diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php
index 56c27cd5..dc03f926 100644
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -153,7 +153,33 @@ return array(
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
- )
+ ),
+ 'system_hsts_maxage' => array(
+ 'label' => $lng['admin']['domain_hsts_maxage'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_maxage',
+ 'type' => 'int',
+ 'int_min' => 0,
+ 'int_max' => 94608000, // 3-years
+ 'default' => 0,
+ 'save_method' => 'storeSettingField'
+ ),
+ 'system_hsts_incsub' => array(
+ 'label' => $lng['admin']['domain_hsts_incsub'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_incsub',
+ 'type' => 'bool',
+ 'default' => false,
+ 'save_method' => 'storeSettingField'
+ ),
+ 'system_hsts_preload' => array(
+ 'label' => $lng['admin']['domain_hsts_preload'],
+ 'settinggroup' => 'system',
+ 'varname' => 'hsts_preload',
+ 'type' => 'bool',
+ 'default' => false,
+ 'save_method' => 'storeSettingField'
+ ),
)
)
)
diff --git a/install/froxlor.sql b/install/froxlor.sql
index cd6daeb7..63ce8661 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -573,7 +573,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
('panel', 'password_special_char_required', '0'),
('panel', 'password_special_char', '!?<>§$%+#=@'),
('panel', 'version', '0.9.37'),
- ('panel', 'db_version', '201609240');
+ ('panel', 'db_version', '201610070');
DROP TABLE IF EXISTS `panel_tasks`;
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index de3c2de8..66fea160 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3478,11 +3478,26 @@ if (isDatabaseVersion('201609120')) {
if (isDatabaseVersion('201609200')) {
- showUpdateStep("Changing tables to be more mysql strict-mode compatible");
- Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
- Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
- Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
- lastStepStatus(0);
+ showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+ Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+ Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+ Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+ lastStepStatus(0);
- updateToDbVersion('201609240');
+ updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+ showUpdateStep("Add HSTS settings for froxlor-vhost");
+ Settings::AddNew("system.hsts_maxage", 0);
+ Settings::AddNew("system.hsts_incsub", 0);
+ Settings::AddNew("system.hsts_preload", 0);
+ lastStepStatus(0);
+
+ showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+ Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+ lastStepStatus(0);
+
+ updateToDbVersion('201610070');
}
diff --git a/lib/classes/output/class.htmlform.php b/lib/classes/output/class.htmlform.php
index 2bc6edca..6f1c4a3b 100644
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -122,6 +122,8 @@ class htmlform
return self::_checkbox($fieldname, $data); break;
case 'file':
return self::_file($fieldname, $data); break;
+ case 'int':
+ return self::_int($fieldname, $data); break;
}
}
@@ -313,4 +315,29 @@ class htmlform
return $return;
}
+ private static function _int($fieldname = '', $data = array())
+ {
+ $return = '';
+ $extras = '';
+ if(isset($data['int_min'])) {
+ $extras .= ' min="'.$data['int_min'].'"';
+ }
+ if(isset($data['int_max'])) {
+ $extras .= ' max="'.$data['int_max'].'"';
+ }
+
+ // add support to save reloaded forms
+ if (isset($data['value'])) {
+ $value = $data['value'];
+ } elseif (isset($_SESSION['requestData'][$fieldname])) {
+ $value = $_SESSION['requestData'][$fieldname];
+ } else {
+ $value = '';
+ }
+
+ $type = 'number';
+ $ulfield = '';
+ eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+ return $return;
+ }
}
diff --git a/lib/formfields/admin/domains/formfield.domains_add.php b/lib/formfields/admin/domains/formfield.domains_add.php
index c85d6500..15ca70e4 100644
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -101,40 +101,6 @@ return array(
'is_array' => 1,
'mandatory' => true
),
- 'ssl_ipandport' => array(
- 'label' => $lng['domains']['ipandport_ssl_multi']['title'],
- 'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
- 'type' => 'checkbox',
- 'values' => $ssl_ipsandports,
- 'value' => '',
- 'is_array' => 1
- ),
- 'ssl_redirect' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
- 'label' => $lng['domains']['ssl_redirect']['title'],
- 'desc' => $lng['domains']['ssl_redirect']['description'],
- 'type' => 'checkbox',
- 'values' => array(
- array ('label' => $lng['panel']['yes'], 'value' => '1')
- ),
- 'value' => array()
- ),
- 'letsencrypt' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
- 'label' => $lng['admin']['letsencrypt']['title'],
- 'desc' => $lng['admin']['letsencrypt']['description'],
- 'type' => 'checkbox',
- 'values' => array(
- array ('label' => $lng['panel']['yes'], 'value' => '1')
- ),
- 'value' => array()
- ),
- 'no_ssl_available_info' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
- 'label' => 'SSL',
- 'type' => 'label',
- 'value' => $lng['panel']['nosslipsavailable']
- ),
'selectserveralias' => array(
'label' => $lng['admin']['selectserveralias'],
'desc' => $lng['admin']['selectserveralias_desc'],
@@ -161,6 +127,76 @@ return array(
)
)
),
+ 'section_bssl' => array(
+ 'title' => $lng['admin']['webserversettings_ssl'],
+ 'image' => 'icons/domain_add.png',
+ 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+ 'fields' => array(
+ 'ssl_ipandport' => array(
+ 'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+ 'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+ 'type' => 'checkbox',
+ 'values' => $ssl_ipsandports,
+ 'value' => '',
+ 'is_array' => 1
+ ),
+ 'ssl_redirect' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['domains']['ssl_redirect']['title'],
+ 'desc' => $lng['domains']['ssl_redirect']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array()
+ ),
+ 'letsencrypt' => array(
+ 'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+ 'label' => $lng['admin']['letsencrypt']['title'],
+ 'desc' => $lng['admin']['letsencrypt']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array()
+ ),
+ 'no_ssl_available_info' => array(
+ 'visible' => ($ssl_ipsandports == '' ? true : false),
+ 'label' => 'SSL',
+ 'type' => 'label',
+ 'value' => $lng['panel']['nosslipsavailable']
+ ),
+ 'hsts_maxage' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_maxage']['title'],
+ 'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+ 'type' => 'int',
+ 'int_min' => 0,
+ 'int_max' => 94608000, // 3-years
+ 'value' => 0
+ ),
+ 'hsts_incsub' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_incsub']['title'],
+ 'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array()
+ ),
+ 'hsts_preload' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_preload']['title'],
+ 'desc' => $lng['admin']['domain_hsts_preload']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array()
+ ),
+ ),
+ ),
'section_c' => array(
'title' => $lng['admin']['phpserversettings'],
'image' => 'icons/domain_add.png',
