From 6ac3cb2014813043388f96ced33531ecf90267d4 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Thu, 18 Jan 2018 18:23:08 +0100 Subject: [PATCH] =?UTF-8?q?Revert=20"http2=20Konfiguration=20nur=20einf?= =?UTF-8?q?=C3=BCgen=20wenn=20http2=20in=20den=20Einstellungen=20aktiviert?= =?UTF-8?q?=20ist"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit c3fb6f6a1c053c3f5f0b97899fba9137b69ad7ea. --- .../jobs/cron_tasks.inc.http.10.apache.php | 306 +++++++++--------- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 2 +- 2 files changed, 154 insertions(+), 154 deletions(-) diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 9fcf71d8..55f230d0 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -16,7 +16,7 @@ if (! defined('MASTER_CRONJOB')) * @author Froxlor team (2010-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Cron - * + * */ require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php'); @@ -91,13 +91,13 @@ class apache extends HttpConfigBase $vhosts_folder = makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost'))); } $vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf'); - + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } - + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - + // check for custom values, see #1638 $custom_opts = Settings::Get('system.apacheglobaldiropt'); if (! empty($custom_opts)) { @@ -113,7 +113,7 @@ class apache extends HttpConfigBase } } $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - + $ocsp_cache_filename = makeCorrectFile($vhosts_folder . '/03_froxlor_ocsp_cache.conf'); if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.apache24') == 1) { $this->virtualhosts_data[$ocsp_cache_filename] = 'SSLStaplingCache ' . Settings::Get('system.apache24_ocsp_cache_path') . "\n"; @@ -137,13 +137,13 @@ class apache extends HttpConfigBase } else { $vhosts_folder = makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost'))); } - + $vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_default_errorhandler.conf'); - + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } - + $statusCodes = array( '401', '403', @@ -167,26 +167,26 @@ class apache extends HttpConfigBase public function createIpPort() { $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC"); - + while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port']; } else { $ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port']; } - + $this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::createIpPort: creating ip/port settings for ' . $ipport); $vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf'); - + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } - + if ($row_ipsandports['listen_statement'] == '1') { $this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n"; $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement'); } - + if ($row_ipsandports['namevirtualhost_statement'] == '1') { // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { @@ -196,22 +196,22 @@ class apache extends HttpConfigBase $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement'); } } - + if ($row_ipsandports['vhostcontainer'] == '1') { - + $without_vhost = $this->virtualhosts_data[$vhosts_filename]; $close_vhost = true; - + $this->virtualhosts_data[$vhosts_filename] .= '' . "\n"; - + $mypath = $this->getMyPath($row_ipsandports); - + $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n"; - + if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') { $this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n"; } - + $is_redirect = false; // check for SSL redirect if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') { @@ -223,11 +223,11 @@ class apache extends HttpConfigBase $is_redirect = false; } else { $_sslport = $this->checkAlternativeSslPort(); - + $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; $code = '301'; $modrew_red = ' [R=' . $code . ';L,NE]'; - + // redirect everything, not only root-directory, #541 $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' RewriteEngine On' . "\n"; @@ -242,7 +242,7 @@ class apache extends HttpConfigBase $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; } } - + if (! $is_redirect) { // create fcgid -Part (starter is created in apache_fcgid) if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') { @@ -266,7 +266,7 @@ class apache extends HttpConfigBase ); $php = new phpinterface($domain); $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost')); - + $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter'); $this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; @@ -317,14 +317,14 @@ class apache extends HttpConfigBase 'documentroot' => $mypath, 'fpm_config_id' => isset($fpm_config['id']) ? $fpm_config['id'] : 1 ); - + $php = new phpinterface($domain); $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini')); $srvName = substr(md5($ipport), 0, 4) . '.fpm.external'; if ($row_ipsandports['ssl']) { $srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external'; } - + // mod_proxy stuff for apache-2.4 if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') { $filesmatch = $phpconfig['fpm_settings']['limit_extensions']; @@ -401,7 +401,7 @@ class apache extends HttpConfigBase 'documentroot' => $mypath ); } - + /** * dirprotection, see #72 * @@ -410,36 +410,36 @@ class apache extends HttpConfigBase * $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n"; * $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n"; * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; - * + * * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; * $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n"; * $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n"; * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; * end of dirprotection */ - + if ($row_ipsandports['specialsettings'] != '') { $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; } - + if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { if ($row_ipsandports['ssl_cert_file'] == '') { $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); } - + if ($row_ipsandports['ssl_key_file'] == '') { $row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file'); } - + if ($row_ipsandports['ssl_ca_file'] == '') { $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file'); } - + // #418 if ($row_ipsandports['ssl_cert_chainfile'] == '') { $row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile'); } - + $domain = array( 'id' => 0, 'domain' => Settings::Get('system.hostname'), @@ -448,26 +448,26 @@ class apache extends HttpConfigBase 'documentroot' => $mypath, 'parentdomainid' => 0 ); - + // override corresponding array values $domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file']; $domain['ssl_key_file'] = $row_ipsandports['ssl_key_file']; $domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file']; $domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile']; - + // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); - + if ($domain['ssl_cert_file'] != '') { - + // check for existence, #1485 if (! file_exists($domain['ssl_cert_file'])) { $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives'); } else { - + $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +' . str_replace(","," +", Settings::Get('system.ssl_protocols')) . "\n"; if (Settings::Get('system.apache24') == '1') { @@ -481,7 +481,7 @@ class apache extends HttpConfigBase $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n"; - + if ($domain['ssl_key_file'] != '') { // check for existence, #1485 if (! file_exists($domain['ssl_key_file'])) { @@ -490,7 +490,7 @@ class apache extends HttpConfigBase $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n"; } } - + if ($domain['ssl_ca_file'] != '') { // check for existence, #1485 if (! file_exists($domain['ssl_ca_file'])) { @@ -499,7 +499,7 @@ class apache extends HttpConfigBase $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n"; } } - + // #418 if ($domain['ssl_cert_chainfile'] != '') { // check for existence, #1485 @@ -519,7 +519,7 @@ class apache extends HttpConfigBase $close_vhost = false; } } - + if ($close_vhost) { $this->virtualhosts_data[$vhosts_filename] .= '' . "\n"; } @@ -527,12 +527,12 @@ class apache extends HttpConfigBase } unset($vhosts_filename); } - + /** * bug #32 */ $this->_createStandardDirectoryEntry(); - + /** * bug #unknown-yet */ @@ -550,31 +550,31 @@ class apache extends HttpConfigBase protected function composePhpOptions($domain, $ssl_vhost = false) { $php_options_text = ''; - + if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') { // This vHost has PHP enabled and we are using the regular mod_php $cmail = getCustomerDetail($domain['customerid'], 'email'); $php_options_text .= ' php_admin_value sendmail_path "/usr/sbin/sendmail -t -f ' . $cmail . '"' . PHP_EOL; - + if ($domain['openbasedir'] == '1') { if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) { $_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true); } else { $_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true); } - + $_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir')); foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } - + $php_options_text .= ' php_admin_value open_basedir "' . $_phpappendopenbasedir . '"' . "\n"; } } else { $php_options_text .= ' # PHP is disabled for this vHost' . "\n"; $php_options_text .= ' php_flag engine off' . "\n"; } - + /** * check for apache-itk-support, #1400 * why is this here? Because it only works with mod_php @@ -584,7 +584,7 @@ class apache extends HttpConfigBase $php_options_text .= ' AssignUserID ' . $domain['loginname'] . ' ' . $domain['loginname'] . "\n"; $php_options_text .= ' ' . "\n"; } - + return $php_options_text; } @@ -597,18 +597,18 @@ class apache extends HttpConfigBase protected function getServerNames($domain) { $servernames_text = ' ServerName ' . $domain['domain'] . "\n"; - + $server_alias = ''; if ($domain['iswildcarddomain'] == '1') { $server_alias = '*.' . $domain['domain']; } elseif ($domain['wwwserveralias'] == '1') { $server_alias = 'www.' . $domain['domain']; } - + if (trim($server_alias) != '') { $servernames_text .= ' ServerAlias ' . $server_alias . "\n"; } - + $alias_domains_stmt = Database::prepare(" SELECT `domain`, `iswildcarddomain`, `wwwserveralias` FROM `" . TABLE_PANEL_DOMAINS . "` @@ -617,10 +617,10 @@ class apache extends HttpConfigBase Database::pexecute($alias_domains_stmt, array( 'domainid' => $domain['id'] )); - + while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) { $server_alias = ' ServerAlias ' . $alias_domain['domain']; - + if ($alias_domain['iswildcarddomain'] == '1') { $server_alias .