make path to acme.conf global alias file customizable

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/131.ssl.php

@@ -88,6 +88,15 @@ return array(
 					'cronmodule' => 'froxlor/letsencrypt',
 					'save_method' => 'storeSettingField'
 				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField',
+				),
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',

install/froxlor.sql

@@ -534,6 +534,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'available_shells', ''),
 	('system', 'le_froxlor_enabled', '0'),
 	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -565,7 +566,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'version', '0.9.37'),
-	('panel', 'db_version', '201609050');
+	('panel', 'db_version', '201609120');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3435,3 +3435,19 @@ if (isDatabaseVersion('201608260')) {
 
 	updateToDbVersion('201609050');
 }
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -679,4 +679,14 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }

lib/configfiles/gentoo.xml

@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/jessie.xml

@@ -68,7 +68,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +287,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/precise.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +246,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/rhel_centos.xml

@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/trusty.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +279,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/wheezy.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -319,7 +319,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/version.inc.php

@@ -19,7 +19,7 @@
 $version = '0.9.37';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201609050';
+$dbversion = '201609120';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/english.lng.php

@@ -2039,3 +2039,5 @@ $lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, al
 $lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';
 $lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Availble only for: %s</em>';
 $lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not availble due to other settings.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Path to the acme.conf snippet";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "File name of the config snippet which allows the web server to serve the acme challenge.";

lng/german.lng.php

@@ -1691,3 +1691,5 @@ $lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktivi
 $lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';
 $lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Nur verfügbar für: %s</em>';
 $lng['serversettings']['option_unavailable'] = '<br><em class="red">Option aufgrund anderer Einstellungen nicht verfügbar.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Pfad zu acme.conf";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "Dateiname der Konfiguration, die dem Webserver erlaubt, die ACME-Challenges zu bedienen.";

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -464,7 +464,8 @@ class nginx extends HttpConfigBase {
 
 		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
 		{
-			$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
+			$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
+			$vhost_content.= "\t".'include '.$acmeConfFilename.';'."\n";
 		}
 
 		// if the documentroot is an URL we just redirect