diff --git a/lib/formfields/admin/domains/formfield.domains_edit.php b/lib/formfields/admin/domains/formfield.domains_edit.php
index 6837da0a..11b6c6bc 100644
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -113,40 +113,6 @@ return array(
'is_array' => 1,
'mandatory' => true
),
- 'ssl_ipandport' => array(
- 'label' => $lng['domains']['ipandport_ssl_multi']['title'],
- 'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
- 'type' => 'checkbox',
- 'values' => $ssl_ipsandports,
- 'value' => $usedips,
- 'is_array' => 1
- ),
- 'ssl_redirect' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
- 'label' => $lng['domains']['ssl_redirect']['title'],
- 'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
- 'type' => 'checkbox',
- 'values' => array(
- array ('label' => $lng['panel']['yes'], 'value' => '1')
- ),
- 'value' => array($result['ssl_redirect'])
- ),
- 'letsencrypt' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
- 'label' => $lng['admin']['letsencrypt']['title'],
- 'desc' => $lng['admin']['letsencrypt']['description'],
- 'type' => 'checkbox',
- 'values' => array(
- array ('label' => $lng['panel']['yes'], 'value' => '1')
- ),
- 'value' => array($result['letsencrypt'])
- ),
- 'no_ssl_available_info' => array(
- 'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
- 'label' => 'SSL',
- 'type' => 'label',
- 'value' => $lng['panel']['nosslipsavailable']
- ),
'selectserveralias' => array(
'label' => $lng['admin']['selectserveralias'],
'desc' => $lng['admin']['selectserveralias_desc'],
@@ -184,6 +150,76 @@ return array(
)
)
),
+ 'section_bssl' => array(
+ 'title' => $lng['admin']['webserversettings_ssl'],
+ 'image' => 'icons/domain_edit.png',
+ 'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+ 'fields' => array(
+ 'ssl_ipandport' => array(
+ 'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+ 'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+ 'type' => 'checkbox',
+ 'values' => $ssl_ipsandports,
+ 'value' => $usedips,
+ 'is_array' => 1
+ ),
+ 'ssl_redirect' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['domains']['ssl_redirect']['title'],
+ 'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array($result['ssl_redirect'])
+ ),
+ 'letsencrypt' => array(
+ 'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+ 'label' => $lng['admin']['letsencrypt']['title'],
+ 'desc' => $lng['admin']['letsencrypt']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array($result['letsencrypt'])
+ ),
+ 'no_ssl_available_info' => array(
+ 'visible' => ($ssl_ipsandports == '' ? true : false),
+ 'label' => 'SSL',
+ 'type' => 'label',
+ 'value' => $lng['panel']['nosslipsavailable']
+ ),
+ 'hsts_maxage' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_maxage']['title'],
+ 'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+ 'type' => 'int',
+ 'int_min' => 0,
+ 'int_max' => 94608000, // 3-years
+ 'value' => $result['hsts']
+ ),
+ 'hsts_incsub' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_incsub']['title'],
+ 'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array($result['hsts_sub'])
+ ),
+ 'hsts_preload' => array(
+ 'visible' => ($ssl_ipsandports != '' ? true : false),
+ 'label' => $lng['admin']['domain_hsts_preload']['title'],
+ 'desc' => $lng['admin']['domain_hsts_preload']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array ('label' => $lng['panel']['yes'], 'value' => '1')
+ ),
+ 'value' => array($result['hsts_preload'])
+ ),
+ )
+ ),
'section_c' => array(
'title' => $lng['admin']['phpserversettings'],
'image' => 'icons/domain_edit.png',
diff --git a/lib/init.php b/lib/init.php
index 1c116a2c..b4e4c018 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -39,11 +39,6 @@ header("X-XSS-Protection: 1; mode=block");
// Don't allow to load Froxlor in an iframe to prevent i.e. clickjacking
header("X-Frame-Options: DENY");
-// If Froxlor was called via HTTPS -> enforce it for the next time
-if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
- header("Strict-Transport-Security: max-age=15768000");
-}
-
// Internet Explorer shall not guess the Content-Type, see:
// http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
header("X-Content-Type-Options: nosniff");
@@ -127,6 +122,24 @@ require FROXLOR_INSTALL_DIR.'/lib/tables.inc.php';
*/
$idna_convert = new idna_convert_wrapper();
+/**
+ * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
+ */
+if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+ $maxage = Settings::Get('system.hsts_maxage');
+ if (empty($maxage)) {
+ $maxage = 0;
+ }
+ $hsts_header = "Strict-Transport-Security: max-age=".$maxage;
+ if (Settings::Get('system.hsts_incsub') == '1') {
+ $hsts_header .= "; includeSubDomains";
+ }
+ if (Settings::Get('system.hsts_preload') == '1') {
+ $hsts_header .= "; preload";
+ }
+ header($hsts_header);
+}
+
/**
* disable magic_quotes_runtime if enabled
*/
diff --git a/lib/version.inc.php b/lib/version.inc.php
index 6f16ab32..52a85722 100644
--- a/lib/version.inc.php
+++ b/lib/version.inc.php
@@ -19,7 +19,7 @@
$version = '0.9.37';
// Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201609240';
+$dbversion = '201610070';
// Distribution branding-tag (used for Debian etc.)
$branding = '';
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 6859fd06..036cf118 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -2027,7 +2027,7 @@ $lng['error']['dns_record_toolong'] = 'Records/labels can only be up to 63 chara
$lng['serversettings']['panel_customer_hide_options']['title'] = 'Hide menu items and traffic charts in customer panel';
$lng['serversettings']['panel_customer_hide_options']['description'] = 'Select items to hide in customer panel. To select multiple options, hold down CTRL while selecting.';
-// Added in froxlor 0.9.37.1
+// Added in froxlor 0.9.38-rc1
$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Allow customers to enable shell access for ftp-users';
$lng['serversettings']['allow_allow_customer_shell']['description'] = 'Please note: Shell access allows the user to execute various binaries on your system. Use with extrem caution. Please only activate this if you REALLY know what you are doing!!!';
$lng['serversettings']['available_shells']['title'] = 'List of available shells';
@@ -2055,3 +2055,10 @@ $lng['domains']['ssl_certificates'] = 'SSL certificates';
$lng['domains']['ssl_certificate_removed'] = 'The certificate with the id #%s has been removed successfully';
$lng['domains']['ssl_certificate_error'] = "Error reading certificate for domain: %s";
$lng['domains']['no_ssl_certificates'] = "There are no domains with SSL certificate";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL settings';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = 'Specify the max-age value for the Strict-Transport-Security header
The value 0 will disable HSTS for the domain. Most user set a value of 31536000 (one year).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in HSTS preload list';
+$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.
Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.
