From 66a4309fe551e0b2d3540927f74afe84853df928 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Sun, 31 Dec 2017 11:18:59 +0100 Subject: [PATCH] add setting to disable LE self-check; set version to 0.9.38.8 for maintenance/bugfix release Signed-off-by: Michael Kaufmann (d00p) --- actions/admin/settings/131.ssl.php | 8 +++++++ install/froxlor.sql | 5 +++-- .../updates/froxlor/0.9/update_0.9.inc.php | 13 ++++++++++++ .../preconfig/0.9/preconfig_0.9.inc.php | 10 +++++++++ lib/classes/ssl/class.lescript.php | 21 +++++++++++-------- lib/version.inc.php | 4 ++-- lng/english.lng.php | 2 ++ lng/german.lng.php | 2 ++ 8 files changed, 52 insertions(+), 13 deletions(-) diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php index 9028ac45..68f2a9e8 100644 --- a/actions/admin/settings/131.ssl.php +++ b/actions/admin/settings/131.ssl.php @@ -165,6 +165,14 @@ return array( 'type' => 'bool', 'default' => false, 'save_method' => 'storeSettingField' + ), + 'system_disable_le_selfcheck' => array( + 'label' => $lng['serversettings']['disable_le_selfcheck'], + 'settinggroup' => 'system', + 'varname' => 'disable_le_selfcheck', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField' ) ) ) diff --git a/install/froxlor.sql b/install/froxlor.sql index f1b896da..e90d2112 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -554,6 +554,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'hsts_preload', '0'), ('system', 'leregistered', '0'), ('system', 'nssextrausers', '0'), + ('system', 'disable_le_selfcheck', '0'), ('panel', 'decimal_places', '4'), ('panel', 'adminmail', 'admin@SERVERNAME'), ('panel', 'phpmyadmin_url', ''), @@ -585,8 +586,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_special_char_required', '0'), ('panel', 'password_special_char', '!?<>§$%+#=@'), ('panel', 'customer_hide_options', ''), - ('panel', 'version', '0.9.38.7'), - ('panel', 'db_version', '201708240'); + ('panel', 'version', '0.9.38.8'), + ('panel', 'db_version', '201712310'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index b8d6f495..57f57a7d 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -3633,3 +3633,16 @@ if (isDatabaseVersion('201705050')) { updateToDbVersion('201708240'); } + +if (isDatabaseVersion('201708240')) { + + showUpdateStep("Adding new 'disable LE self-check' setting"); + $system_disable_le_selfcheck = isset($_POST['system_disable_le_selfcheck']) ? (int) $_POST['system_disable_le_selfcheck'] : 0; + Settings::AddNew('system.disable_le_selfcheck', $system_disable_le_selfcheck); + lastStepStatus(0); + + updateToDbVersion('201712310'); + + showUpdateStep("Updating from 0.9.38.7 to 0.9.38.8", false); + updateToVersion('0.9.38.8'); +} diff --git a/install/updates/preconfig/0.9/preconfig_0.9.inc.php b/install/updates/preconfig/0.9/preconfig_0.9.inc.php index a528c322..ffbf9503 100644 --- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php +++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php @@ -717,4 +717,14 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c $question .= makeyesno('system_nssextrausers', '1', '0', '0') . '
'; eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";"); } + + if (versionInUpdate($current_db_version, '201712310')) { + if (Settings::Get('system.leenabled') == 1) { + $has_preconfig = true; + $description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some onfigurations.

'; + $question = 'Disable Let\'s Encrypt self-check?
'; + $question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '
'; + eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";"); + } + } } diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php index 8645c67b..9923d5b0 100644 --- a/lib/classes/ssl/class.lescript.php +++ b/lib/classes/ssl/class.lescript.php @@ -227,16 +227,19 @@ class lescript $this->log("Token for $domain saved at $tokenPath and should be available at $uri"); // simple self check - $selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version)); - $selfcheckContext = stream_context_create($selfcheckContextOptions); - if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) { - $errmsg = json_encode(error_get_last()); - if ($errmsg != "null") { - $errmsg = "; PHP error: " . $errmsg; - } else { - $errmsg = ""; + if (Settings::Get('system.disable_le_selfcheck') == '0') + { + $selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version)); + $selfcheckContext = stream_context_create($selfcheckContextOptions); + if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) { + $errmsg = json_encode(error_get_last()); + if ($errmsg != "null") { + $errmsg = "; PHP error: " . $errmsg; + } else { + $errmsg = ""; + } + $this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg); } - $this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg); } $this->log("Sending request to challenge"); diff --git a/lib/version.inc.php b/lib/version.inc.php index 187d99b3..f6c42a62 100644 --- a/lib/version.inc.php +++ b/lib/version.inc.php @@ -16,10 +16,10 @@ */ // Main version variable -$version = '0.9.38.7'; +$version = '0.9.38.8'; // Database version (YYYYMMDDC where C is a daily counter) -$dbversion = '201708240'; +$dbversion = '201712310'; // Distribution branding-tag (used for Debian etc.) $branding = ''; diff --git a/lng/english.lng.php b/lng/english.lng.php index 51e05ef6..da777141 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2080,3 +2080,5 @@ $lng['admin']['domain_http2']['title'] = 'HTTP2 support'; $lng['admin']['domain_http2']['description'] = 'See Wikipedia for a detailed explanation of HTTP2'; $lng['admin']['testmail'] = 'SMTP test'; $lng['success']['testmailsent'] = 'Test mail sent successfully'; +$lng['serversettings']['disable_le_selfcheck']['title'] = "Disable Let's Encrypt local self-check"; +$lng['serversettings']['disable_le_selfcheck']['description'] = "If activated, froxlor will not perform its self-check for token accessability. Needed for NATed IP's or similar."; diff --git a/lng/german.lng.php b/lng/german.lng.php index 22e73ca8..7edda2ca 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1731,3 +1731,5 @@ $lng['admin']['domain_http2']['title'] = 'HTTP2 Unterstützung'; $lng['admin']['domain_http2']['description'] = 'Siehe Wikipedia für eine ausführliche Beschreibung von HTTP2'; $lng['admin']['testmail'] = 'SMTP Test'; $lng['success']['testmailsent'] = 'Test E-Mail erfolgreich gesendet'; +$lng['serversettings']['disable_le_selfcheck']['title'] = "Deaktiviere Let's Encrypt lokale Selbstprüfung"; +$lng['serversettings']['disable_le_selfcheck']['description'] = "Wenn aktiviert wird Froxlor keine Erreichbarkeitsprüfung des Tokens vornehmen. Nötig bei ge-NAT-eten IP's oder Ähnlichem";