maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

removed ticketsystem; lots of work on cron stuff

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2018-12-19 13:09:14 +01:00
parent 903b775f79
commit 3ff20e327f
86 changed files with 3823 additions and 7421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

549
lib/Froxlor/Cron/Http/cron_tasks.inc.http.10.apache.php → lib/Froxlor/Cron/Http/Apache.php
View File

File diff suppressed because it is too large Load Diff

31
lib/Froxlor/Cron/Http/cron_tasks.inc.http.15.apache_fcgid.php → lib/Froxlor/Cron/Http/ApacheFcgi.php
View File

@@ -1,4 +1,9 @@
<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
<?php
namespace Froxlor\Cron\Http;
use \Froxlor\Database;
use \Froxlor\Settings;
use Froxlor\Cron\Http\Php\PhpInterface;
/**
* This file is part of the Froxlor project.
@@ -17,7 +22,7 @@
*
*/
class apache_fcgid extends apache
class ApacheFcgi extends Apache
{
protected function composePhpOptions($domain, $ssl_vhost = false)
{
@@ -25,7 +30,7 @@ class apache_fcgid extends apache
if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
{
$php = new phpinterface($domain);
$php = new PhpInterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
if((int)Settings::Get('phpfpm.enabled') == 1)
@@ -56,12 +61,12 @@ class apache_fcgid extends apache
$php_options_text.= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost'. "\n";
$php_options_text.= ' </FilesMatch>' . "\n";
$mypath_dir = new frxDirectory($domain['documentroot']);
$mypath_dir = new \Froxlor\Http\Directory($domain['documentroot']);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' <Directory "' . \Froxlor\FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
if ($phpconfig['pass_authorizationheader'] == '1') {
$php_options_text.= ' CGIPassAuth On' . "\n";
}
@@ -70,7 +75,7 @@ class apache_fcgid extends apache
$php_options_text.= ' </Directory>' . "\n";
} elseif ($phpconfig['pass_authorizationheader'] == '1') {
// allow Pass of Authorization header
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' <Directory "' . \Froxlor\FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' CGIPassAuth On' . "\n";
$php_options_text.= ' </Directory>' . "\n";
}
@@ -81,7 +86,7 @@ class apache_fcgid extends apache
$addheader = " -pass-header Authorization";
}
$php_options_text.= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . $phpconfig['fpm_settings']['idle_timeout'] . $addheader . "\n";
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' <Directory "' . \Froxlor\FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];
$extensions = explode(" ", $filesmatch);
$filesmatch = "";
@@ -97,7 +102,7 @@ class apache_fcgid extends apache
$php_options_text.= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($domain['documentroot']);
$mypath_dir = new \Froxlor\Http\Directory($domain['documentroot']);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
@@ -123,7 +128,7 @@ class apache_fcgid extends apache
else
{
$php_options_text.= ' SuexecUserGroup "' . $domain['loginname'] . '" "' . $domain['loginname'] . '"' . "\n";
$php_options_text.= ' <Directory "' . makeCorrectDir($domain['documentroot']) . '">' . "\n";
$php_options_text.= ' <Directory "' . \Froxlor\FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
$php_options_text.= ' <FilesMatch "\.(' . implode('|', $file_extensions) . ')$">' . "\n";
$php_options_text.= ' SetHandler fcgid-script' . "\n";
@@ -135,7 +140,7 @@ class apache_fcgid extends apache
$php_options_text.= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($domain['documentroot']);
$mypath_dir = new \Froxlor\Http\Directory($domain['documentroot']);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
@@ -171,7 +176,7 @@ class apache_fcgid extends apache
|| (Settings::Get('phpfpm.enabled') == '1'
&& Settings::Get('phpfpm.enabled_ownvhost') == '1')
) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); // /var/www/froxlor, needed for chown
$mypath = \Froxlor\Froxlor::getInstallDir();
if (Settings::Get('system.mod_fcgid_ownvhost') == '1')
{
@@ -212,10 +217,10 @@ class apache_fcgid extends apache
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
\Froxlor\FileDir::safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new phpinterface($domain);
$php = new PhpInterface($domain);
// get php-config
if (Settings::Get('phpfpm.enabled') == '1') {

319
lib/Froxlor/Cron/Http/ConfigIO.php Normal file
View File

@@ -0,0 +1,319 @@
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.29
*
*/
class ConfigIO
{
/**
* constructor
*/
public function __construct()
{}
/**
* clean up former created configs, including (if enabled)
* awstats, fcgid, php-fpm and of course automatically created
* webserver vhost and diroption files
*
* @return null
*/
public function cleanUp()
{
// old error logs
$this->_cleanErrLogs();
// awstats files
$this->_cleanAwstatsFiles();
// fcgid files
$this->_cleanFcgidFiles();
// php-fpm files
$this->_cleanFpmFiles();
// clean webserver-configs
$this->_cleanWebserverConfigs();
// old htpasswd files
$this->_cleanHtpasswdFiles();
// customer-specified ssl-certificates
$this->_cleanCustomerSslCerts();
}
private function _cleanErrLogs()
{
$err_dir = \Froxlor\FileDir::makeCorrectDir(\Froxlor\Froxlor::getInstallDir() . "/logs/");
if (@is_dir($err_dir)) {
// now get rid of old stuff
// (but append /*.log so we don't delete the directory)
$err_dir .= '/*.log';
\Froxlor\FileDir::safe_exec('rm -f ' . \Froxlor\FileDir::makeCorrectFile($err_dir));
}
}
/**
* remove customer-specified auto-generated ssl-certificates
* (they are being regenerated)
*
* @return null
*/
private function _cleanCustomerSslCerts()
{
/*
* only clean up if we're actually using SSL
*/
if (Settings::Get('system.use_ssl') == '1') {
// get correct directory
$configdir = $this->_getFile('system', 'customer_ssl_path');
if ($configdir !== false) {
$configdir = \Froxlor\FileDir::makeCorrectDir($configdir);
if (@is_dir($configdir)) {
// now get rid of old stuff
// (but append /* so we don't delete the directory)
$configdir .= '/*';
\Froxlor\FileDir::safe_exec('rm -f ' . \Froxlor\FileDir::makeCorrectFile($configdir));
}
}
}
}
/**
* remove webserver related configuration files before regeneration
*
* @return null
*/
private function _cleanWebserverConfigs()
{
// get directories
$configdirs = array();
$dir = $this->_getFile('system', 'apacheconf_vhost');
if ($dir !== false)
$configdirs[] = \Froxlor\FileDir::makeCorrectDir($dir);
$dir = $this->_getFile('system', 'apacheconf_diroptions');
if ($dir !== false)
$configdirs[] = \Froxlor\FileDir::makeCorrectDir($dir);
// file pattern
$pattern = "/^([0-9]){2}_(froxlor|syscp)_(.+)\.conf$/";
// check ALL the folders
foreach ($configdirs as $config_dir) {
// check directory
if (@is_dir($config_dir)) {
// create directory iterator
$its = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($config_dir));
// iterate through all subdirs,
// look for vhost/diroption files
// and delete them
foreach ($its as $fullFileName => $it) {
if ($it->isFile() && preg_match($pattern, $it->getFilename())) {
// remove file
\Froxlor\FileDir::safe_exec('rm -f ' . escapeshellarg(\Froxlor\FileDir::makeCorrectFile($its->getPathname())));
}
}
}
}
}
/**
* remove htpasswd files before regeneration
*
* @return null
*/
private function _cleanHtpasswdFiles()
{
// get correct directory
$configdir = $this->_getFile('system', 'apacheconf_htpasswddir');
if ($configdir !== false) {
$configdir = \Froxlor\FileDir::makeCorrectDir($configdir);
if (@is_dir($configdir)) {
// now get rid of old stuff
// (but append /* so we don't delete the directory)
$configdir .= '/*';
\Froxlor\FileDir::safe_exec('rm -f ' . \Froxlor\FileDir::makeCorrectFile($configdir));
}
}
}
/**
* remove awstats related configuration files before regeneration
*
* @return null
*/
private function _cleanAwstatsFiles()
{
if (Settings::Get('system.awstats_enabled') == '0') {
return;
}
// dhr: cleanout froxlor-generated awstats configs prior to re-creation
$awstatsclean = array();
$awstatsclean['header'] = "## GENERATED BY FROXLOR\n";
$awstatsclean['headerold'] = "## GENERATED BY SYSCP\n";
$awstatsclean['path'] = $this->_getFile('system', 'awstats_conf');
/**
* don't do anything if the directory does not exist
* (e.g.
* awstats not installed yet or whatever)
* fixes #45
*/
if ($awstatsclean['path'] !== false && is_dir($awstatsclean['path'])) {
$awstatsclean['dir'] = dir($awstatsclean['path']);
while ($awstatsclean['entry'] = $awstatsclean['dir']->read()) {
$awstatsclean['fullentry'] = \Froxlor\FileDir::makeCorrectFile($awstatsclean['path'] . '/' . $awstatsclean['entry']);
/**
* don't do anything if the file does not exist
*/
if (@file_exists($awstatsclean['fullentry'])) {
$awstatsclean['fh'] = fopen($awstatsclean['fullentry'], 'r');
$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);
fclose($awstatsclean['fh']);
if ($awstatsclean['headerRead'] == $awstatsclean['header'] || $awstatsclean['headerRead'] == $awstatsclean['headerold']) {
$awstats_conf_file = \Froxlor\FileDir::makeCorrectFile($awstatsclean['fullentry']);
@unlink($awstats_conf_file);
}
}
}
}
unset($awstatsclean);
// end dhr
}
/**
* remove fcgid related configuration files before regeneration
*
* @return null
*/
private function _cleanFcgidFiles()
{
if (Settings::Get('system.mod_fcgid') == '0') {
return;
}
// get correct directory
$configdir = $this->_getFile('system', 'mod_fcgid_configdir');
if ($configdir !== false) {
$configdir = \Froxlor\FileDir::makeCorrectDir($configdir);
if (@is_dir($configdir)) {
// create directory iterator
$its = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($configdir));
// iterate through all subdirs,
// look for php-fcgi-starter files
// and take immutable-flag away from them
// so we can delete them :)
foreach ($its as $fullFileName => $it) {
if ($it->isFile() && $it->getFilename() == 'php-fcgi-starter') {
// set chattr -i
\Froxlor\FileDir::removeImmutable($its->getPathname());
}
}
// now get rid of old stuff
// (but append /* so we don't delete the directory)
$configdir .= '/*';
\Froxlor\FileDir::safe_exec('rm -rf ' . \Froxlor\FileDir::makeCorrectFile($configdir));
}
}
}
/**
* remove php-fpm related configuration files before regeneration
*
* @return null
*/
private function _cleanFpmFiles()
{
if (Settings::Get('phpfpm.enabled') == '0') {
return;
}
// get all fpm config paths
$fpmconf_sel = \Froxlor\Database\Database::prepare("SELECT config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
\Froxlor\Database\Database::pexecute($fpmconf_sel);
$fpmconf_paths = $fpmconf_sel->fetchAll(\PDO::FETCH_ASSOC);
// clean all php-fpm config-dirs
foreach ($fpmconf_paths as $configdir) {
$configdir = \Froxlor\FileDir::makeCorrectDir($configdir['config_dir']);
if (@is_dir($configdir)) {
// now get rid of old stuff
// (but append /*.conf so we don't delete the directory)
$configdir .= '/*.conf';
\Froxlor\FileDir::safe_exec('rm -f ' . makeCorrectFile($configdir));
} else {
\Froxlor\FileDir::safe_exec('mkdir -p ' . $configdir);
}
}
// also remove aliasconfigdir #1273
$aliasconfigdir = $this->_getFile('phpfpm', 'aliasconfigdir');
if ($aliasconfigdir !== false) {
$aliasconfigdir = \Froxlor\FileDir::makeCorrectDir($aliasconfigdir);
if (@is_dir($aliasconfigdir)) {
$aliasconfigdir .= '/*';
\Froxlor\FileDir::safe_exec('rm -rf ' . \Froxlor\FileDir::makeCorrectFile($aliasconfigdir));
}
}
}
/**
* returns a file/direcotry from the settings and checks whether it exists
*
* @param string $group
* settings-group
* @param string $varname
* var-name
* @param boolean $check_exists
* check if the file exists
*
* @return string|boolean complete path including filename if any or false on error
*/
private function _getFile($group, $varname, $check_exists = true)
{
// read from settings
$file = Settings::Get($group . '.' . $varname);
// check whether it exists
if ($check_exists && @file_exists($file) == false) {
return false;
}
return $file;
}
}