Please read the details at hstspreload.appspot.com/#removal before sending the header with "preload".';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index fc6d9489..0af16748 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1679,7 +1679,7 @@ $lng['error']['dns_record_toolong'] = 'Records/Labels können maximal 63 Zeichen
$lng['serversettings']['panel_customer_hide_options']['title'] = 'Menüpunkte und Traffic-Charts im Kundenbereich ausblenden';
$lng['serversettings']['panel_customer_hide_options']['description'] = 'Wählen Sie hier die gewünschten Menüpunkte und Traffic-Charts aus, welche im Kundenbereich ausgeblendet werden sollen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt.';
-// Added in froxlor 0.9.37.1
+// Added in froxlor 0.9.38-rc1
$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Erlaube Kunden für FTP Benutzer eine Shell auszuwählen';
$lng['serversettings']['allow_allow_customer_shell']['description'] = 'Bitte beachten: Shell Zugriff gestattet dem Benutzer verschiedene Programme auf Ihrem System auszuführen. Mit großer Vorsicht verwenden. Bitte aktiviere dies nur wenn WIRKLICH bekannt ist, was das bedeutet!!!';
$lng['serversettings']['available_shells']['title'] = 'Liste der verfügbaren Shells';
@@ -1706,3 +1706,10 @@ $lng['domains']['ssl_certificates'] = 'SSL Zertifikate';
$lng['domains']['ssl_certificate_removed'] = 'Das Zertifikat mit der ID #%s wurde erfolgreich gelöscht.';
$lng['domains']['ssl_certificate_error'] = "Fehler beim Lesen des Zertifikats für die Domain: %s";
$lng['domains']['no_ssl_certificates'] = "Es wurden keine SSL-Zertifikate gefunden";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header
Der Wert 0 deaktiviert HSTS für diese Domain. Meist wird der Wert 31536000 gerne genutzt (ein Jahr).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die HSTS preload Liste hinzu';
+$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.
Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.
Beachte Details unter hstspreload.appspot.com/#removal bevor ein Header mit "preload" gesendet wird.';
diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 4d6acb46..07ec5752 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -836,7 +836,7 @@ class apache extends HttpConfigBase
$vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
}
- if ($domain['hsts'] > 0) {
+ if ($domain['hsts'] >= 0) {
$vhost_content .= ' ' . "\n";
$vhost_content .= ' Header always set Strict-Transport-Security "max-age=' . $domain['hsts'];
if ($domain['hsts_sub'] == 1) {
diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
index 90b70cc0..651f80db 100644
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -519,7 +519,7 @@ class lighttpd extends HttpConfigBase
$ssl_settings .= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
}
- if ($domain['hsts'] > 0) {
+ if ($domain['hsts'] >= 0) {
$vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
if ($domain['hsts_sub'] == 1) {
diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
index 81263633..3a79d610 100644
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -1,4 +1,7 @@
- (2010-)
- * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package Cron
+ * @copyright (c) the authors
+ * @author Froxlor team (2010-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
*
*/
-require_once(dirname(__FILE__).'/../classes/class.HttpConfigBase.php');
+require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
+
+class nginx extends HttpConfigBase
+{
-class nginx extends HttpConfigBase {
private $logger = false;
+
private $idnaConvert = false;
+
private $nginx_server = array();
// protected
protected $nginx_data = array();
+
protected $needed_htpasswds = array();
+
protected $auth_backend_loaded = false;
+
protected $htpasswds_data = array();
+
protected $known_htpasswdsfilenames = array();
+
protected $mod_accesslog_loaded = '0';
+
protected $vhost_root_autoindex = false;
+
protected $known_vhostfilenames = array();
+
/**
* indicator whether a customer is deactivated or not
* if yes, only the webroot will be generated
@@ -39,42 +54,36 @@ class nginx extends HttpConfigBase {
*/
private $_deactivated = false;
- public function __construct($logger, $idnaConvert, $nginx_server=array()) {
+ public function __construct($logger, $idnaConvert, $nginx_server = array())
+ {
$this->logger = $logger;
$this->idnaConvert = $idnaConvert;
$this->nginx_server = $nginx_server;
}
-
- public function reload() {
+ public function reload()
+ {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: reloading nginx');
safe_exec(Settings::Get('system.apachereload_command'));
/**
* nginx does not auto-spawn fcgi-processes
*/
- if (Settings::Get('system.phpreload_command') != ''
- && (int)Settings::Get('phpfpm.enabled') == 0
- ) {
+ if (Settings::Get('system.phpreload_command') != '' && (int) Settings::Get('phpfpm.enabled') == 0) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: restarting php processes');
safe_exec(Settings::Get('system.phpreload_command'));
- } elseif ((int)Settings::Get('phpfpm.enabled') == 1) {
+ } elseif ((int) Settings::Get('phpfpm.enabled') == 1) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: reloading php-fpm');
safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
}
}
-
/**
* define a default ErrorDocument-statement, bug #unknown-yet
*/
- private function _createStandardErrorHandler() {
- if (Settings::Get('defaultwebsrverrhandler.enabled') == '1'
- && (Settings::Get('defaultwebsrverrhandler.err401') != ''
- || Settings::Get('defaultwebsrverrhandler.err403') != ''
- || Settings::Get('defaultwebsrverrhandler.err404') != ''
- || Settings::Get('defaultwebsrverrhandler.err500') != '')
- ) {
+ private function _createStandardErrorHandler()
+ {
+ if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
$vhosts_folder = '';
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -84,33 +93,36 @@ class nginx extends HttpConfigBase {
$vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_default_errorhandler.conf');
- if (!isset($this->nginx_data[$vhosts_filename])) {
+ if (! isset($this->nginx_data[$vhosts_filename])) {
$this->nginx_data[$vhosts_filename] = '';
}
- $statusCodes = array('401', '403', '404', '500');
+ $statusCodes = array(
+ '401',
+ '403',
+ '404',
+ '500'
+ );
foreach ($statusCodes as $statusCode) {
if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
- if (!validateUrl($defhandler)) {
+ if (! validateUrl($defhandler)) {
$defhandler = makeCorrectFile($defhandler);
}
- $this->nginx_data[$vhosts_filename].= 'error_page ' . $statusCode . ' ' . $defhandler . ';' . "\n";
+ $this->nginx_data[$vhosts_filename] .= 'error_page ' . $statusCode . ' ' . $defhandler . ';' . "\n";
}
}
}
}
+ public function createVirtualHosts()
+ {}
- public function createVirtualHosts() {
- }
+ public function createFileDirOptions()
+ {}
-
- public function createFileDirOptions() {
- }
-
-
- public function createIpPort() {
+ public function createIpPort()
+ {
$result_ipsandports_stmt = Database::query("
SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC
");
@@ -126,7 +138,7 @@ class nginx extends HttpConfigBase {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::createIpPort: creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
- if (!isset($this->nginx_data[$vhost_filename])) {
+ if (! isset($this->nginx_data[$vhost_filename])) {