= ' *.' . $alias_domain['domain']; } else { @@ -628,10 +628,10 @@ class apache extends HttpConfigBase $server_alias .= ' www.' . $alias_domain['domain']; } } - + $servernames_text .= $server_alias . "\n"; } - + $servernames_text .= ' ServerAdmin ' . $domain['email'] . "\n"; return $servernames_text; } @@ -644,7 +644,7 @@ class apache extends HttpConfigBase $webroot_text = ''; $domain['customerroot'] = makeCorrectDir($domain['customerroot']); $domain['documentroot'] = makeCorrectDir($domain['documentroot']); - + if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') { $webroot_text .= ' # Using docroot for deactivated users...' . "\n"; $webroot_text .= ' DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n"; @@ -663,7 +663,7 @@ class apache extends HttpConfigBase $webroot_text .= ' DocumentRoot "' . $domain['documentroot'] . "\"\n"; $this->_deactivated = false; } - + return $webroot_text; } @@ -673,7 +673,7 @@ class apache extends HttpConfigBase protected function getStats($domain) { $stats_text = ''; - + if ($domain['speciallogfile'] == '1') { $statDomain = ($domain['parentdomainid'] == '0') ? $domain['domain'] : $domain['parentdomain']; if (Settings::Get('system.awstats_enabled') == '1') { @@ -699,7 +699,7 @@ class apache extends HttpConfigBase $stats_text .= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n"; } } - + return $stats_text; } @@ -709,7 +709,7 @@ class apache extends HttpConfigBase protected function getLogfiles($domain) { $logfiles_text = ''; - + if ($domain['speciallogfile'] == '1') { if ($domain['parentdomainid'] == '0') { $speciallogfile = '-' . $domain['domain']; @@ -719,23 +719,23 @@ class apache extends HttpConfigBase } else { $speciallogfile = ''; } - + // The normal access/error - logging is enabled $error_log = makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-error.log'); // Create the logfile if it does not exist (fixes #46) touch($error_log); chown($error_log, Settings::Get('system.httpuser')); chgrp($error_log, Settings::Get('system.httpgroup')); - + $access_log = makeCorrectFile(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log'); // Create the logfile if it does not exist (fixes #46) touch($access_log); chown($access_log, Settings::Get('system.httpuser')); chgrp($access_log, Settings::Get('system.httpgroup')); - + $logfiles_text .= ' ErrorLog "' . $error_log . "\"\n"; $logfiles_text .= ' CustomLog "' . $access_log . '" combined' . "\n"; - + if (Settings::Get('system.awstats_enabled') == '1') { if ((int) $domain['parentdomainid'] == 0) { // prepare the aliases and subdomains for stats config files @@ -748,25 +748,25 @@ class apache extends HttpConfigBase Database::pexecute($alias_domains_stmt, array( 'domainid' => $domain['id'] )); - + while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) { - + $server_alias .= ' ' . $alias_domain['domain'] . ' '; - + if ($alias_domain['iswildcarddomain'] == '1') { $server_alias .= '*.' . $alias_domain['domain']; } elseif ($alias_domain['wwwserveralias'] == '1') { $server_alias .= 'www.' . $alias_domain['domain']; } } - + $alias = ''; if ($domain['iswildcarddomain'] == '1') { $alias = '*.' . $domain['domain']; } elseif ($domain['wwwserveralias'] == '1') { $alias = 'www.' . $domain['domain']; } - + // After inserting the AWStats information, // be sure to build the awstats conf file as well // and chown it using $awstats_params, #258 @@ -774,7 +774,7 @@ class apache extends HttpConfigBase createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain); } } - + return $logfiles_text; } @@ -791,13 +791,13 @@ class apache extends HttpConfigBase // number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth $vhost_no = (string) (30 - substr_count($domain['domain'], ".") + 1); } - + if ($ssl_vhost === true) { $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_ssl_vhost_' . $domain['domain'] . '.conf'); } else { $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_normal_vhost_' . $domain['domain'] . '.conf'); } - + return $vhost_filename; } @@ -809,27 +809,27 @@ class apache extends HttpConfigBase if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) { return ''; } - + $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip` WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; - + if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) { // by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields $query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;"; } else { $query .= "AND i.ssl = '0';"; } - + $vhost_content = ''; $result_stmt = Database::prepare($query); Database::pexecute($result_stmt, array( 'domainid' => $domain['id'] )); - + $ipportlist = ''; $_vhost_content = ''; while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) { - + $ipport = ''; $domain['ip'] = $ipandport['ip']; $domain['port'] = $ipandport['port']; @@ -838,29 +838,29 @@ class apache extends HttpConfigBase $domain['ssl_key_file'] = $ipandport['ssl_key_file']; $domain['ssl_ca_file'] = $ipandport['ssl_ca_file']; $domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile']; - + // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); } - + if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' '; } else { $ipport = $domain['ip'] . ':' . $domain['port'] . ' '; } - + if ($ipandport['default_vhostconf_domain'] != '') { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } $ipportlist .