121
lib/Froxlor/Cron/Http/DomainSSL.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.29
*
*/
class DomainSSL
{
/**
* constructor
*/
public function __construct()
{}
/**
* read domain-related (or if empty, parentdomain-related) ssl-certificates from the database
* and (if not empty) set the corresponding array-indices (ssl_cert_file, ssl_key_file,
* ssl_ca_file and ssl_cert_chainfile).
* Hence the parameter as reference.
*
* @param array $domain
* domain-array as reference so we can set the corresponding array-indices
*
* @return null
*/
public function setDomainSSLFilesArray(array &$domain = null)
{
// check if the domain itself has a certificate defined
$dom_certs_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :domid
");
$dom_certs = Database::pexecute_first($dom_certs_stmt, array(
'domid' => $domain['id']
));
if (! is_array($dom_certs) || ! isset($dom_certs['ssl_cert_file']) || $dom_certs['ssl_cert_file'] == '') {
// maybe its parent?
if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
$dom_certs = Database::pexecute_first($dom_certs_stmt, array(
'domid' => $domain['parentdomainid']
));
}
}
// check if it's an array and if the most important field is set
if (is_array($dom_certs) && isset($dom_certs['ssl_cert_file']) && $dom_certs['ssl_cert_file'] != '') {
// get destination path
$sslcertpath = makeCorrectDir(Settings::Get('system.customer_ssl_path'));
// create path if it does not exist
if (! file_exists($sslcertpath)) {
safe_exec('mkdir -p ' . escapeshellarg($sslcertpath));
}
// make correct files for the certificates
$ssl_files = array(
'ssl_cert_file' => makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.crt'),
'ssl_key_file' => makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.key')
);
if (Settings::Get('system.webserver') == 'lighttpd') {
// put my.crt and my.key together for lighty.
$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file']) . "\n" . trim($dom_certs['ssl_key_file']) . "\n";
$ssl_files['ssl_key_file'] = '';
}
// initialize optional files
$ssl_files['ssl_ca_file'] = '';
$ssl_files['ssl_cert_chainfile'] = '';
// set them if they are != empty
if ($dom_certs['ssl_ca_file'] != '') {
$ssl_files['ssl_ca_file'] = makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_CA.pem');
}
if ($dom_certs['ssl_cert_chainfile'] != '') {
if (Settings::Get('system.webserver') == 'nginx') {
// put ca.crt in my.crt, as nginx does not support a separate chain file.
$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file']) . "\n" . trim($dom_certs['ssl_cert_chainfile']) . "\n";
} else {
$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_chain.pem');
}
}
// will only be generated to be used externally, froxlor does not need this
if ($dom_certs['ssl_fullchain_file'] != '') {
$ssl_files['ssl_fullchain_file'] = makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_fullchain.pem');
}
// create them on the filesystem
foreach ($ssl_files as $type => $filename) {
if ($filename != '') {
touch($filename);
$_fh = fopen($filename, 'w');
fwrite($_fh, $dom_certs[$type]);
fclose($_fh);
chmod($filename, 0600);
}
}
// override corresponding array values
$domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];
$domain['ssl_key_file'] = $ssl_files['ssl_key_file'];
$domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];
}
return;
}
}

15
lib/Froxlor/Cron/Http/class.HttpConfigBase.php → lib/Froxlor/Cron/Http/HttpConfigBase.php
View File

@@ -1,4 +1,8 @@
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
@@ -8,18 +12,17 @@
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* Class HttpConfigBase
*
* Base class for all HTTP server configs
*
*/
class HttpConfigBase
{