$this->nginx_data[$vhost_filename] = '';
}
@@ -159,7 +171,7 @@ class nginx extends HttpConfigBase {
'adminid' => 1, /* first admin-user (superadmin) */
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
- 'parentdomainid' => 0,
+ 'parentdomainid' => 0
);
// override corresponding array values
@@ -187,11 +199,11 @@ class nginx extends HttpConfigBase {
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
- $this->nginx_data[$vhost_filename] .= "\t". 'listen ' . $ip . ':' . $port . ' default_server'. ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
- $this->nginx_data[$vhost_filename] .= "\t".'# Froxlor default vhost' . "\n";
- $this->nginx_data[$vhost_filename] .= "\t".'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
- $this->nginx_data[$vhost_filename] .= "\t".'access_log /var/log/nginx/access.log;' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
$is_redirect = false;
// check for SSL redirect
@@ -205,26 +217,23 @@ class nginx extends HttpConfigBase {
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
- $this->nginx_data[$vhost_filename] .= "\t".'return 301 '.$mypath.'$request_uri;'."\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
}
}
- if (!$is_redirect) {
- $this->nginx_data[$vhost_filename] .= "\t".'root '.$mypath.';'."\n";
- $this->nginx_data[$vhost_filename] .= "\t".'index index.php index.html index.htm;'."\n\n";
- $this->nginx_data[$vhost_filename] .= "\t".'location / {'."\n";
- $this->nginx_data[$vhost_filename] .= "\t".'}'."\n";
+ if (! $is_redirect) {
+ $this->nginx_data[$vhost_filename] .= "\t" . 'root ' . $mypath . ';' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'index index.php index.html index.htm;' . "\n\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
+ $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}
if ($row_ipsandports['specialsettings'] != '') {
- $this->nginx_data[$vhost_filename].= $this->processSpecialConfigTemplate(
- $row_ipsandports['specialsettings'],
- array('domain'=> Settings::Get('system.hostname'),
- 'loginname' => Settings::Get('phpfpm.vhost_httpuser'),
- 'documentroot'=> $mypath),
- $row_ipsandports['ip'],
- $row_ipsandports['port'],
- $row_ipsandports['ssl'] == '1'). "\n";
+ $this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array(
+ 'domain' => Settings::Get('system.hostname'),
+ 'loginname' => Settings::Get('phpfpm.vhost_httpuser'),
+ 'documentroot' => $mypath
+ ), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
/**
@@ -232,13 +241,13 @@ class nginx extends HttpConfigBase {
*/
if ($row_ipsandports['ssl'] == '1') {
$row_ipsandports['domain'] = Settings::Get('system.hostname');
- $this->nginx_data[$vhost_filename].=$this->composeSslSettings($row_ipsandports);
+ $this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
}
- if (!$is_redirect) {
+ if (! $is_redirect) {
$this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
- $this->nginx_data[$vhost_filename] .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n";
+ $this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
@@ -247,24 +256,24 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
}
- if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
+ if ((int) Settings::Get('phpfpm.enabled') == 1 && (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array(
'id' => 'none',
'domain' => Settings::Get('system.hostname'),
'adminid' => 1, /* first admin-user (superadmin) */
- 'mod_fcgid_starter' => -1,
- 'mod_fcgid_maxrequests' => -1,
+ 'mod_fcgid_starter' => - 1,
+ 'mod_fcgid_maxrequests' => - 1,
'guid' => Settings::Get('phpfpm.vhost_httpuser'),
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
- 'documentroot' => $mypath,
+ 'documentroot' => $mypath
);
$php = new phpinterface($domain);
- $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n";
+ $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
} else {
- $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
+ $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
}
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
@@ -284,36 +293,32 @@ class nginx extends HttpConfigBase {
$this->_createStandardErrorHandler();
}
-
/**
* create vhosts
*/
- protected function createNginxHosts() {
-
+ protected function createNginxHosts()
+ {
$domains = WebserverBase::getVhostsToCreate();
foreach ($domains as $domain) {
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
- safe_exec('mkdir -p '.escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
+ safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
}
$vhost_filename = $this->getVhostFilename($domain);
- if (!isset($this->nginx_data[$vhost_filename])) {
+ if (! isset($this->nginx_data[$vhost_filename])) {
$this->nginx_data[$vhost_filename] = '';
}
- if ((empty($this->nginx_data[$vhost_filename])
- && !is_dir(Settings::Get('system.apacheconf_vhost')))
- || is_dir(Settings::Get('system.apacheconf_vhost'))
- ) {
+ if ((empty($this->nginx_data[$vhost_filename]) && ! is_dir(Settings::Get('system.apacheconf_vhost'))) || is_dir(Settings::Get('system.apacheconf_vhost'))) {
$domain['nonexistinguri'] = '/' . md5(uniqid(microtime(), 1)) . '.htm';
// Create non-ssl host
- $this->nginx_data[$vhost_filename].= $this->getVhostContent($domain, false);
+ $this->nginx_data[$vhost_filename] .= $this->getVhostContent($domain, false);
if ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') {
$vhost_filename_ssl = $this->getVhostFilename($domain, true);
- if (!isset($this->nginx_data[$vhost_filename_ssl])) {
+ if (! isset($this->nginx_data[$vhost_filename_ssl])) {
$this->nginx_data[$vhost_filename_ssl] = '';
}
// Now enable ssl stuff
@@ -323,57 +328,45 @@ class nginx extends HttpConfigBase {
}
}
-
- protected function getVhostFilename($domain, $ssl_vhost = false) {
- if ((int)$domain['parentdomainid'] == 0
- && isCustomerStdSubdomain((int)$domain['id']) == false
- && ((int)$domain['ismainbutsubto'] == 0
- || domainMainToSubExists($domain['ismainbutsubto']) == false)
- ) {
+ protected function getVhostFilename($domain, $ssl_vhost = false)
+ {
+ if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
$vhost_no = '35';
- } elseif ((int)$domain['parentdomainid'] == 0
- && isCustomerStdSubdomain((int)$domain['id']) == false
- && (int)$domain['ismainbutsubto'] > 0
- ) {
+ } elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
$vhost_no = '30';
} else {
// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
- $vhost_no = (string)(30 - substr_count($domain['domain'], ".") + 1);
+ $vhost_no = (string) (30 - substr_count($domain['domain'], ".") + 1);
}
if ($ssl_vhost === true) {
- $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/'.$vhost_no.'_froxlor_ssl_vhost_' . $domain['domain'] . '.conf');
+ $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_ssl_vhost_' . $domain['domain'] . '.conf');
} else {
- $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/'.$vhost_no.'_froxlor_normal_vhost_' . $domain['domain'] . '.conf');
+ $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_normal_vhost_' . $domain['domain'] . '.conf');
}
return $vhost_filename;
}
-
- protected function getVhostContent($domain, $ssl_vhost = false) {
- if ($ssl_vhost === true
- && $domain['ssl'] != '1'
- && $domain['ssl_redirect'] != '1'
- ) {
+ protected function getVhostContent($domain, $ssl_vhost = false)
+ {
+ if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
return '';
}
