maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

respect domains 'no try_files' option correctly; fix directory-protection generator in nginx

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-11-08 12:41:54 +01:00
parent ec8338592d
commit 61dc40ec88
4 changed files with 27 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -948,7 +948,7 @@ class Nginx extends HttpConfigBase
if ($row['options_indexes'] != '0') { if ($row['options_indexes'] != '0') {
$this->vhost_root_autoindex = true; $this->vhost_root_autoindex = true;
} }
$path_options .= "\t" . 'location ' . $path . ' {' . "\n"; $path_options .= "\t" . 'location ' . FileDir::makeCorrectDir($path) . ' {' . "\n";
if ($this->vhost_root_autoindex) { if ($this->vhost_root_autoindex) {
$path_options .= "\t\t" . 'autoindex on;' . "\n"; $path_options .= "\t\t" . 'autoindex on;' . "\n";
$this->vhost_root_autoindex = false; $this->vhost_root_autoindex = false;
@@ -974,9 +974,6 @@ class Nginx extends HttpConfigBase
} else { } else {
$path_options .= "\t\t" . 'index index.html index.htm;' . "\n"; $path_options .= "\t\t" . 'index index.html index.htm;' . "\n";
} }
$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$path_options .= "\t\t" . '}' . "\n";
// remove already used entries so we do not have doubles // remove already used entries so we do not have doubles
unset($htpasswds[$idx]); unset($htpasswds[$idx]);
} }
@@ -987,7 +984,7 @@ class Nginx extends HttpConfigBase
$this->vhost_root_autoindex = false; $this->vhost_root_autoindex = false;
} else { } else {
$path_options .= "\t" . 'location ' . $path . ' {' . "\n"; $path_options .= "\t" . 'location ^~ ' . FileDir::makeCorrectFile($path) . ' {' . "\n";
if ($this->vhost_root_autoindex || $row['options_indexes'] != '0') { if ($this->vhost_root_autoindex || $row['options_indexes'] != '0') {
$path_options .= "\t\t" . 'autoindex on;' . "\n"; $path_options .= "\t\t" . 'autoindex on;' . "\n";
$this->vhost_root_autoindex = false; $this->vhost_root_autoindex = false;
@@ -1029,7 +1026,11 @@ class Nginx extends HttpConfigBase
unset($htpasswds[$idx]); unset($htpasswds[$idx]);
break; break;
default: default:
if ($single['path'] == '/') {
$path_options .= "\t" . 'location ' . FileDir::makeCorrectDir($single['path']) . ' {' . "\n"; $path_options .= "\t" . 'location ' . FileDir::makeCorrectDir($single['path']) . ' {' . "\n";
} else {
$path_options .= "\t" . 'location ^~ ' . FileDir::makeCorrectFile($single['path']) . ' {' . "\n";
}
$path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n"; $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n";
$path_options .= "\t\t" . 'auth_basic_user_file ' . FileDir::makeCorrectFile($single['usrf']) . ';' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . FileDir::makeCorrectFile($single['usrf']) . ';' . "\n";
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') { if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
@@ -1037,9 +1038,6 @@ class Nginx extends HttpConfigBase
} else { } else {
$path_options .= "\t\t" . 'index index.html index.htm;' . "\n"; $path_options .= "\t\t" . 'index index.html index.htm;' . "\n";
} }
$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$path_options .= "\t\t" . '}' . "\n";
$path_options .= "\t" . '}' . "\n"; $path_options .= "\t" . '}' . "\n";
} }
// } // }
@@ -1053,14 +1051,17 @@ class Nginx extends HttpConfigBase
protected function getHtpasswds($domain) protected function getHtpasswds($domain)
{ {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
SELECT * SELECT a.*
FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a
JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`) JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`)
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON c.customerid = b.customerid
WHERE b.customerid = :customerid AND b.domain = :domain WHERE b.customerid = :customerid AND b.domain = :domain
AND (a.path = CONCAT(c.documentroot, :ttool, '/') OR INSTR(a.path, b.documentroot));
"); ");
Database::pexecute($result_stmt, [ Database::pexecute($result_stmt, [
'customerid' => $domain['customerid'], 'customerid' => $domain['customerid'],
'domain' => $domain['domain'] 'domain' => $domain['domain'],
'ttool' => Settings::Get('system.traffictool')
]); ]);
$returnval = []; $returnval = [];
@@ -1144,11 +1145,14 @@ class Nginx extends HttpConfigBase
{ {
$phpopts = ''; $phpopts = '';
if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') { if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
$phpopts = "\tlocation ~ \.php {\n"; $phpopts = "\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
if ($domain['notryfiles'] != 1) {
$phpopts .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n"; $phpopts .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$phpopts .= "\t" . '}' . "\n\n"; $phpopts .= "\t" . '}' . "\n\n";
$phpopts .= "\tlocation @php {\n"; $phpopts .= "\tlocation @php {\n";
$phpopts .= "\t\t" . 'try_files $1 =404;' . "\n\n";
}
$phpopts .= "\t\tfastcgi_split_path_info ^(.+?\.php)(/.*)$;\n"; $phpopts .= "\t\tfastcgi_split_path_info ^(.+?\.php)(/.*)$;\n";
$phpopts .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n"; $phpopts .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
$phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$request_filename;\n"; $phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$request_filename;\n";