294
lib/Froxlor/Cron/Http/LetsEncrypt/cron_letsencrypt.php Normal file
View File

@@ -0,0 +1,294 @@
<?php
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Aders <kontakt-froxlor@neteraser.de>
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.35
*
*/
if (Settings::Get('system.leapiversion') == '2') {
// use ACME v2 is specified
require_once __DIR__ . '/cron_letsencrypt_v2.php';
exit;
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
if (! extension_loaded('curl')) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
exit();
}
$certificates_stmt = Database::query("
SELECT
domssl.`id`,
domssl.`domainid`,
domssl.expirationdate,
domssl.`ssl_cert_file`,
domssl.`ssl_key_file`,
domssl.`ssl_ca_file`,
domssl.`ssl_csr_file`,
dom.`domain`,
dom.`wwwserveralias`,
dom.`documentroot`,
dom.`id` AS 'domainid',
dom.`ssl_redirect`,
cust.`leprivatekey`,
cust.`lepublickey`,
cust.`leregistered`,
cust.`customerid`,
cust.`loginname`
FROM
`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
`" . TABLE_PANEL_DOMAINS . "` AS dom
LEFT JOIN
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
dom.`id` = domssl.`domainid`
WHERE
dom.`customerid` = cust.`customerid`
AND cust.deactivated = 0
AND dom.`letsencrypt` = 1
AND dom.`aliasdomain` IS NULL
AND dom.`iswildcarddomain` = 0
AND (
domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
OR domssl.`expirationdate` IS NULL
)
");
$aliasdomains_stmt = Database::prepare("
SELECT
dom.`id` as domainid,
dom.`domain`,
dom.`wwwserveralias`
FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
WHERE
dom.`aliasdomain` = :id
AND dom.`letsencrypt` = 1
AND dom.`iswildcarddomain` = 0
");
$updcert_stmt = Database::prepare("
REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET
`id` = :id,
`domainid` = :domainid,
`ssl_cert_file` = :crt,
`ssl_key_file` = :key,
`ssl_ca_file` = :ca,
`ssl_cert_chainfile` = :chain,
`ssl_csr_file` = :csr,
`ssl_fullchain_file` = :fullchain,
`expirationdate` = :expirationdate
");
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
// flag for re-generation of vhost files
$changedetected = 0;
// first - generate LE for system-vhost if enabled
if (Settings::Get('system.le_froxlor_enabled') == '1') {
$certrow = array(
'loginname' => 'froxlor.panel',
'domain' => Settings::Get('system.hostname'),
'domainid' => 0,
'documentroot' => \Froxlor\Froxlor::getInstallDir(),
'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => null,
'ssl_cert_file' => null,
'ssl_key_file' => null,
'ssl_ca_file' => null,
'ssl_csr_file' => null,
'id' => null
);
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
$insert_or_update_required = true;
if ($froxlor_ssl) {
$certrow['id'] = $froxlor_ssl['id'];
$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
} else {
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
$insert_or_update_required = false;
}
}
if ($insert_or_update_required) {
$domains = array(
$certrow['domain']
);
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
try {
// Initialize Lescript with documentroot
$le = new lescript($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow, true);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'fullchain' => $return['fullchain'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Settings::Set('system.le_froxlor_redirect', '1');
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
}
}
// customer domains
$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($certrows as $certrow) {
// set logger to corresponding loginname for the log to appear in the users system-log
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
$domains = array(
$certrow['domain']
);
// add www.<domain> to SAN list
if ($certrow['wwwserveralias'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
$domains[] = 'www.' . $certrow['domain'];
}
// add alias domains (and possibly www.<aliasdomain>) to SAN list
Database::pexecute($aliasdomains_stmt, array(
'id' => $certrow['domainid']
));
$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($aliasdomains as $aliasdomain) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
$domains[] = $aliasdomain['domain'];
if ($aliasdomain['wwwserveralias'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
$domains[] = 'www.' . $aliasdomain['domain'];
}
}
try {
// Initialize Lescript with documentroot
$le = new lescript($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'fullchain' => $return['fullchain'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Database::pexecute($upddom_stmt, array(
'domainid' => $certrow['domainid']
));
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
}
}
// If we have a change in a certificate, we need to update the webserver - configs
// This is easiest done by just creating a new task ;)
if ($changedetected) {
inserttask(1);
}
// reset logger
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => 'cronjob'
));
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");

300
lib/Froxlor/Cron/Http/LetsEncrypt/cron_letsencrypt_v2.php Normal file
View File

@@ -0,0 +1,300 @@
<?php
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Aders <kontakt-froxlor@neteraser.de>
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.35
*
*/
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
if (! extension_loaded('curl')) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
exit();
}
$certificates_stmt = Database::query("
SELECT
domssl.`id`,
domssl.`domainid`,
domssl.expirationdate,
domssl.`ssl_cert_file`,
domssl.`ssl_key_file`,
domssl.`ssl_ca_file`,
domssl.`ssl_csr_file`,
dom.`domain`,
dom.`wwwserveralias`,
dom.`iswildcarddomain`,
dom.`documentroot`,
dom.`id` AS 'domainid',
dom.`ssl_redirect`,
cust.`leprivatekey`,
cust.`lepublickey`,
cust.`leregistered`,
cust.`leaccount`,
cust.`customerid`,
cust.`loginname`
FROM
`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
`" . TABLE_PANEL_DOMAINS . "` AS dom
LEFT JOIN
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
dom.`id` = domssl.`domainid`
WHERE
dom.`customerid` = cust.`customerid`
AND cust.deactivated = 0
AND dom.`letsencrypt` = 1
AND dom.`aliasdomain` IS NULL
AND dom.`iswildcarddomain` = 0
AND (
domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
OR domssl.`expirationdate` IS NULL
)
");
$aliasdomains_stmt = Database::prepare("
SELECT
dom.`id` as domainid,
dom.`domain`,
dom.`wwwserveralias`,
dom.`iswildcarddomain`
FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
WHERE
dom.`aliasdomain` = :id
AND dom.`letsencrypt` = 1
AND dom.`iswildcarddomain` = 0
");
$updcert_stmt = Database::prepare("
REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET
`id` = :id,
`domainid` = :domainid,
`ssl_cert_file` = :crt,
`ssl_key_file` = :key,
`ssl_ca_file` = :ca,
`ssl_cert_chainfile` = :chain,
`ssl_csr_file` = :csr,
`ssl_fullchain_file` = :fullchain,
`expirationdate` = :expirationdate
");
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
// flag for re-generation of vhost files
$changedetected = 0;
// first - generate LE for system-vhost if enabled
if (Settings::Get('system.le_froxlor_enabled') == '1') {
$certrow = array(
'loginname' => 'froxlor.panel',
'domain' => Settings::Get('system.hostname'),
'domainid' => 0,
'documentroot' => \Froxlor\Froxlor::getInstallDir(),
'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'),
'leaccount' => Settings::Get('system.leaccount'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => null,
'ssl_cert_file' => null,
'ssl_key_file' => null,
'ssl_ca_file' => null,
'ssl_csr_file' => null,
'id' => null
);
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
$insert_or_update_required = true;
if ($froxlor_ssl) {
$certrow['id'] = $froxlor_ssl['id'];
$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
} else {
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
$insert_or_update_required = false;
}
}
if ($insert_or_update_required) {
$domains = array(
$certrow['domain']
);
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
try {
// Initialize Lescript with documentroot
$le = new lescript_v2($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow, true);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'fullchain' => $return['fullchain'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Settings::Set('system.le_froxlor_redirect', '1');
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
}
}
// customer domains
$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($certrows as $certrow) {
// set logger to corresponding loginname for the log to appear in the users system-log
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname']
));
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
$domains = array(
$certrow['domain']
);
if ($certrow['iswildcarddomain'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: *." . $certrow['domain']);
$domains[] = '*.' . $certrow['domain'];
}
elseif ($certrow['wwwserveralias'] == 1) {
// add www.<domain> to SAN list
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
$domains[] = 'www.' . $certrow['domain'];
}
// add alias domains (and possibly www.<aliasdomain>) to SAN list
Database::pexecute($aliasdomains_stmt, array(
'id' => $certrow['domainid']
));
$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($aliasdomains as $aliasdomain) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
$domains[] = $aliasdomain['domain'];
if ($aliasdomain['iswildcarddomain'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: *." . $aliasdomain['domain']);
$domains[] = '*.' . $aliasdomain['domain'];
}
elseif ($aliasdomain['wwwserveralias'] == 1) {
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
$domains[] = 'www.' . $aliasdomain['domain'];
}
}
try {
// Initialize Lescript with documentroot
$le = new lescript_v2($cronlog, $version);
// Initialize Lescript
$le->initAccount($certrow);
// Request the new certificate (old key may be used)
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
// We are interessted in the expirationdate
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
'key' => $return['key'],
'ca' => $return['chain'],
'chain' => $return['chain'],
'csr' => $return['csr'],
'fullchain' => $return['fullchain'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
));
if ($certrow['ssl_redirect'] == 3) {
Database::pexecute($upddom_stmt, array(
'domainid' => $certrow['domainid']
));
}
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
}
}
// If we have a change in a certificate, we need to update the webserver - configs
// This is easiest done by just creating a new task ;)
if ($changedetected) {
inserttask(1);
}
// reset logger
$cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => 'cronjob'
));
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");

43
lib/Froxlor/Cron/Http/cron_tasks.inc.http.20.lighttpd.php → lib/Froxlor/Cron/Http/Lighttpd.php
View File