// check whether the customer is deactivated and NO docroot for deactivated users has been set#
$ddr = Settings::Get('system.deactivateddocroot');
if ($domain['deactivated'] == '1' && empty($ddr)) {
- return '# Customer deactivated and a docroot for deactivated users hasn\'t been set.' . "\n";
+ return '# Customer deactivated and a docroot for deactivated users hasn\'t been set.' . "\n";
}
$vhost_content = '';
$_vhost_content = '';
- $query = "SELECT * FROM `".TABLE_PANEL_IPSANDPORTS."` `i`, `".TABLE_DOMAINTOIP."` `dip`
+ $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
- if ($ssl_vhost === true
- && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')
- ) {
+ if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
// by ordering by cert-file the row with filled out SSL-Fields will be shown last,
// thus it is enough to fill out 1 set of SSL-Fields
$query .= "AND i.ssl = 1 ORDER BY i.ssl_cert_file ASC;";
@@ -382,10 +375,12 @@ class nginx extends HttpConfigBase {
}
// start vhost
- $vhost_content.= 'server { ' . "\n";
+ $vhost_content .= 'server { ' . "\n";
$result_stmt = Database::prepare($query);
- Database::pexecute($result_stmt, array('domainid' => $domain['id']));
+ Database::pexecute($result_stmt, array(
+ 'domainid' => $domain['id']
+ ));
while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -411,41 +406,34 @@ class nginx extends HttpConfigBase {
}
if ($ipandport['default_vhostconf_domain'] != '') {
- $_vhost_content .= $this->processSpecialConfigTemplate(
- $ipandport['default_vhostconf_domain'],
- $domain,
- $domain['ip'],
- $domain['port'],
- $ssl_vhost). "\n";
+ $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
- $vhost_content.= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+ $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
}
// get all server-names
$vhost_content .= $this->getServerNames($domain);
// respect ssl_redirect settings, #542
- if ($ssl_vhost == false
- && $domain['ssl'] == '1'
- && $domain['ssl_redirect'] == '1') {
+ if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled, if any
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
- $ssldestport_stmt = Database::prepare(
- "SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip`
- LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)
+ $ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
+ LEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)
WHERE `dip`.`id_domain` = :domainid
AND `ip`.`ssl` = '1' AND `ip`.`port` != 443
- ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;"
- );
- $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
+ ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;");
+ $ssldestport = Database::pexecute_first($ssldestport_stmt, array(
+ 'domainid' => $domain['id']
+ ));
if ($ssldestport['port'] != '') {
- $_sslport = ":".$ssldestport['port'];
+ $_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
@@ -455,26 +443,22 @@ class nginx extends HttpConfigBase {
$domain['documentroot'] = trim($domain['documentroot']);
// create ssl settings first since they are required for normal and redirect vhosts
- if ($ssl_vhost === true
- && $domain['ssl'] == '1'
- && Settings::Get('system.use_ssl') == '1'
- ) {
- $vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
+ if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
+ $vhost_content .= "\n" . $this->composeSslSettings($domain) . "\n";
}
- if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
- {
+ if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1') {
$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
- $vhost_content.= "\t".'include '.$acmeConfFilename.';'."\n";
+ $vhost_content .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
}
// if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
$uri = $this->idnaConvert->encode_uri($domain['documentroot']);
- if (substr($uri, -1) == '/') {
- $uri = substr($uri, 0, -1);
+ if (substr($uri, - 1) == '/') {
+ $uri = substr($uri, 0, - 1);
}
- $vhost_content .= "\t".'return 301 '.$uri.'$request_uri;'."\n";
+ $vhost_content .= "\t" . 'return 301 ' . $uri . '$request_uri;' . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);
@@ -484,18 +468,12 @@ class nginx extends HttpConfigBase {
if ($this->_deactivated == false) {
$vhost_content = $this->mergeVhostCustom($vhost_content, $this->create_pathOptions($domain)) . "\n";
- $vhost_content.= $this->composePhpOptions($domain, $ssl_vhost);
+ $vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);
- $vhost_content.= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : '';
+ $vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : '';
if ($domain['specialsettings'] != "") {
- $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(
- $domain['specialsettings'],
- $domain,
- $domain['ip'],
- $domain['port'],
- $ssl_vhost
- ));
+ $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));
}
if ($_vhost_content != '') {
@@ -503,13 +481,7 @@ class nginx extends HttpConfigBase {
}
if (Settings::Get('system.default_vhostconf') != '') {
- $vhost_content = $this->mergeVhostCustom($vhost_content,
- $this->processSpecialConfigTemplate(
- Settings::Get('system.default_vhostconf'),
- $domain,
- $domain['ip'],
- $domain['port'],
- $ssl_vhost)."\n");
+ $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n");
}
}
}
@@ -518,16 +490,23 @@ class nginx extends HttpConfigBase {
return $vhost_content;
}
- protected function mergeVhostCustom($vhost_frx, $vhost_usr) {
+ protected function mergeVhostCustom($vhost_frx, $vhost_usr)
+ {
// Clean froxlor defined settings
$vhost_frx = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_frx)))); // Break into array items
$vhost_frx = array_map("trim", $vhost_frx); // remove unnecessary whitespaces
// Clean user defined settings
$vhost_usr = str_replace("\r", "\n", $vhost_usr); // Remove windows linebreaks
- $vhost_usr = str_replace(array("{ ", " }"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
+ $vhost_usr = str_replace(array(
+ "{ ",
+ " }"
+ ), array(
+ "{\n",
+ "\n}"
+ ), $vhost_usr); // Break blocks into lines
$vhost_usr = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_usr)))); // Break into array items
- $vhost_usr = array_filter($vhost_usr, create_function('$a','return preg_match("#\S#", $a);')); // Remove empty lines
+ $vhost_usr = array_filter($vhost_usr, create_function('$a', 'return preg_match("#\S#", $a);')); // Remove empty lines
// Cycle through the user defined settings
$currentBlock = array();
@@ -537,10 +516,10 @@ class nginx extends HttpConfigBase {
$currentBlock[] = $line;
if (strpos($line, "{") !== false) {
- $blockLevel++;
+ $blockLevel ++;
}
if (strpos($line, "}") !== false && $blockLevel > 0) {
- $blockLevel--;
+ $blockLevel --;
}
if ($line == "}" && $blockLevel == 0) {
@@ -548,10 +527,10 @@ class nginx extends HttpConfigBase {
// Add to existing block
$pos = array_search($currentBlock[0], $vhost_frx);
do {
- $pos++;
+ $pos ++;
} while ($vhost_frx[$pos] != "}");
- for ($i = 1; $i < count($currentBlock) - 1; $i++) {
+ for ($i = 1; $i < count($currentBlock) - 1; $i ++) {
array_splice($vhost_frx, $pos + $i - 1, 0, $currentBlock[$i]);
}
} else {
@@ -566,13 +545,13 @@ class nginx extends HttpConfigBase {
}
$nextLevel = 0;
- for ($i = 0; $i < count($vhost_frx); $i++) {
+ for ($i = 0; $i < count($vhost_frx); $i ++) {
