace(".", "\.", substr($filesmatch, 0, -1)).')';
$php_options_text.= ' <FilesMatch \.'.$filesmatch.'$>'. "\n";
$php_options_text.= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost'. "\n";
$php_options_text.= ' </FilesMatch>' . "\n";
@@ -54,15 +62,35 @@ class apache_fcgid extends apache
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
if ($phpconfig['pass_authorizationheader'] == '1') {
$php_options_text.= ' CGIPassAuth On' . "\n";
}
$php_options_text.= ' Require all granted' . "\n";
$php_options_text.= ' AllowOverride All' . "\n";
$php_options_text.= ' </Directory>' . "\n";
} elseif ($phpconfig['pass_authorizationheader'] == '1') {
// allow Pass of Authorization header
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' CGIPassAuth On' . "\n";
$php_options_text.= ' </Directory>' . "\n";
}
} else {
$php_options_text.= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
$addheader = "";
if ($phpconfig['pass_authorizationheader'] == '1') {
$addheader = " -pass-header Authorization";
}
$php_options_text.= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . $phpconfig['fpm_settings']['idle_timeout'] . $addheader . "\n";
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' <FilesMatch "\.php$">' . "\n";
$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];
$extensions = explode(" ", $filesmatch);
$filesmatch = "";
foreach ($extensions as $ext) {
$filesmatch .= substr($ext, 1).'|';
}
// start block, cut off last pipe and close block
$filesmatch = '('.str_replace(".", "\.", substr($filesmatch, 0, -1)).')';
$php_options_text.= ' <FilesMatch \.'.$filesmatch.'$>'. "\n";
$php_options_text.= ' SetHandler php5-fastcgi'. "\n";
$php_options_text.= ' Action php5-fastcgi /fastcgiphp' . "\n";
$php_options_text.= ' Options +ExecCGI' . "\n";
@@ -155,6 +183,16 @@ class apache_fcgid extends apache
) {
$user = Settings::Get('phpfpm.vhost_httpuser');
$group = Settings::Get('phpfpm.vhost_httpgroup');
// get fpm config
$fpm_sel_stmt = Database::prepare("
SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
WHERE p.id = :phpconfigid
");
$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')
));
}
$domain = array(
@@ -167,7 +205,8 @@ class apache_fcgid extends apache
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
'documentroot' => $mypath,
'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1
);
// all the files and folders have to belong to the local user

41
scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
View File

@@ -58,8 +58,22 @@ class lighttpd extends HttpConfigBase
public function reload()
{
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: reloading php-fpm');
safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
// get all start/stop commands
$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
Database::pexecute($startstop_sel);
$restart_cmds = $startstop_sel->fetchAll(PDO::FETCH_ASSOC);
// restart all php-fpm instances
foreach ($restart_cmds as $restart_cmd) {
// check whether the config dir is empty (no domains uses this daemon)
// so we need to create a dummy
$isDirEmpty = !(new \FilesystemIterator($restart_cmd['config_dir']))->valid();
if ($isDirEmpty) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
phpinterface_fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
}
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: reloading lighttpd');
safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
@@ -162,7 +176,25 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
} else {
$domain = array(
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
'guid' => Settings::Get('system.httpuser'),
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
);
}
} else {
// fallback of froxlor domain-data for processSpecialConfigTemplate()
$domain = array(
'domain' => Settings::Get('system.hostname'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath
);
}
if ($row_ipsandports['specialsettings'] != '') {
@@ -424,7 +456,7 @@ class lighttpd extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
$domain['documentroot'] = 'https://%1' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -517,7 +549,8 @@ class lighttpd extends HttpConfigBase
if ($domain['ssl_cert_file'] != '') {
$ssl_settings .= 'ssl.engine = "enable"' . "\n";
// ssl.engine only necessary once in the ip/port vhost (SERVER['socket'] condition)
//$ssl_settings .= 'ssl.engine = "enable"' . "\n";
$ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";

2
scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
View File

@@ -21,7 +21,7 @@ class lighttpd_fcgid extends lighttpd
{
$php_options_text = '';
if($domain['phpenabled'] == '1')
if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
{
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);