@@ -1,7 +1,10 @@
<?php
namespace Froxlor\Cron\Http;
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
use Froxlor\Database;
use Froxlor\Settings;
use Froxlor\Cron\Http\Php\Fpm;
use Froxlor\Cron\Http\Php\PhpInterface;
/**
* This file is part of the Froxlor project.
@@ -21,15 +24,9 @@ if (! defined('MASTER_CRONJOB'))
* @todo ssl-redirect to non-standard port
*/
require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
class lighttpd extends HttpConfigBase
class Lighttpd extends HttpConfigBase
{
private $logger = false;
private $idnaConvert = false;
// protected
protected $lighttpd_data = array();
@@ -49,19 +46,13 @@ class lighttpd extends HttpConfigBase
*/
private $_deactivated = false;
public function __construct($logger, $idnaConvert)
{
$this->logger = $logger;
$this->idnaConvert = $idnaConvert;
}
public function reload()
{
if ((int) Settings::Get('phpfpm.enabled') == 1) {
// get all start/stop commands
$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
Database::pexecute($startstop_sel);
$restart_cmds = $startstop_sel->fetchAll(PDO::FETCH_ASSOC);
$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
// restart all php-fpm instances
foreach ($restart_cmds as $restart_cmd) {
// check whether the config dir is empty (no domains uses this daemon)
@@ -69,7 +60,7 @@ class lighttpd extends HttpConfigBase
$_conffiles = glob(makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
if ($_conffiles === false || empty($_conffiles)) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
phpinterface_fpm::createDummyPool($restart_cmd['config_dir']);
Fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
@@ -83,7 +74,7 @@ class lighttpd extends HttpConfigBase
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row_ipsandports = $result_ipsandports_stmt->fetch(\PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
$port = $row_ipsandports['port'];
@@ -176,7 +167,7 @@ class lighttpd extends HttpConfigBase
'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1
);
$php = new phpinterface($domain);
$php = new PhpInterface($domain);
$this->lighttpd_data[$vhost_filename] .= ' fastcgi.server = ( ' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n";
@@ -345,7 +336,7 @@ class lighttpd extends HttpConfigBase
));
$htaccess_text = '';
while ($row_htpasswds = $result_htpasswds_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row_htpasswds = $result_htpasswds_stmt->fetch(\PDO::FETCH_ASSOC)) {
$row_htpasswds['path'] = makeCorrectDir($row_htpasswds['path']);
mkDirWithCorrectOwnership($domain['documentroot'], $row_htpasswds['path'], $domain['guid'], $domain['guid']);
@@ -658,7 +649,7 @@ class lighttpd extends HttpConfigBase
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
while (($alias_domain = $alias_domains_stmt->fetch(\PDO::FETCH_ASSOC)) !== false) {
$server_alias .= ' ' . $alias_domain['domain'] . ' ';
@@ -707,7 +698,7 @@ class lighttpd extends HttpConfigBase
$path_options = '';
$error_string = '';
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
if (! empty($row['error404path'])) {
$defhandler = $row['error404path'];
@@ -768,7 +759,7 @@ class lighttpd extends HttpConfigBase
'customerid' => $domain['customerid']
));
while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row_htpasswds = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
if ($auth_backend_loaded[$domain['ipandport']] != 'yes' && $auth_backend_loaded[$domain['ssl_ipandport']] != 'yes') {
$filename = $domain['customerid'] . '.htpasswd';
@@ -832,7 +823,7 @@ class lighttpd extends HttpConfigBase
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
while (($alias_domain = $alias_domains_stmt->fetch(\PDO::FETCH_ASSOC)) !== false) {
$alias_domain_name = str_replace('.', '\.', $alias_domain['domain']);
if ($alias_domain['iswildcarddomain'] == '1') {
@@ -953,7 +944,7 @@ class lighttpd extends HttpConfigBase
{
$this->logger->logAction(CRON_ACTION, LOG_INFO, "lighttpd::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost'));
$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
$vhostDir = new \Froxlor\Http\Directory(Settings::Get('system.apacheconf_vhost'));
if (! $vhostDir->isConfigDir()) {
// Save one big file
$vhosts_file = '';
@@ -998,7 +989,7 @@ class lighttpd extends HttpConfigBase
}
// Write the diroptions
$htpasswdDir = new frxDirectory(Settings::Get('system.apacheconf_htpasswddir'));
$htpasswdDir = new \Froxlor\Http\Directory(Settings::Get('system.apacheconf_htpasswddir'));
if ($htpasswdDir->isConfigDir()) {
foreach ($this->needed_htpasswds as $key => $data) {
if (! is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {

151
lib/Froxlor/Cron/Http/LighttpdFcgi.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Database;
use Froxlor\Settings;
use Froxlor\Cron\Http\Php\PhpInterface;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
class LighttpdFcgi extends Lighttpd
{
protected function composePhpOptions($domain)
{
$php_options_text = '';
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$php = new PhpInterface($domain);
$phpconfig = $php->getPhpConfig((int) $domain['phpsettingid']);
// vhost data for php-fpm
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$php_options_text = ' fastcgi.server = ( ' . "\n";
$php_options_text .= "\t" . '".php" => (' . "\n";
$php_options_text .= "\t\t" . '"localhost" => (' . "\n";
$php_options_text .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n";
$php_options_text .= "\t\t" . '"check-local" => "enable",' . "\n";
$php_options_text .= "\t\t" . '"disable-time" => 1' . "\n";
$php_options_text .= "\t" . ')' . "\n";
$php_options_text .= "\t" . ')' . "\n";
$php_options_text .= ' )' . "\n";
} // vhost data for fcgid
elseif ((int) Settings::Get('system.mod_fcgid') == 1) {
$php_options_text = ' fastcgi.server = ( ' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
foreach ($file_extensions as $f_extension) {
$php_options_text .= "\t" . '".' . $f_extension . '" => (' . "\n";
$php_options_text .= "\t\t" . '"localhost" => (' . "\n";
$php_options_text .= "\t\t" . '"socket" => "/var/run/lighttpd/' . $domain['loginname'] . '-' . $domain['domain'] . '-php.socket",' . "\n";
$php_options_text .= "\t\t" . '"bin-path" => "' . $phpconfig['binary'] . ' -c ' . $php->getInterface()->getIniFile() . '",' . "\n";
$php_options_text .= "\t\t" . '"bin-environment" => (' . "\n";
if ((int) $domain['mod_fcgid_starter'] != - 1) {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_CHILDREN" => "' . (int) $domain['mod_fcgid_starter'] . '",' . "\n";
} else {
if ((int) $phpconfig['mod_fcgid_starter'] != - 1) {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_CHILDREN" => "' . (int) $phpconfig['mod_fcgid_starter'] . '",' . "\n";
} else {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_CHILDREN" => "' . (int) Settings::Get('system.mod_fcgid_starter') . '",' . "\n";
}
}
if ((int) $domain['mod_fcgid_maxrequests'] != - 1) {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_MAX_REQUESTS" => "' . (int) $domain['mod_fcgid_maxrequests'] . '"' . "\n";
} else {
if ((int) $phpconfig['mod_fcgid_maxrequests'] != - 1) {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_MAX_REQUESTS" => "' . (int) $phpconfig['mod_fcgid_maxrequests'] . '"' . "\n";
} else {
$php_options_text .= "\t\t\t" . '"PHP_FCGI_MAX_REQUESTS" => "' . (int) Settings::Get('system.mod_fcgid_maxrequests') . '"' . "\n";
}
}
$php_options_text .= "\t\t" . ')' . "\n";
$php_options_text .= "\t" . ')' . "\n";
$php_options_text .= "\t" . ')' . "\n";
} // foreach extension
$php_options_text .= ' )' . "\n";
}
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
} else {
$php_options_text .= ' # PHP is disabled for this vHost' . "\n";
}
return $php_options_text;
}
public function createOwnVhostStarter()
{
if (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); // /var/www/froxlor, needed for chown
$user = Settings::Get('phpfpm.vhost_httpuser');
$group = Settings::Get('phpfpm.vhost_httpgroup');
// get fpm config
$fpm_sel_stmt = Database::prepare("
SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
WHERE p.id = :phpconfigid
");
$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')
));
$domain = array(
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
'mod_fcgid_starter' => - 1,
'mod_fcgid_maxrequests' => - 1,
'guid' => $user,
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
'customerroot' => $mypath,
'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1
);
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new PhpInterface($domain);
// get php-config
if (Settings::Get('phpfpm.enabled') == '1') {
// fpm
$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
} else {
// fcgid
$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
}
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
}
}
}