if (substr_count($vhost_frx[$i], "}") != 0 && substr_count($vhost_frx[$i], "{") == 0) {
$nextLevel -= 1;
$vhost_frx[$i] .= "\n";
}
if ($nextLevel > 0) {
- for ($j = 0; $j < $nextLevel; $j++) {
+ for ($j = 0; $j < $nextLevel; $j ++) {
$vhost_frx[$i] = " " . $vhost_frx[$i];
}
}
@@ -584,8 +563,8 @@ class nginx extends HttpConfigBase {
return implode("\n", $vhost_frx);
}
- protected function composeSslSettings($domain_or_ip) {
-
+ protected function composeSslSettings($domain_or_ip)
+ {
$sslsettings = '';
if ($domain_or_ip['ssl_cert_file'] == '') {
@@ -607,93 +586,95 @@ class nginx extends HttpConfigBase {
if ($domain_or_ip['ssl_cert_file'] != '') {
- // check for existence, #1485
- if (!file_exists($domain_or_ip['ssl_cert_file'])) {
- $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
- } else {
- // obsolete: ssl on now belongs to the listen block as 'ssl' at the end
- //$sslsettings .= "\t" . 'ssl on;' . "\n";
- $sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
- $sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
- $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
- $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
- $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
+ // check for existence, #1485
+ if (! file_exists($domain_or_ip['ssl_cert_file'])) {
+ $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "' . $domain_or_ip['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
+ } else {
+ // obsolete: ssl on now belongs to the listen block as 'ssl' at the end
+ // $sslsettings .= "\t" . 'ssl on;' . "\n";
+ $sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
+ $sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
+ $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
+ $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
+ $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
- if ($domain_or_ip['ssl_key_file'] != '') {
- // check for existence, #1485
- if (!file_exists($domain_or_ip['ssl_key_file'])) {
- $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate key file "'.$domain_or_ip['ssl_key_file'].'" does not exist! Cannot create ssl-directives');
- } else {
- $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
- }
- }
+ if ($domain_or_ip['ssl_key_file'] != '') {
+ // check for existence, #1485
+ if (! file_exists($domain_or_ip['ssl_key_file'])) {
+ $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate key file "' . $domain_or_ip['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
+ } else {
+ $sslsettings .= "\t" . 'ssl_certificate_key ' . makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
+ }
+ }
- if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
- $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
- if ($domain_or_ip['hsts_sub'] == 1) {
- $vhost_content .= '; includeSubDomains';
- }
- if ($domain_or_ip['hsts_preload'] == 1) {
- $vhost_content .= '; preload';
- }
- $vhost_content .= '";' . "\n";
+ if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] >= 0) {
+ $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
+ if ($domain_or_ip['hsts_sub'] == 1) {
+ $vhost_content .= '; includeSubDomains';
+ }
+ if ($domain_or_ip['hsts_preload'] == 1) {
+ $vhost_content .= '; preload';
+ }
+ $vhost_content .= '";' . "\n";
+ }
}
- }
}
return $sslsettings;
}
-
- protected function create_pathOptions($domain) {
+ protected function create_pathOptions($domain)
+ {
$has_location = false;
$result_stmt = Database::prepare("
SELECT * FROM " . TABLE_PANEL_HTACCESS . "
WHERE `path` LIKE :docroot
");
- Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%'));
+ Database::pexecute($result_stmt, array(
+ 'docroot' => $domain['documentroot'] . '%'
+ ));
$path_options = '';
$htpasswds = $this->getHtpasswds($domain);
// for each entry in the htaccess table
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
- if (!empty($row['error404path'])) {
+ if (! empty($row['error404path'])) {
$defhandler = $row['error404path'];
- if (!validateUrl($defhandler)) {
+ if (! validateUrl($defhandler)) {
$defhandler = makeCorrectFile($defhandler);
}
- $path_options .= "\t".'error_page 404 ' . $defhandler . ';' . "\n";
+ $path_options .= "\t" . 'error_page 404 ' . $defhandler . ';' . "\n";
}
- if (!empty($row['error403path'])) {
+ if (! empty($row['error403path'])) {
$defhandler = $row['error403path'];
- if (!validateUrl($defhandler)) {
+ if (! validateUrl($defhandler)) {
$defhandler = makeCorrectFile($defhandler);
}
- $path_options .= "\t".'error_page 403 ' . $defhandler . ';' . "\n";
+ $path_options .= "\t" . 'error_page 403 ' . $defhandler . ';' . "\n";
}
- if (!empty($row['error500path'])) {
+ if (! empty($row['error500path'])) {
$defhandler = $row['error500path'];
- if (!validateUrl($defhandler)) {
+ if (! validateUrl($defhandler)) {
$defhandler = makeCorrectFile($defhandler);
}
- $path_options .= "\t".'error_page 500 502 503 504 ' . $defhandler . ';' . "\n";
+ $path_options .= "\t" . 'error_page 500 502 503 504 ' . $defhandler . ';' . "\n";
}
- // if ($row['options_indexes'] != '0') {
+ // if ($row['options_indexes'] != '0') {
$path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));
mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);
- $path_options .= "\t".'# '.$path."\n";
+ $path_options .= "\t" . '# ' . $path . "\n";
if ($path == '/') {
if ($row['options_indexes'] != '0') {
$this->vhost_root_autoindex = true;
}
- $path_options .= "\t".'location ' . $path . ' {' . "\n";
+ $path_options .= "\t" . 'location ' . $path . ' {' . "\n";
if ($this->vhost_root_autoindex) {
$path_options .= "\t\t" . 'autoindex on;' . "\n";
$this->vhost_root_autoindex = false;
@@ -705,80 +686,77 @@ class nginx extends HttpConfigBase {
if (count($htpasswds) > 0) {
foreach ($htpasswds as $idx => $single) {
switch ($single['path']) {
- case '/awstats/':
- case '/webalizer/':
- // no stats-alias in "location /"-context
- break;
- default:
- if ($single['path'] == '/') {
- $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
- $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';'."\n";
- $path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
- $path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
- $path_options .= "\t\t" . '}' . "\n";
- // remove already used entries so we do not have doubles
- unset($htpasswds[$idx]);
- }
+ case '/awstats/':
+ case '/webalizer/':
+ // no stats-alias in "location /"-context
+ break;
+ default:
+ if ($single['path'] == '/') {
+ $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
+ $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n";
+ $path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
+ $path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
+ $path_options .= "\t\t" . '}' . "\n";
+ // remove already used entries so we do not have doubles
+ unset($htpasswds[$idx]);
+ }
}
}
}
- $path_options .= "\t".'}' . "\n";
+ $path_options .= "\t" . '}' . "\n";
$this->vhost_root_autoindex = false;
} else {
- $path_options .= "\t".'location ' . $path . ' {' . "\n";
+ $path_options .= "\t" . 'location ' . $path . ' {' . "\n";
if ($this->vhost_root_autoindex || $row['options_indexes'] != '0') {
$path_options .= "\t\t" . 'autoindex on;' . "\n";
$this->vhost_root_autoindex = false;
}
- $path_options .= "\t".'} ' . "\n";
+ $path_options .= "\t" . '} ' . "\n";
}
- // }
+ // }
/**
* Perl support
* required the fastCGI wrapper to be running to receive the CGI requests.