2
lib/Froxlor/Cron/Http/NginxFcgi.php
View File

@@ -100,11 +100,13 @@ class NginxFcgi extends Nginx
$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']); $phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
$php_options_text = "\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n"; $php_options_text = "\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
if ($domain['notryfiles'] != 1) {
$php_options_text .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n"; $php_options_text .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
$php_options_text .= "\t" . '}' . "\n\n"; $php_options_text .= "\t" . '}' . "\n\n";
$php_options_text .= "\t" . 'location @php {' . "\n"; $php_options_text .= "\t" . 'location @php {' . "\n";
$php_options_text .= "\t\t" . 'try_files $1 =404;' . "\n\n"; $php_options_text .= "\t\t" . 'try_files $1 =404;' . "\n\n";
}
$php_options_text .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ";\n"; $php_options_text .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ";\n";
$php_options_text .= "\t\t" . 'fastcgi_split_path_info ^(.+?\.php)(/.*)$;' . "\n"; $php_options_text .= "\t\t" . 'fastcgi_split_path_info ^(.+?\.php)(/.*)$;' . "\n";
$php_options_text .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $request_filename;' . "\n"; $php_options_text .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $request_filename;' . "\n";

2
lng/de.lng.php
View File

@@ -2043,7 +2043,7 @@ Vielen Dank, Ihr Administrator',
'traffictool' => [ 'traffictool' => [
'toolselect' => 'Traffic Analyzer', 'toolselect' => 'Traffic Analyzer',
], ],
'requires_reconfiguration' => 'Änderungen an dieser Einstellungen benötigen unter Umständen eine erneute Konfiguration der folgenden Dienste: <strong>%s</strong>', 'requires_reconfiguration' => 'Änderungen an dieser Einstellungen benötigen unter Umständen eine erneute Konfiguration der folgenden Dienste:<br><strong>%s</strong>',
], ],
'spf' => [ 'spf' => [
'use_spf' => 'Aktiviere SPF für Domains?', 'use_spf' => 'Aktiviere SPF für Domains?',

2
lng/en.lng.php
View File

@@ -2165,7 +2165,7 @@ Yours sincerely, your administrator',
'awstats' => 'AWStats', 'awstats' => 'AWStats',
'goaccess' => 'goacccess' 'goaccess' => 'goacccess'
], ],
'requires_reconfiguration' => 'Changing this settings might require a reconfiguration of the following services: <strong>%s</strong>', 'requires_reconfiguration' => 'Changing this settings might require a reconfiguration of the following services:<br><strong>%s</strong>',
], ],
'spf' => [ 'spf' => [
'use_spf' => 'Activate SPF for domains?', 'use_spf' => 'Activate SPF for domains?',