68
lib/Froxlor/Cron/Http/cron_tasks.inc.http.30.nginx.php → lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -1,7 +1,10 @@
<?php
namespace Froxlor\Cron\Http;
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
use Froxlor\Database;
use Froxlor\Settings;
use Froxlor\Cron\Http\Php\Fpm;
use Froxlor\Cron\Http\Php\PhpInterface;
/**
* This file is part of the Froxlor project.
@@ -15,18 +18,11 @@ if (! defined('MASTER_CRONJOB'))
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*
*/
require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
class nginx extends HttpConfigBase
class Nginx extends HttpConfigBase
{
private $logger = false;
private $idnaConvert = false;
private $nginx_server = array();
// protected
@@ -54,10 +50,8 @@ class nginx extends HttpConfigBase
*/
private $_deactivated = false;
public function __construct($logger, $idnaConvert, $nginx_server = array())
public function __construct($nginx_server = array())
{
$this->logger = $logger;
$this->idnaConvert = $idnaConvert;
$this->nginx_server = $nginx_server;
}
@@ -67,7 +61,7 @@ class nginx extends HttpConfigBase
// get all start/stop commands
$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
Database::pexecute($startstop_sel);
$restart_cmds = $startstop_sel->fetchAll(PDO::FETCH_ASSOC);
$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
// restart all php-fpm instances
foreach ($restart_cmds as $restart_cmd) {
// check whether the config dir is empty (no domains uses this daemon)
@@ -75,7 +69,7 @@ class nginx extends HttpConfigBase
$_conffiles = glob(makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
if ($_conffiles === false || empty($_conffiles)) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
phpinterface_fpm::createDummyPool($restart_cmd['config_dir']);
Fpm::createDummyPool($restart_cmd['config_dir']);
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: running ' . $restart_cmd['reload_cmd']);
safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
@@ -143,7 +137,7 @@ class nginx extends HttpConfigBase
SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC
");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row_ipsandports = $result_ipsandports_stmt->fetch(\PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
} else {
@@ -170,10 +164,10 @@ class nginx extends HttpConfigBase
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
if (!file_exists($row_ipsandports['ssl_cert_file'])) {
if (! file_exists($row_ipsandports['ssl_cert_file'])) {
// explicitly disable ssl for this vhost
$row_ipsandports['ssl_cert_file'] = "";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.Settings::Get('system.hostname').'"');
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "' . Settings::Get('system.ssl_cert_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
}
}
if ($row_ipsandports['ssl_key_file'] == '') {
@@ -313,7 +307,7 @@ class nginx extends HttpConfigBase
'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1
);
$php = new phpinterface($domain);
$php = new PhpInterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
@@ -425,7 +419,7 @@ class nginx extends HttpConfigBase
'domainid' => $domain['id']
));
while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($ipandport = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
$domain['ip'] = $ipandport['ip'];
$domain['port'] = $ipandport['port'];
@@ -454,7 +448,7 @@ class nginx extends HttpConfigBase
$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
}
// get all server-names
@@ -508,7 +502,7 @@ class nginx extends HttpConfigBase
$code = getDomainRedirectCode($domain['id']);
$vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/[-\w]+$) {' . "\n";
$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
$vhost_content .= "\t\t" . 'return ' . $code . ' ' . $uri . '$request_uri;' . "\n";
$vhost_content .= "\t" . '}' . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);
@@ -620,10 +614,10 @@ class nginx extends HttpConfigBase
if ($domain_or_ip['ssl_cert_file'] == '') {
$domain_or_ip['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
if (!file_exists($domain_or_ip['ssl_cert_file'])) {
if (! file_exists($domain_or_ip['ssl_cert_file'])) {
// explicitly disable ssl for this vhost
$domain_or_ip['ssl_cert_file'] = "";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.$domain_or_ip['domain'].'"');
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "' . Settings::Get('system.ssl_cert_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain_or_ip['domain'] . '"');
}
}
@@ -650,10 +644,10 @@ class nginx extends HttpConfigBase
// $sslsettings .= "\t" . 'ssl on;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols ' . str_replace(",", " ", Settings::Get('system.ssl_protocols')) . ';' . "\n";
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
if (!empty(Settings::Get('system.dhparams_file'))) {
if (! empty(Settings::Get('system.dhparams_file'))) {
$dhparams = makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) {
safe_exec('openssl dhparam -out '.escapeshellarg($dhparams).' 4096');
if (! file_exists($dhparams)) {
safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
}
$sslsettings .= 'ssl_dhparam ' . $dhparams . ';' . "\n";
}
@@ -681,12 +675,10 @@ class nginx extends HttpConfigBase
$sslsettings .= '";' . "\n";
}
if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") ||
(isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1") ) {
if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") || (isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1")) {
$sslsettings .= "\t" . 'ssl_stapling on;' . "\n";
$sslsettings .= "\t" . 'ssl_stapling_verify on;' . "\n";
$sslsettings .= "\t" . 'ssl_trusted_certificate ' .
makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
$sslsettings .= "\t" . 'ssl_trusted_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
}
}
}
@@ -696,8 +688,6 @@ class nginx extends HttpConfigBase
protected function create_pathOptions($domain)
{
$has_location = false;
$result_stmt = Database::prepare("
SELECT * FROM " . TABLE_PANEL_HTACCESS . "
WHERE `path` LIKE :docroot
@@ -710,7 +700,7 @@ class nginx extends HttpConfigBase
$htpasswds = $this->getHtpasswds($domain);
// for each entry in the htaccess table
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
if (! empty($row['error404path'])) {
$defhandler = $row['error404path'];
if (! validateUrl($defhandler)) {
@@ -860,7 +850,7 @@ class nginx extends HttpConfigBase
$returnval = array();
$x = 0;
while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while ($row_htpasswds = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
if (count($row_htpasswds) > 0) {
$htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_htpasswds['customerid'] . '-' . md5($row_htpasswds['path']) . '.htpasswd');
@@ -1067,7 +1057,7 @@ class nginx extends HttpConfigBase
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
while (($alias_domain = $alias_domains_stmt->fetch(\PDO::FETCH_ASSOC)) !== false) {
$server_alias .= ' ' . $alias_domain['domain'] . ' ';
if ($alias_domain['iswildcarddomain'] == '1') {
@@ -1121,7 +1111,7 @@ class nginx extends HttpConfigBase
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
while (($alias_domain = $alias_domains_stmt->fetch(\PDO::FETCH_ASSOC)) !== false) {
$server_alias .= ' ' . $alias_domain['domain'];
if ($alias_domain['iswildcarddomain'] == '1') {
@@ -1144,7 +1134,7 @@ class nginx extends HttpConfigBase
{
$this->logger->logAction(CRON_ACTION, LOG_INFO, "nginx::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost'));
$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
$vhostDir = new \Froxlor\Http\Directory(Settings::Get('system.apacheconf_vhost'));
if (! $vhostDir->isConfigDir()) {
// Save one big file
$vhosts_file = '';

53
lib/Froxlor/Cron/Http/cron_tasks.inc.http.35.nginx_phpfpm.php → lib/Froxlor/Cron/Http/NginxFcgi.php
View File

@@ -1,4 +1,9 @@
<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Database;
use Froxlor\Settings;
use Froxlor\Cron\Http\Php\PhpInterface;
/**
* This file is part of the Froxlor project.
@@ -8,22 +13,23 @@
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
class nginx_phpfpm extends nginx
class NginxFcgi extends Nginx
{
protected function composePhpOptions($domain, $ssl_vhost = false) {
protected function composePhpOptions($domain, $ssl_vhost = false)
{
$php_options_text = '';
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
$php = new PhpInterface($domain);
$phpconfig = $php->getPhpConfig((int) $domain['phpsettingid']);
$php_options_text = "\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
$php_options_text .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$php_options_text .= "\t" . '}' . "\n\n";
@@ -40,26 +46,23 @@ class nginx_phpfpm extends nginx
$php_options_text .= "\t\t" . 'fastcgi_pass unix:' . $php->getInterface()->getSocketFile() . ";\n";
$php_options_text .= "\t\t" . 'fastcgi_index index.php;' . "\n";
$php_options_text .= "\t}\n\n";
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
}
else {
$php_options_text.= ' # PHP is disabled for this vHost' . "\n";
} else {
$php_options_text .= ' # PHP is disabled for this vHost' . "\n";
}
return $php_options_text;
}
public function createOwnVhostStarter() {
if (Settings::Get('phpfpm.enabled') == '1'
&& Settings::Get('phpfpm.enabled_ownvhost') == '1'
) {
public function createOwnVhostStarter()
{
if (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); // /var/www/froxlor, needed for chown
$user = Settings::Get('phpfpm.vhost_httpuser');
@@ -79,8 +82,8 @@ class nginx_phpfpm extends nginx
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
'mod_fcgid_starter' => -1,
'mod_fcgid_maxrequests' => -1,
'mod_fcgid_starter' => - 1,
'mod_fcgid_maxrequests' => - 1,
'guid' => $user,
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
@@ -95,7 +98,7 @@ class nginx_phpfpm extends nginx
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new phpinterface($domain);
$php = new PhpInterface($domain);
// get php-config
if (Settings::Get('phpfpm.enabled') == '1') {
@@ -114,6 +117,4 @@ class nginx_phpfpm extends nginx
$php->getInterface()->createIniFile($phpconfig);
}
}
}