*/
- if (customerHasPerlEnabled($domain['customerid'])
- && $row['options_cgi'] != '0'
- ) {
+ if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') {
$path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));
mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);
// We need to remove the last slash, otherwise the regex wouldn't work
if ($row['path'] != $domain['documentroot']) {
- $path = substr($path, 0, -1);
+ $path = substr($path, 0, - 1);
}
$path_options .= "\t" . 'location ~ \(.pl|.cgi)$ {' . "\n";
$path_options .= "\t\t" . 'gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped' . "\n";
- $path_options .= "\t\t" . 'fastcgi_pass '. Settings::Get('system.perl_server') . ';' . "\n";
+ $path_options .= "\t\t" . 'fastcgi_pass ' . Settings::Get('system.perl_server') . ';' . "\n";
$path_options .= "\t\t" . 'fastcgi_index index.cgi;' . "\n";
- $path_options .= "\t\t" . 'include '.Settings::Get('nginx.fastcgiparams').';'."\n";
+ $path_options .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ';' . "\n";
$path_options .= "\t" . '}' . "\n";
}
-
}
// now the rest of the htpasswds
if (count($htpasswds) > 0) {
foreach ($htpasswds as $idx => $single) {
- //if ($single['path'] != '/') {
+ // if ($single['path'] != '/') {
switch ($single['path']) {
- case '/awstats/':
- case '/webalizer/':
- $path_options .= $this->getStats($domain,$single);
- unset($htpasswds[$idx]);
- break;
- default:
- $path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n";
- $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
- $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';'."\n";
- $path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
- $path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
- $path_options .= "\t\t" . '}' . "\n";
- $path_options .= "\t".'}' . "\n";
+ case '/awstats/':
+ case '/webalizer/':
+ $path_options .= $this->getStats($domain, $single);
+ unset($htpasswds[$idx]);
+ break;
+ default:
+ $path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n";
+ $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
+ $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n";
+ $path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
+ $path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
+ $path_options .= "\t\t" . '}' . "\n";
+ $path_options .= "\t" . '}' . "\n";
}
- //}
+ // }
unset($htpasswds[$idx]);
}
}
@@ -786,16 +764,18 @@ class nginx extends HttpConfigBase {
return $path_options;
}
-
- protected function getHtpasswds($domain) {
-
+ protected function getHtpasswds($domain)
+ {
$result_stmt = Database::prepare("
SELECT *
FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a
JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`)
WHERE b.customerid = :customerid AND b.domain = :domain
");
- Database::pexecute($result_stmt, array('customerid' => $domain['customerid'], 'domain' => $domain['domain']));
+ Database::pexecute($result_stmt, array(
+ 'customerid' => $domain['customerid'],
+ 'domain' => $domain['domain']
+ ));
$returnval = array();
$x = 0;
@@ -804,15 +784,15 @@ class nginx extends HttpConfigBase {
$htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_htpasswds['customerid'] . '-' . md5($row_htpasswds['path']) . '.htpasswd');
// ensure we can write to the array with index $htpasswd_filename
- if (!isset($this->htpasswds_data[$htpasswd_filename])) {
+ if (! isset($this->htpasswds_data[$htpasswd_filename])) {
$this->htpasswds_data[$htpasswd_filename] = '';
}
- $this->htpasswds_data[$htpasswd_filename].= $row_htpasswds['username'] . ':' . $row_htpasswds['password'] . "\n";
+ $this->htpasswds_data[$htpasswd_filename] .= $row_htpasswds['username'] . ':' . $row_htpasswds['password'] . "\n";
// if the domains and their web contents are located in a subdirectory of
// the nginx user, we have to evaluate the right path which is to protect
- if (stripos($row_htpasswds['path'], $domain['documentroot']) !== false ) {
+ if (stripos($row_htpasswds['path'], $domain['documentroot']) !== false) {
// if the website contents is located in the user directory
$path = makeCorrectDir(substr($row_htpasswds['path'], strlen($domain['documentroot']) - 1));
} else {
@@ -827,7 +807,7 @@ class nginx extends HttpConfigBase {
// Ensure there is only one auth name per password block, otherwise
// the directives are inserted multiple times -> invalid config
$authname = $row_htpasswds['authname'];
- for ($i = 0; $i < $x; $i++) {
+ for ($i = 0; $i < $x; $i ++) {
if ($returnval[$i]['usrf'] == $htpasswd_filename) {
$authname = $returnval[$i]['authname'];
break;
@@ -836,7 +816,7 @@ class nginx extends HttpConfigBase {
$returnval[$x]['authname'] = $authname;
$returnval[$x]['usrf'] = $htpasswd_filename;
- $x++;
+ $x ++;
}
}
@@ -846,66 +826,59 @@ class nginx extends HttpConfigBase {
return $returnval;
}
-
- protected function composePhpOptions($domain, $ssl_vhost = false) {
+ protected function composePhpOptions($domain, $ssl_vhost = false)
+ {
$phpopts = '';
if ($domain['phpenabled'] == '1') {
- $phpopts = "\tlocation ~ \.php {\n";
+ $phpopts = "\tlocation ~ \.php {\n";
$phpopts .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$phpopts .= "\t" . '}' . "\n\n";
$phpopts .= "\tlocation @php {\n";
$phpopts .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
- $phpopts .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n";
+ $phpopts .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
$phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$phpopts .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$phpopts .= "\t\ttry_files \$fastcgi_script_name =404;\n";
- $phpopts .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
+ $phpopts .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
$phpopts .= "\t\tfastcgi_index index.php;\n";
if ($domain['ssl'] == '1' && $ssl_vhost) {
$phpopts .= "\t\tfastcgi_param HTTPS on;\n";
}
$phpopts .= "\t}\n\n";
-
}
return $phpopts;
}
-
- protected function getWebroot($domain, $ssl) {
+ protected function getWebroot($domain, $ssl)
+ {
$webroot_text = '';
- if ($domain['deactivated'] == '1'
- && Settings::Get('system.deactivateddocroot') != ''
- ) {
- $webroot_text .= "\t".'# Using docroot for deactivated users...' . "\n";
- $webroot_text .= "\t".'root '.makeCorrectDir(Settings::Get('system.deactivateddocroot')).';'."\n";
+ if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
+ $webroot_text .= "\t" . '# Using docroot for deactivated users...' . "\n";
+ $webroot_text .= "\t" . 'root ' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . ';' . "\n";
$this->_deactivated = true;
} else {
- $webroot_text .= "\t".'root '.makeCorrectDir($domain['documentroot']).';'."\n";
+ $webroot_text .= "\t" . 'root ' . makeCorrectDir($domain['documentroot']) . ';' . "\n";
$this->_deactivated = false;
}
- $webroot_text .= "\n\t".'location / {'."\n";
+ $webroot_text .= "\n\t" . 'location / {' . "\n";
- if ($domain['phpenabled'] == '1')
- {