= $ipport; } - + $vhost_content .= '' . "\n"; $vhost_content .= $this->getServerNames($domain); - + $domain['documentroot_norewrite'] = $domain['documentroot']; if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) { // We must not check if our port differs from port 443, @@ -879,37 +879,37 @@ class apache extends HttpConfigBase $ssldestport = Database::pexecute_first($ssldestport_stmt, array( 'domainid' => $domain['id'] )); - + if ($ssldestport['port'] != '') { $_sslport = ":" . $ssldestport['port']; } - + $domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/'; $domain['documentroot_norewrite'] = 'https://' . $domain['domain'] . $_sslport . '/'; } - + if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { if ($domain['ssl_cert_file'] == '') { $domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); } - + if ($domain['ssl_key_file'] == '') { $domain['ssl_key_file'] = Settings::Get('system.ssl_key_file'); } - + if ($domain['ssl_ca_file'] == '') { $domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file'); } - + if ($domain['ssl_cert_chainfile'] == '') { $domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile'); } - + if ($domain['ssl_cert_file'] != '') { $vhost_content .= ' SSLEngine On' . "\n"; $vhost_content .= ' SSLProtocol -ALL +' . str_replace(","," +", Settings::Get('system.ssl_protocols')) . "\n"; if (Settings::Get('system.apache24') == '1') { - if (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1') { + if (isset($domain['http2']) && $domain['http2'] == '1') { $vhost_content .= ' Protocols h2 http/1.1' . "\n"; } $vhost_content .= ' SSLCompression Off' . "\n"; @@ -919,23 +919,23 @@ class apache extends HttpConfigBase $vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; $vhost_content .= ' SSLVerifyDepth 10' . "\n"; $vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n"; - + if ($domain['ssl_key_file'] != '') { $vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n"; } - + if ($domain['ssl_ca_file'] != '') { $vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n"; } - + if ($domain['ssl_cert_chainfile'] != '') { $vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n"; } - + if (Settings::Get('system.apache24') == '1' && isset($domain['ocsp_stapling']) && $domain['ocsp_stapling'] == '1') { $vhost_content .= ' SSLUseStapling on' . PHP_EOL; } - + if ($domain['hsts'] >= 0) { $vhost_content .= ' ' . "\n"; $vhost_content .= ' Header always set Strict-Transport-Security "max-age=' . $domain['hsts']; @@ -955,20 +955,20 @@ class apache extends HttpConfigBase return '# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated'; } } - + // avoid using any whitespaces $domain['documentroot'] = trim($domain['documentroot']); - + if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { $corrected_docroot = $domain['documentroot']; - + // Get domain's redirect code $code = getDomainRedirectCode($domain['id'], '301'); $modrew_red = ''; if ($code != '') { $modrew_red = ' [R=' . $code . ';L,NE]'; } - + // redirect everything, not only root-directory, #541 $vhost_content .= ' ' . "\n"; $vhost_content .= ' RewriteEngine On' . "\n"; @@ -984,7 +984,7 @@ class apache extends HttpConfigBase $vhost_content .= ' Redirect ' . $code . ' / ' . $domain['documentroot_norewrite'] . "\n"; $vhost_content .= ' ' . "\n"; } else { - + mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true); $vhost_content .= $this->getWebroot($domain); if ($this->_deactivated == false) { @@ -992,22 +992,22 @@ class apache extends HttpConfigBase $vhost_content .= $this->getStats($domain); } $vhost_content .= $this->getLogfiles($domain); - + if ($domain['specialsettings'] != '') { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } - + if ($_vhost_content != '') { $vhost_content .= $_vhost_content; } - + if (Settings::Get('system.default_vhostconf') != '') { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } } - + $vhost_content .= '' . "\n"; - + return $vhost_content; } @@ -1018,17 +1018,17 @@ class apache extends HttpConfigBase { $domains = WebserverBase::getVhostsToCreate(); foreach ($domains as $domain) { - + $this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::createVirtualHosts: creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname']); $vhosts_filename = $this->getVhostFilename($domain); - + // Apply header $this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n"; - + if ($domain['deactivated'] != '1' || Settings::Get('system.deactivateddocroot') != '') { // Create vhost without ssl $this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false); - + if ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') { // Adding ssl stuff if enabled $vhosts_filename_ssl = $this->getVhostFilename($domain, true); @@ -1053,27 +1053,27 @@ class apache extends HttpConfigBase ORDER BY `htac`.`path` "); $diroptions = array(); - + while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') { $diroptions[$row_diroptions['path']] = $row_diroptions; $diroptions[$row_diroptions['path']]['htpasswds'] = array(); } } - + $result_stmt = Database::query(" SELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `" . TABLE_PANEL_HTPASSWDS . "` `htpw` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`) ORDER BY `htpw`.