264
lib/Froxlor/Cron/Http/Php/Fcgid.php Normal file
View File

@@ -0,0 +1,264 @@
<?php
namespace Froxlor\Cron\Http\Php;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @link http://www.nutime.de/
* @since 0.9.16
*
*/
class Fcgid
{
/**
* Domain-Data array
*
* @var array
*/
private $_domain = array();
/**
* Admin-Date cache array
*
* @var array
*/
private $_admin_cache = array();
/**
* main constructor
*/
public function __construct($domain)
{
$this->_domain = $domain;
}
/**
* create fcgid-starter-file
*
* @param array $phpconfig
*/
public function createConfig($phpconfig)
{
// create starter
$starter_file = "#!/bin/sh\n\n";
$starter_file .= "#\n";
$starter_file .= "# starter created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
$starter_file .= "# Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
$starter_file .= "#\n\n";
$starter_file .= "umask " . $phpconfig['mod_fcgid_umask'] . "\n";
$starter_file .= "PHPRC=" . escapeshellarg($this->getConfigDir()) . "\n";
$starter_file .= "export PHPRC\n";
// set number of processes for one domain
if ((int) $this->_domain['mod_fcgid_starter'] != - 1) {
$starter_file .= "PHP_FCGI_CHILDREN=" . (int) $this->_domain['mod_fcgid_starter'] . "\n";
} else {
if ((int) $phpconfig['mod_fcgid_starter'] != - 1) {
$starter_file .= "PHP_FCGI_CHILDREN=" . (int) $phpconfig['mod_fcgid_starter'] . "\n";
} else {
$starter_file .= "PHP_FCGI_CHILDREN=" . (int) Settings::Get('system.mod_fcgid_starter') . "\n";
}
}
$starter_file .= "export PHP_FCGI_CHILDREN\n";
// set number of maximum requests for one domain
if ((int) $this->_domain['mod_fcgid_maxrequests'] != - 1) {
$starter_file .= "PHP_FCGI_MAX_REQUESTS=" . (int) $this->_domain['mod_fcgid_maxrequests'] . "\n";
} else {
if ((int) $phpconfig['mod_fcgid_maxrequests'] != - 1) {
$starter_file .= "PHP_FCGI_MAX_REQUESTS=" . (int) $phpconfig['mod_fcgid_maxrequests'] . "\n";
} else {
$starter_file .= "PHP_FCGI_MAX_REQUESTS=" . (int) Settings::Get('system.mod_fcgid_maxrequests') . "\n";
}
}
$starter_file .= "export PHP_FCGI_MAX_REQUESTS\n";
// Set Binary
$starter_file .= "exec " . $phpconfig['binary'] . " -c " . escapeshellarg($this->getConfigDir()) . "\n";
// remove +i attibute, so starter can be overwritten
if (file_exists($this->getStarterFile())) {
removeImmutable($this->getStarterFile());
}
$starter_file_handler = fopen($this->getStarterFile(), 'w');
fwrite($starter_file_handler, $starter_file);
fclose($starter_file_handler);
safe_exec('chmod 750 ' . escapeshellarg($this->getStarterFile()));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($this->getStarterFile()));
setImmutable($this->getStarterFile());
}
/**
* create customized php.ini
*
* @param array $phpconfig
*/
public function createIniFile($phpconfig)
{
$openbasedir = '';
$openbasedirc = ';';
if ($this->_domain['openbasedir'] == '1') {
$openbasedirc = '';
$_phpappendopenbasedir = '';
$_custom_openbasedir = explode(':', Settings::Get('system.mod_fcgid_peardir'));
foreach ($_custom_openbasedir as $cobd) {
$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
}
$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));
foreach ($_custom_openbasedir as $cobd) {
$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
}
if ($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) {
$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
} else {
$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
}
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
$openbasedir .= $_phpappendopenbasedir;
} else {
$openbasedir = 'none';
$openbasedirc = ';';
}
$admin = $this->_getAdminData($this->_domain['adminid']);
$php_ini_variables = array(
'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),
'TMP_DIR' => $this->getTempDir(),
'CUSTOMER_EMAIL' => $this->_domain['email'],
'ADMIN_EMAIL' => $admin['email'],
'DOMAIN' => $this->_domain['domain'],
'CUSTOMER' => $this->_domain['loginname'],
'ADMIN' => $admin['loginname'],
'OPEN_BASEDIR' => $openbasedir,
'OPEN_BASEDIR_C' => $openbasedirc,
'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot']),
'CUSTOMER_HOMEDIR' => makeCorrectDir($this->_domain['customerroot'])
);
// insert a small header for the file
$phpini_file = ";\n";
$phpini_file .= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
$phpini_file .= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
$phpini_file .= ";\n\n";
$phpini_file .= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
$phpini_file = str_replace('"none"', 'none', $phpini_file);
// $phpini_file = preg_replace('/\"+/', '"', $phpini_file);
$phpini_file_handler = fopen($this->getIniFile(), 'w');
fwrite($phpini_file_handler, $phpini_file);
fclose($phpini_file_handler);
safe_exec('chown root:0 ' . escapeshellarg($this->getIniFile()));
safe_exec('chmod 0644 ' . escapeshellarg($this->getIniFile()));
}
/**
* fcgid-config directory
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the directory
*/
public function getConfigDir($createifnotexists = true)
{
$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
}
return $configdir;
}
/**
* fcgid-temp directory
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the directory
*/
public function getTempDir($createifnotexists = true)
{
$tmpdir = makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir') . '/' . $this->_domain['loginname'] . '/');
if (! is_dir($tmpdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
}
return $tmpdir;
}
/**
* return path of php-starter file
*
* @return string the directory
*/
public function getStarterFile()
{
$starter_filename = makeCorrectFile($this->getConfigDir() . '/php-fcgi-starter');
return $starter_filename;
}
/**
* return path of php.ini file
*
* @return string full with path file-name
*/
public function getIniFile()
{
$phpini_filename = makeCorrectFile($this->getConfigDir() . '/php.ini');
return $phpini_filename;
}
/**
* return the admin-data of a specific admin
*
* @param int $adminid
* id of the admin-user
*
* @return array
*/
private function _getAdminData($adminid)
{
$adminid = intval($adminid);
if (! isset($this->_admin_cache[$adminid])) {
$stmt = Database::prepare("
SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id");
$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array(
'id' => $adminid
));
}
return $this->_admin_cache[$adminid];
}
}