54
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -73,8 +73,22 @@ class nginx extends HttpConfigBase
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: restarting php processes');
safe_exec(Settings::Get('system.phpreload_command'));
} elseif ((int) Settings::Get('phpfpm.enabled') == 1) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: reloading php-fpm');
safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
// get all start/stop commands
$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
Database::pexecute($startstop_sel);
$restart_cmds = $startstop_sel->fetchAll(PDO::FETCH_ASSOC);
// restart all php-fpm instances
foreach ($restart_cmds as $restart_cmd) {
// check whether the config dir is empty (no domains uses this daemon)
// so we need to create a dummy
$isDirEmpty = !(new \FilesystemIterator($restart_cmd['config_dir']))->valid();
if ($isDirEmpty) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
phpinterface_fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
}
}
}
@@ -196,7 +210,7 @@ class nginx extends HttpConfigBase
}
}
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
$http2 = $ssl_vhost == true && Settings::Get('system.http2_support') == '1';
/**
* this HAS to be set for the default host in nginx or else no vhost will work
@@ -418,7 +432,7 @@ class nginx extends HttpConfigBase
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
}
@@ -447,7 +461,7 @@ class nginx extends HttpConfigBase
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
$domain['documentroot'] = 'https://$host' . $_sslport . '/';
}
// avoid using any whitespaces
@@ -609,7 +623,7 @@ class nginx extends HttpConfigBase
} else {
// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
// $sslsettings .= "\t" . 'ssl on;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.2;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols ' . str_replace(",", " ", Settings::Get('system.ssl_protocols')) . ';' . "\n";
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
@@ -634,6 +648,14 @@ class nginx extends HttpConfigBase
}
$sslsettings .= '";' . "\n";
}
if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") ||
(isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1") ) {
$sslsettings .= "\t" . 'ssl_stapling on;' . "\n";
$sslsettings .= "\t" . 'ssl_stapling_verify on;' . "\n";
$sslsettings .= "\t" . 'ssl_trusted_certificate ' .
makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
}
}
}
@@ -711,6 +733,11 @@ class nginx extends HttpConfigBase
if ($single['path'] == '/') {
$path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
$path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n";
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n";
} else {
$path_options .= "\t\t" . 'index index.html index.htm;' . "\n";
}
$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$path_options .= "\t\t" . '}' . "\n";
@@ -768,6 +795,11 @@ class nginx extends HttpConfigBase
$path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n";
$path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
$path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n";
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n";
} else {
$path_options .= "\t\t" . 'index index.html index.htm;' . "\n";
}
$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$path_options .= "\t\t" . '}' . "\n";
@@ -846,7 +878,7 @@ class nginx extends HttpConfigBase
protected function composePhpOptions($domain, $ssl_vhost = false)
{
$phpopts = '';
if ($domain['phpenabled'] == '1') {
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$phpopts = "\tlocation ~ \.php {\n";
$phpopts .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$phpopts .= "\t" . '}' . "\n\n";
@@ -882,9 +914,11 @@ class nginx extends HttpConfigBase
$webroot_text .= "\n\t" . 'location / {' . "\n";
if ($domain['phpenabled'] == '1') {
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$webroot_text .= "\t" . 'index index.php index.html index.htm;' . "\n";
$webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;' . "\n";
if ($domain['notryfiles'] != 1) {
$webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;' . "\n";
}
} else {
$webroot_text .= "\t" . 'index index.html index.htm;' . "\n";
}
@@ -895,7 +929,7 @@ class nginx extends HttpConfigBase
}
$webroot_text .= "\t" . '}' . "\n\n";
if ($domain['phpenabled'] == '1') {
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1' && $domain['notryfiles'] != 1) {
$webroot_text .= "\tlocation @rewrites {\n";
$webroot_text .= "\t\trewrite ^ /index.php last;\n";
$webroot_text .= "\t}\n\n";

2
scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php
View File

@@ -20,7 +20,7 @@ class nginx_phpfpm extends nginx
protected function composePhpOptions($domain, $ssl_vhost = false) {
$php_options_text = '';
if ($domain['phpenabled'] == '1') {
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);

8
scripts/jobs/cron_tasks.php
View File

@@ -168,9 +168,17 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
safe_exec('chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
if (Settings::Get('system.nssextrausers') == 1)
{
// explicitly create files after user has been created to avoid unknown user issues for apache/php-fpm when task#1 runs after this
include_once makeCorrectFile(FROXLOR_INSTALL_DIR.'/scripts/classes/class.Extrausers.php');
Extrausers::generateFiles($cronlog);
}
// clear NSCD cache if using fcgid or fpm, #1570
if (Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
$false_val = false;
safe_exec('nscd -i passwd 1> /dev/null', $false_val, array('>'));
safe_exec('nscd -i group 1> /dev/null', $false_val, array('>'));
}
}

6
scripts/jobs/cron_traffic.php
View File

@@ -115,7 +115,7 @@ while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
Database::needRoot(true, $row_database['dbserver']);
$last_dbserver = $row_database['dbserver'];
$database_list = array();
$databases_list = array();
$databases_list_result_stmt = Database::query("SHOW DATABASES");
while ($databases_list_row = $databases_list_result_stmt->fetch(PDO::FETCH_ASSOC)) {
$databases_list[] = strtolower($databases_list_row['Database']);
@@ -501,9 +501,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
Database::pexecute($result_quota_stmt, array('customerid' => $row['customerid']));
// get correct user
if (Settings::Get('system.mod_fcgid') == 1
&& $row['deactivated'] == '0'
) {
if ((Settings::Get('system.mod_fcgid') == 1 || Settings::Get('phpfpm.enabled') == 1) && $row['deactivated'] == '0') {
$user = $row['loginname'];
$group = $row['loginname'];
} else {

2
scripts/jobs/cron_usage_report.php
View File

@@ -34,6 +34,8 @@ if (Settings::Get('system.mail_use_smtp')) {
$mail->Password = Settings::Get('system.mail_smtp_passwd');
if (Settings::Get('system.mail_smtp_usetls')) {
$mail->SMTPSecure = 'tls';
} else {
$mail->SMTPAutoTLS = false;
}
$mail->Port = Settings::Get('system.mail_smtp_port');
}