- $webroot_text .= "\t" . 'index index.php index.html index.htm;'."\n";
- $webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;'."\n";
- }
- else
- {
- $webroot_text .= "\t" . 'index index.html index.htm;'."\n";
+ if ($domain['phpenabled'] == '1') {
+ $webroot_text .= "\t" . 'index index.php index.html index.htm;' . "\n";
+ $webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;' . "\n";
+ } else {
+ $webroot_text .= "\t" . 'index index.html index.htm;' . "\n";
}
if ($this->vhost_root_autoindex) {
- $webroot_text .= "\t\t".'autoindex on;'."\n";
+ $webroot_text .= "\t\t" . 'autoindex on;' . "\n";
$this->vhost_root_autoindex = false;
}
- $webroot_text .= "\t".'}'."\n\n";
- if ($domain['phpenabled'] == '1')
- {
+ $webroot_text .= "\t" . '}' . "\n\n";
+ if ($domain['phpenabled'] == '1') {
$webroot_text .= "\tlocation @rewrites {\n";
$webroot_text .= "\t\trewrite ^ /index.php last;\n";
$webroot_text .= "\t}\n\n";
@@ -914,8 +887,8 @@ class nginx extends HttpConfigBase {
return $webroot_text;
}
-
- protected function getStats($domain, $single) {
+ protected function getStats($domain, $single)
+ {
$stats_text = '';
// define basic path to the stats
@@ -927,9 +900,9 @@ class nginx extends HttpConfigBase {
// if this is a parentdomain, we use this domain-name
if ($domain['parentdomainid'] == '0') {
- $alias_dir = makeCorrectDir($alias_dir.'/'.$domain['domain']);
+ $alias_dir = makeCorrectDir($alias_dir . '/' . $domain['domain']);
} else {
- $alias_dir = makeCorrectDir($alias_dir.'/'.$domain['parentdomain']);
+ $alias_dir = makeCorrectDir($alias_dir . '/' . $domain['parentdomain']);
}
if (Settings::Get('system.awstats_enabled') == '1') {
@@ -941,8 +914,8 @@ class nginx extends HttpConfigBase {
}
$stats_text .= "\t\t" . 'alias ' . $alias_dir . ';' . "\n";
- $stats_text .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
- $stats_text .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';'."\n";
+ $stats_text .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
+ $stats_text .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n";
$stats_text .= "\t" . '}' . "\n\n";
// awstats icons
@@ -955,8 +928,8 @@ class nginx extends HttpConfigBase {
return $stats_text;
}
-
- protected function getLogFiles($domain) {
+ protected function getLogFiles($domain)
+ {
$logfiles_text = '';
$speciallogfile = '';
@@ -981,11 +954,11 @@ class nginx extends HttpConfigBase {
chown($access_log, Settings::Get('system.httpuser'));
chgrp($access_log, Settings::Get('system.httpgroup'));
- $logfiles_text .= "\t".'access_log ' . $access_log . ' combined;' . "\n";
- $logfiles_text .= "\t".'error_log ' . $error_log . ' error;' . "\n";
+ $logfiles_text .= "\t" . 'access_log ' . $access_log . ' combined;' . "\n";
+ $logfiles_text .= "\t" . 'error_log ' . $error_log . ' error;' . "\n";
if (Settings::Get('system.awstats_enabled') == '1') {
- if ((int)$domain['parentdomainid'] == 0) {
+ if ((int) $domain['parentdomainid'] == 0) {
// prepare the aliases and subdomains for stats config files
$server_alias = '';
$alias_domains_stmt = Database::prepare("
@@ -993,7 +966,9 @@ class nginx extends HttpConfigBase {
FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid
");
- Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+ Database::pexecute($alias_domains_stmt, array(
+ 'domainid' => $domain['id']
+ ));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
$server_alias .= ' ' . $alias_domain['domain'] . ' ';
@@ -1027,12 +1002,11 @@ class nginx extends HttpConfigBase {
return $logfiles_text;
}
+ public function createOwnVhostStarter()
+ {}
- public function createOwnVhostStarter() {
- }
-
-
- protected function getServerNames($domain) {
+ protected function getServerNames($domain)
+ {
$server_alias = '';
if ($domain['iswildcarddomain'] == '1') {
@@ -1046,7 +1020,9 @@ class nginx extends HttpConfigBase {
FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `aliasdomain` = :domainid
");
- Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+ Database::pexecute($alias_domains_stmt, array(
+ 'domainid' => $domain['id']
+ ));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
$server_alias .= ' ' . $alias_domain['domain'];
@@ -1054,25 +1030,25 @@ class nginx extends HttpConfigBase {
if ($alias_domain['iswildcarddomain'] == '1') {
$server_alias .= ' *.' . $alias_domain['domain'];
} elseif ($alias_domain['wwwserveralias'] == '1') {
- $server_alias.= ' www.' . $alias_domain['domain'];
+ $server_alias .= ' www.' . $alias_domain['domain'];
}
}
- $servernames_text = "\t".'server_name '.$domain['domain'];
+ $servernames_text = "\t" . 'server_name ' . $domain['domain'];
if (trim($server_alias) != '') {
- $servernames_text .= ' '.$server_alias;
+ $servernames_text .= ' ' . $server_alias;
}
$servernames_text .= ';' . "\n";
return $servernames_text;
}
-
- public function writeConfigs() {
+ public function writeConfigs()
+ {
$this->logger->logAction(CRON_ACTION, LOG_INFO, "nginx::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost'));
$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
- if (!$vhostDir->isConfigDir()) {
+ if (! $vhostDir->isConfigDir()) {
// Save one big file
$vhosts_file = '';
@@ -1083,7 +1059,7 @@ class nginx extends HttpConfigBase {
ksort($this->nginx_data);
foreach ($this->nginx_data as $vhosts_filename => $vhost_content) {
- $vhosts_file.= $vhost_content . "\n\n";
+ $vhosts_file .= $vhost_content . "\n\n";
}
$vhosts_filename = Settings::Get('system.apacheconf_vhost');
@@ -1094,7 +1070,7 @@ class nginx extends HttpConfigBase {
fwrite($vhosts_file_handler, $vhosts_file);
fclose($vhosts_file_handler);
} else {
- if (!file_exists(Settings::Get('system.apacheconf_vhost'))) {
+ if (! file_exists(Settings::Get('system.apacheconf_vhost'))) {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'nginx::writeConfigs: mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost'))));
}
@@ -1106,23 +1082,22 @@ class nginx extends HttpConfigBase {
// Apply header
$vhosts_file = '# ' . basename($vhosts_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $vhosts_file;
- if (!empty($vhosts_filename)) {
+ if (! empty($vhosts_filename)) {
$vhosts_file_handler = fopen($vhosts_filename, 'w');
fwrite($vhosts_file_handler, $vhosts_file);
fclose($vhosts_file_handler);
}
-
}
}
// htaccess stuff
if (count($this->htpasswds_data) > 0) {
- if (!file_exists(Settings::Get('system.apacheconf_htpasswddir'))) {
+ if (! file_exists(Settings::Get('system.apacheconf_htpasswddir'))) {
$umask = umask();
umask(0000);
mkdir(Settings::Get('system.apacheconf_htpasswddir'), 0751);
umask($umask);
- } elseif (!is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {
+ } elseif (! is_dir(Settings::Get('system.apacheconf_htpasswddir'))) {
$this->logger->logAction(CRON_ACTION, LOG_WARNING, 'WARNING!!! ' . Settings::Get('system.apacheconf_htpasswddir') . ' is not a directory. htpasswd directory protection is disabled!!!');
}
@@ -1138,6 +1113,4 @@ class nginx extends HttpConfigBase {
}
}
}
-
-
}