409
lib/Froxlor/Cron/Http/Php/Fpm.php Normal file
View File

@@ -0,0 +1,409 @@
<?php
namespace Froxlor\Cron\Http\Php;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @link http://www.nutime.de/
* @since 0.9.16
*
*/
class Fpm
{
/**
* Domain-Data array
*
* @var array
*/
private $_domain = array();
/**
* fpm config
*
* @var array
*/
private $_fpm_cfg = array();
/**
* Admin-Date cache array
*
* @var array
*/
private $_admin_cache = array();
/**
* defines what can be used for pool-config from php.ini
* Mostly taken from http://php.net/manual/en/ini.list.php
*
* @var array
*/
private $_ini = array();
/**
* main constructor
*/
public function __construct($domain)
{
if (! isset($domain['fpm_config_id']) || empty($domain['fpm_config_id'])) {
$domain['fpm_config_id'] = 1;
}
$this->_domain = $domain;
$this->_readFpmConfig($domain['fpm_config_id']);
$this->_buildIniMapping();
}
private function _buildIniMapping()
{
$this->_ini = array(
'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')),
'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')),
'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')),
'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values'))
);
}
private function _readFpmConfig($fpm_config_id)
{
$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
$this->_fpm_cfg = Database::pexecute_first($stmt, array(
'id' => $fpm_config_id
));
}
/**
* create fpm-pool config
*
* @param array $phpconfig
*/
public function createConfig($phpconfig)
{
$fh = @fopen($this->getConfigFile(), 'w');
if ($fh) {
if ($phpconfig['override_fpmconfig'] == 1) {
$this->_fpm_cfg['pm'] = $phpconfig['pm'];
$this->_fpm_cfg['max_children'] = $phpconfig['max_children'];
$this->_fpm_cfg['start_servers'] = $phpconfig['start_servers'];
$this->_fpm_cfg['min_spare_servers'] = $phpconfig['min_spare_servers'];
$this->_fpm_cfg['max_spare_servers'] = $phpconfig['max_spare_servers'];
$this->_fpm_cfg['max_requests'] = $phpconfig['max_requests'];
$this->_fpm_cfg['idle_timeout'] = $phpconfig['idle_timeout'];
$this->_fpm_cfg['limit_extensions'] = $phpconfig['limit_extensions'];
}
$fpm_pm = $this->_fpm_cfg['pm'];
$fpm_children = (int) $this->_fpm_cfg['max_children'];
$fpm_start_servers = (int) $this->_fpm_cfg['start_servers'];
$fpm_min_spare_servers = (int) $this->_fpm_cfg['min_spare_servers'];
$fpm_max_spare_servers = (int) $this->_fpm_cfg['max_spare_servers'];
$fpm_requests = (int) $this->_fpm_cfg['max_requests'];
$fpm_process_idle_timeout = (int) $this->_fpm_cfg['idle_timeout'];
$fpm_limit_extensions = $this->_fpm_cfg['limit_extensions'];
if ($fpm_children == 0) {
$fpm_children = 1;
}
$fpm_config = ';PHP-FPM configuration for "' . $this->_domain['domain'] . '" created on ' . date("Y.m.d H:i:s") . "\n";
$fpm_config .= '[' . $this->_domain['domain'] . ']' . "\n";
$fpm_config .= 'listen = ' . $this->getSocketFile() . "\n";
if ($this->_domain['loginname'] == 'froxlor.panel') {
$fpm_config .= 'listen.owner = ' . $this->_domain['guid'] . "\n";
$fpm_config .= 'listen.group = ' . $this->_domain['guid'] . "\n";
} else {
$fpm_config .= 'listen.owner = ' . $this->_domain['loginname'] . "\n";
$fpm_config .= 'listen.group = ' . $this->_domain['loginname'] . "\n";
}
// see #1418 why this is 0660
$fpm_config .= 'listen.mode = 0660' . "\n";
if ($this->_domain['loginname'] == 'froxlor.panel') {
$fpm_config .= 'user = ' . $this->_domain['guid'] . "\n";
$fpm_config .= 'group = ' . $this->_domain['guid'] . "\n";
} else {
$fpm_config .= 'user = ' . $this->_domain['loginname'] . "\n";
$fpm_config .= 'group = ' . $this->_domain['loginname'] . "\n";
}
$fpm_config .= 'pm = ' . $fpm_pm . "\n";
$fpm_config .= 'pm.max_children = ' . $fpm_children . "\n";
if ($fpm_pm == 'dynamic') {
// honor max_children
if ($fpm_children < $fpm_min_spare_servers) {
$fpm_min_spare_servers = $fpm_children;
}
if ($fpm_children < $fpm_max_spare_servers) {
$fpm_max_spare_servers = $fpm_children;
}
// failsafe, refs #955
if ($fpm_start_servers < $fpm_min_spare_servers) {
$fpm_start_servers = $fpm_min_spare_servers;
}
if ($fpm_start_servers > $fpm_max_spare_servers) {
$fpm_start_servers = $fpm_max_spare_servers;
}
$fpm_config .= 'pm.start_servers = ' . $fpm_start_servers . "\n";
$fpm_config .= 'pm.min_spare_servers = ' . $fpm_min_spare_servers . "\n";
$fpm_config .= 'pm.max_spare_servers = ' . $fpm_max_spare_servers . "\n";
} elseif ($fpm_pm == 'ondemand') {
$fpm_config .= 'pm.process_idle_timeout = ' . $fpm_process_idle_timeout . "\n";
}
$fpm_config .= 'pm.max_requests = ' . $fpm_requests . "\n";
// possible slowlog configs
if ($phpconfig['fpm_slowlog'] == '1') {
$fpm_config .= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
$fpm_config .= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
$slowlog = makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $this->_domain['loginname'] . '-php-slow.log');
$fpm_config .= 'slowlog = ' . $slowlog . "\n";
$fpm_config .= 'catch_workers_output = yes' . "\n";
}
$fpm_config .= ';chroot = ' . makeCorrectDir($this->_domain['documentroot']) . "\n";
$fpm_config .= 'security.limit_extensions = ' . $fpm_limit_extensions . "\n";
$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
if (! is_dir($tmpdir)) {
$this->getTempDir();
}
$env_path = Settings::Get('phpfpm.envpath');
if (! empty($env_path)) {
$fpm_config .= 'env[PATH] = ' . $env_path . "\n";
}
$fpm_config .= 'env[TMP] = ' . $tmpdir . "\n";
$fpm_config .= 'env[TMPDIR] = ' . $tmpdir . "\n";
$fpm_config .= 'env[TEMP] = ' . $tmpdir . "\n";
$openbasedir = '';
if ($this->_domain['loginname'] != 'froxlor.panel') {
if ($this->_domain['openbasedir'] == '1') {
$_phpappendopenbasedir = '';
$_custom_openbasedir = explode(':', Settings::Get('phpfpm.peardir'));
foreach ($_custom_openbasedir as $cobd) {
$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
}
$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));
foreach ($_custom_openbasedir as $cobd) {
$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
}
if ($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) {
$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
} else {
$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
}
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
$openbasedir .= $_phpappendopenbasedir;
}
}
$fpm_config .= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
$admin = $this->_getAdminData($this->_domain['adminid']);
$php_ini_variables = array(
'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
'TMP_DIR' => $this->getTempDir(),
'CUSTOMER_EMAIL' => $this->_domain['email'],
'ADMIN_EMAIL' => $admin['email'],
'DOMAIN' => $this->_domain['domain'],
'CUSTOMER' => $this->_domain['loginname'],
'ADMIN' => $admin['loginname'],
'OPEN_BASEDIR' => $openbasedir,
'OPEN_BASEDIR_C' => '',
'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot']),
'CUSTOMER_HOMEDIR' => makeCorrectDir($this->_domain['customerroot'])
);
$phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables);
$phpini_array = explode("\n", $phpini);
$fpm_config .= "\n\n";
foreach ($phpini_array as $inisection) {
$is = explode("=", $inisection);
foreach ($this->_ini as $sec => $possibles) {
if (in_array(trim($is[0]), $possibles)) {
// check explicitly for open_basedir
if (trim($is[0]) == 'open_basedir' && $openbasedir == '') {
continue;
}
$fpm_config .= $sec . '[' . trim($is[0]) . '] = ' . trim($is[1]) . "\n";
}
}
}
// now check if 'sendmail_path' has not beed set in the custom-php.ini
// if not we use our fallback-default as usual
if (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {
$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->_domain['email'] . "\n";
}
fwrite($fh, $fpm_config, strlen($fpm_config));
fclose($fh);
}
}
/**
* this is done via createConfig as php-fpm defines
* the ini-values/flags in its pool-config
*
* @param string $phpconfig
*/
public function createIniFile($phpconfig)
{
return;
}
/**
* fpm-config file
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the full path to the file
*/
public function getConfigFile($createifnotexists = true)
{
$configdir = $this->_fpm_cfg['config_dir'];
$config = makeCorrectFile($configdir . '/' . $this->_domain['domain'] . '.conf');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
}
return $config;
}
/**
* return path of fpm-socket file
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the full path to the socket
*/
public function getSocketFile($createifnotexists = true)
{
$socketdir = makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));
// add fpm-config-id to filename so it's unique for the fpm-daemon and doesn't interfere with running configs when reuilding
$socket = strtolower(makeCorrectFile($socketdir . '/' . $this->_domain['fpm_config_id'] . '-' . $this->_domain['loginname'] . '-' . $this->_domain['domain'] . '-php-fpm.socket'));
if (! is_dir($socketdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($socketdir));
safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));
}
return $socket;
}
/**
* fpm-temp directory
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the directory
*/
public function getTempDir($createifnotexists = true)
{
$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
if (! is_dir($tmpdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
}
return $tmpdir;
}
/**
* fastcgi-fakedirectory directory
*
* @param boolean $createifnotexists
* create the directory if it does not exist
*
* @return string the directory
*/
public function getAliasConfigDir($createifnotexists = true)
{
// ensure default...
if (Settings::Get('phpfpm.aliasconfigdir') == null) {
Settings::Set('phpfpm.aliasconfigdir', '/var/www/php-fpm');
}
$configdir = makeCorrectDir(Settings::Get('phpfpm.aliasconfigdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
if (! is_dir($configdir) && $createifnotexists) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
}
return $configdir;
}
/**
* create a dummy fpm pool config with minimal configuration
* (this is used whenever a config directory is empty but needs at least one pool to startup/restart)
*
* @param string $configdir
*/
public static function createDummyPool($configdir)
{
if (! is_dir($configdir)) {
safe_exec('mkdir -p ' . escapeshellarg($configdir));
}
$config = makeCorrectFile($configdir . '/dummy.conf');
$dummy = "[dummy]
user = " . Settings::Get('system.httpuser') . "
listen = /run/" . md5($configdir) . "-fpm.sock
pm = static
pm.max_children = 1
";
file_put_contents($config, $dummy);
}
/**
* return the admin-data of a specific admin
*
* @param int $adminid
* id of the admin-user
*
* @return array
*/
private function _getAdminData($adminid)
{
$adminid = intval($adminid);
if (! isset($this->_admin_cache[$adminid])) {
$stmt = Database::prepare("
SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id");
$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array(
'id' => $adminid
));
}
return $this->_admin_cache[$adminid];
}
}

