From 43ca4a28e4302c72b0abebb297a8ba4ebb19d2ca Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 21 Nov 2016 08:19:33 +0100 Subject: [PATCH] add acme.conf alias also to froxlor vhost in case the acme-challenge path is not within the froxlor-docroot; fix empty redirect-code, fixes #1674 Signed-off-by: Michael Kaufmann (d00p) --- .../output/function.RedirectCode.php | 35 ++++++++++--------- .../jobs/cron_tasks.inc.http.10.apache.php | 4 +-- .../jobs/cron_tasks.inc.http.20.lighttpd.php | 5 ++- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 22 +++++++----- 4 files changed, 34 insertions(+), 32 deletions(-) diff --git a/lib/functions/output/function.RedirectCode.php b/lib/functions/output/function.RedirectCode.php index b970e3b0..37bd10e1 100644 --- a/lib/functions/output/function.RedirectCode.php +++ b/lib/functions/output/function.RedirectCode.php @@ -16,11 +16,11 @@ /** * return an array of all enabled redirect-codes - * + * * @return array array of enabled redirect-codes */ function getRedirectCodesArray() { - + $sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC"; $result_stmt = Database::query($sql); @@ -35,13 +35,13 @@ function getRedirectCodesArray() { /** * return an array of all enabled redirect-codes * for the settings form - * + * * @return array array of enabled redirect-codes */ function getRedirectCodes() { global $lng; - + $sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC"; $result_stmt = Database::query($sql); @@ -54,16 +54,17 @@ function getRedirectCodes() { } /** - * returns the redirect-code for a given + * returns the redirect-code for a given * domain-id - * + * * @param integer $domainid id of the domain - * + * @param string $default + * * @return string redirect-code */ -function getDomainRedirectCode($domainid = 0) { +function getDomainRedirectCode($domainid = 0, $default = '') { - $code = ''; + $code = $default; if ($domainid > 0) { $result_stmt = Database::prepare(" @@ -83,11 +84,11 @@ function getDomainRedirectCode($domainid = 0) { } /** - * returns the redirect-id for a given + * returns the redirect-id for a given * domain-id - * + * * @param integer $domainid id of the domain - * + * * @return integer redirect-code-id */ function getDomainRedirectId($domainid = 0) { @@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) { /** * adds a redirectcode for a domain - * + * * @param integer $domainid id of the domain to add the code for - * @param integer $redirect selected redirect-id - * + * @param integer $redirect selected redirect-id + * * @return null */ function addRedirectToDomain($domainid = 0, $redirect = 1) { @@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) { /** * updates the redirectcode of a domain * if redirect-code is false, nothing happens - * + * * @param integer $domainid id of the domain to update * @param integer $redirect selected redirect-id or false - * + * * @return null */ function updateRedirectOfDomain($domainid = 0, $redirect = false) { diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 156435a3..b6a9697a 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -875,10 +875,8 @@ class apache extends HttpConfigBase if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { $corrected_docroot = $domain['documentroot']; - // prevent empty return-cde - $code = "301"; // Get domain's redirect code - $code = getDomainRedirectCode($domain['id']); + $code = getDomainRedirectCode($domain['id'], '301'); $modrew_red = ''; if ($code != '') { $modrew_red = ' [R=' . $code . ';L,NE]'; diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index 1f37d4c8..a069d056 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -432,10 +432,9 @@ class lighttpd extends HttpConfigBase if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { $uri = $domain['documentroot']; - // prevent empty return-cde - $code = "301"; + // Get domain's redirect code - $code = getDomainRedirectCode($domain['id']); + $code = getDomainRedirectCode($domain['id'], '301'); $vhost_content .= ' url.redirect-code = ' . $code. "\n"; $vhost_content .= ' url.redirect = (' . "\n"; diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index dcff6ff1..a99f41bf 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -196,17 +196,22 @@ class nginx extends HttpConfigBase } } - $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1'; - + $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1'; + /** * this HAS to be set for the default host in nginx or else no vhost will work */ - $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; + $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n"; $this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n"; $this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n"; + if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') { + $acmeConfFilename = Settings::Get('system.letsencryptacmeconf'); + $this->nginx_data[$vhost_filename] .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n"; + } + $is_redirect = false; // check for SSL redirect if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') { @@ -219,7 +224,7 @@ class nginx extends HttpConfigBase } else { $_sslport = $this->checkAlternativeSslPort(); $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; - $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n"; + $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n"; $this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n"; $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n"; } @@ -464,12 +469,11 @@ class nginx extends HttpConfigBase if (substr($uri, - 1) == '/') { $uri = substr($uri, 0, - 1); } - // prevent empty return-cde - $code = "301"; - // Get domain's redirect code - $code = getDomainRedirectCode($domain['id']); - $vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n"; + // Get domain's redirect code + $code = getDomainRedirectCode($domain['id'], '301'); + + $vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n"; $vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n"; $vhost_content .= "\t" . '}' . "\n"; } else {