116
lib/Froxlor/Cron/Http/Php/PhpInterface.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
namespace Froxlor\Cron\Http\Php;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @link http://www.nutime.de/
* @since 0.9.16
*
*/
class PhpInterface
{
/**
* Domain-Data array
*
* @var array
*/
private $_domain = array();
/**
* Interface object
*
* @var object
*/
private $_interface = null;
/**
* Admin-User data array
*
* @var array
*/
private $_admin_cache = array();
/**
* main constructor
*/
public function __construct($domain)
{
$this->_domain = $domain;
$this->_setInterface();
}
/**
* returns the interface-object
* from where we can control it
*/
public function getInterface()
{
return $this->_interface;
}
/**
* set interface-object by type of
* php-interface: fcgid or php-fpm
* sets private $_interface variable
*/
private function _setInterface()
{
// php-fpm
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$this->_interface = new Fpm($this->_domain);
} elseif ((int) Settings::Get('system.mod_fcgid') == 1) {
$this->_interface = new Fcgid($this->_domain);
}
}
/**
* return the php-configuration from the database
*
* @param int $php_config_id
* id of the php-configuration
*
* @return array
*/
public function getPhpConfig($php_config_id)
{
$php_config_id = intval($php_config_id);
// If domain has no config, we will use the default one.
if ($php_config_id == 0) {
$php_config_id = 1;
}
if (! isset($this->php_configs_cache[$php_config_id])) {
$stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
$this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array(
'id' => $php_config_id
));
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
$this->_php_configs_cache[$php_config_id]['fpm_settings'] = Database::pexecute_first($stmt, array(
'id' => $this->_php_configs_cache[$php_config_id]['fpmsettingid']
));
}
}
return $this->_php_configs_cache[$php_config_id];
}
}

114
lib/Froxlor/Cron/Http/WebserverBase.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
namespace Froxlor\Cron\Http;
use Froxlor\Database;
use Froxlor\Settings;
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.31
*
*/
class WebserverBase
{
/**
* returns an array with all entries required for all
* webserver-vhost-configs
*
* @return array
*/
public static function getVhostsToCreate()
{
$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
`c`.`phpenabled` AS `phpenabled_customer`,
`d`.`phpenabled` AS `phpenabled_vhost`,
`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`,
`d`.`ocsp_stapling`
FROM `" . TABLE_PANEL_DOMAINS . "` `d`
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)
WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> '1'
ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;
";
$result_domains_stmt = Database::query($query);
// prepare IP statement
$ip_stmt = Database::prepare("
SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
FROM `" . TABLE_DOMAINTOIP . "` `di`, `" . TABLE_PANEL_IPSANDPORTS . "` `p`
WHERE `p`.`id` = `di`.`id_ipandports`
AND `di`.`id_domain` = :domainid
AND `p`.`ssl` = '1'
");
// prepare fpm-config select query
$fpm_sel_stmt = Database::prepare("
SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
WHERE p.id = :phpconfigid
");
$domains = array();
while ($domain = $result_domains_stmt->fetch(\PDO::FETCH_ASSOC)) {
// set whole domain
$domains[$domain['domain']] = $domain;
// set empty-defaults for non-ssl
$domains[$domain['domain']]['ssl'] = '';
$domains[$domain['domain']]['ssl_cert_file'] = '';
$domains[$domain['domain']]['ssl_key_file'] = '';
$domains[$domain['domain']]['ssl_ca_file'] = '';
$domains[$domain['domain']]['ssl_cert_chainfile'] = '';
// now, if the domain has an ssl ip/port assigned, get
// the corresponding information from the db
if (domainHasSslIpPort($domain['id'])) {
$ssl_ip = Database::pexecute_first($ip_stmt, array(
'domainid' => $domain['id']
));
// set ssl info for domain
$domains[$domain['domain']]['ssl'] = '1';
$domains[$domain['domain']]['ssl_cert_file'] = $ssl_ip['ssl_cert_file'];
$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];
$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];
$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];
}
// read fpm-config-id if using fpm
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
'phpconfigid' => $domain['phpsettingid']
));
if ($fpm_config) {
$domains[$domain['domain']]['fpm_config_id'] = $fpm_config['id'];
} else {
// fallback
$domains[$domain['domain']]['fpm_config_id'] = 1;
}
}
}
return $domains;
}
}

168
lib/Froxlor/Cron/Http/cron_tasks.inc.http.25.lighttpd_fcgid.php
View File

@@ -1,168 +0,0 @@
<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
class lighttpd_fcgid extends lighttpd
{
protected function composePhpOptions($domain)
{
$php_options_text = '';
if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
{
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
// vhost data for php-fpm
if((int)Settings::Get('phpfpm.enabled') == 1)
{
$php_options_text = ' fastcgi.server = ( '."\n";
$php_options_text.= "\t".'".php" => ('."\n";
$php_options_text.= "\t\t".'"localhost" => ('."\n";
$php_options_text.= "\t\t".'"socket" => "'.$php->getInterface()->getSocketFile().'",'."\n";
$php_options_text.= "\t\t".'"check-local" => "enable",'."\n";
$php_options_text.= "\t\t".'"disable-time" => 1'."\n";
$php_options_text.= "\t".')'."\n";
$php_options_text.= "\t".')'."\n";
$php_options_text.= ' )'."\n";
}
// vhost data for fcgid
elseif((int)Settings::Get('system.mod_fcgid') == 1)
{
$php_options_text = ' fastcgi.server = ( '."\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
foreach($file_extensions as $f_extension)
{
$php_options_text.= "\t".'".'.$f_extension.'" => ('."\n";
$php_options_text.= "\t\t".'"localhost" => ('."\n";
$php_options_text.= "\t\t".'"socket" => "/var/run/lighttpd/'.$domain['loginname'].'-'.$domain['domain'].'-php.socket",'."\n";
$php_options_text.= "\t\t".'"bin-path" => "'.$phpconfig['binary'].' -c '.$php->getInterface()->getIniFile().'",'."\n";
$php_options_text.= "\t\t".'"bin-environment" => ('."\n";
if((int)$domain['mod_fcgid_starter'] != - 1)
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_CHILDREN" => "' . (int)$domain['mod_fcgid_starter'] . '",'."\n";
}
else
{
if((int)$phpconfig['mod_fcgid_starter'] != - 1)
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_CHILDREN" => "' . (int)$phpconfig['mod_fcgid_starter'] . '",'."\n";
}
else
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_CHILDREN" => "' . (int)Settings::Get('system.mod_fcgid_starter') . '",'."\n";
}
}
if((int)$domain['mod_fcgid_maxrequests'] != - 1)
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_MAX_REQUESTS" => "' . (int)$domain['mod_fcgid_maxrequests'] . '"'."\n";
}
else
{
if((int)$phpconfig['mod_fcgid_maxrequests'] != - 1)
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_MAX_REQUESTS" => "' . (int)$phpconfig['mod_fcgid_maxrequests'] . '"'."\n";
}
else
{
$php_options_text.= "\t\t\t".'"PHP_FCGI_MAX_REQUESTS" => "' . (int)Settings::Get('system.mod_fcgid_maxrequests') . '"'."\n";
}
}
$php_options_text.= "\t\t".')'."\n";
$php_options_text.= "\t".')'."\n";
$php_options_text.= "\t".')'."\n";
} // foreach extension
$php_options_text.= ' )'."\n";
}
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
}
else
{
$php_options_text.= ' # PHP is disabled for this vHost' . "\n";
}
return $php_options_text;
}
public function createOwnVhostStarter()
{
if (Settings::Get('phpfpm.enabled') == '1'
&& Settings::Get('phpfpm.enabled_ownvhost') == '1'
) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); // /var/www/froxlor, needed for chown
$user = Settings::Get('phpfpm.vhost_httpuser');
$group = Settings::Get('phpfpm.vhost_httpgroup');
// get fpm config
$fpm_sel_stmt = Database::prepare("
SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
WHERE p.id = :phpconfigid
");
$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
'phpconfigid' => Settings::Get('phpfpm.vhost_defaultini')
));
$domain = array(
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
'mod_fcgid_starter' => -1,
'mod_fcgid_maxrequests' => -1,
'guid' => $user,
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
'customerroot' => $mypath,
'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1
);
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new phpinterface($domain);
// get php-config
if (Settings::Get('phpfpm.enabled') == '1') {
// fpm
$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
} else {
// fcgid
$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
}
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
}
}
}