`path`, `htpw`.`username` "); - + while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') { if (! isset($diroptions[$row_htpasswds['path']]) || ! is_array($diroptions[$row_htpasswds['path']])) { $diroptions[$row_htpasswds['path']] = array(); } - + $diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path']; $diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid']; $diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot']; @@ -1081,24 +1081,24 @@ class apache extends HttpConfigBase $diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds; } } - + foreach ($diroptions as $row_diroptions) { $row_diroptions['path'] = makeCorrectDir($row_diroptions['path']); mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']); $diroptions_filename = makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf'); - + if (! isset($this->diroptions_data[$diroptions_filename])) { $this->diroptions_data[$diroptions_filename] = ''; } - + if (is_dir($row_diroptions['path'])) { $cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']); - + $this->diroptions_data[$diroptions_filename] .= '' . "\n"; - + if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' Options +Indexes'; - + // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; @@ -1107,10 +1107,10 @@ class apache extends HttpConfigBase } $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options +Indexes for ' . $row_diroptions['path']); } - + if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') { $this->diroptions_data[$diroptions_filename] .= ' Options -Indexes'; - + // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; @@ -1119,7 +1119,7 @@ class apache extends HttpConfigBase } $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options -Indexes for ' . $row_diroptions['path']); } - + $statusCodes = array( '404', '403', @@ -1136,7 +1136,7 @@ class apache extends HttpConfigBase $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; } } - + if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n"; @@ -1154,18 +1154,18 @@ class apache extends HttpConfigBase $this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n"; } $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Enabling perl execution for ' . $row_diroptions['path']); - + // check for suexec-workaround, #319 if ((int) Settings::Get('perl.suexecworkaround') == 1) { // symlink this directory to suexec-safe-path $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); - + if (! file_exists($suexecpath)) { safe_exec('mkdir -p ' . escapeshellarg($suexecpath)); safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath)); } - + // symlink to {$givenpath}/cgi-bin // NOTE: symlinks are FILES, so do not append a / here $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); @@ -1181,7 +1181,7 @@ class apache extends HttpConfigBase $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); - + // remove symlink if (file_exists($perlsymlink)) { safe_exec('rm -f ' . escapeshellarg($perlsymlink)); @@ -1192,24 +1192,24 @@ class apache extends HttpConfigBase } } } - + if (count($row_diroptions['htpasswds']) > 0) { $htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd'); - + if (! isset($this->htpasswds_data[$htpasswd_filename])) { $this->htpasswds_data[$htpasswd_filename] = ''; } - + foreach ($row_diroptions['htpasswds'] as $row_htpasswd) { $this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n"; } - + $this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n"; $this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n"; } - + $this->diroptions_data[$diroptions_filename] .= '' . "\n"; } } @@ -1222,19 +1222,19 @@ class apache extends HttpConfigBase { // Write diroptions $this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_diroptions')); - + if (count($this->diroptions_data) > 0) { $optsDir = new frxDirectory(Settings::Get('system.apacheconf_diroptions')); if (! $optsDir->isConfigDir()) { // Save one big file $diroptions_file = ''; - + foreach ($this->diroptions_data as $diroptions_filename => $diroptions_content) { $diroptions_file .= $diroptions_content . "\n\n"; } - + $diroptions_filename = Settings::Get('system.apacheconf_diroptions'); - + // Apply header $diroptions_file = '# ' . basename($diroptions_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $diroptions_file; $diroptions_file_handler = fopen($diroptions_filename, 'w'); @@ -1245,11 +1245,11 @@ class apache extends HttpConfigBase $this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_diroptions')))); safe_exec('mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_diroptions')))); } - + // Write a single file for every diroption foreach ($this->diroptions_data as $diroptions_filename => $diroptions_file) { $this->known_diroptionsfilenames[] = basename($diroptions_filename); - + // Apply header $diroptions_file = '# ' . basename($diroptions_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $diroptions_file; $diroptions_file_handler = fopen($diroptions_filename, 'w'); @@ -1258,10 +1258,10 @@ class apache extends HttpConfigBase } } } - + // Write htpasswds $this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_htpasswddir')); - + if (count($this->htpasswds_data) > 0) { if (! file_exists(Settings::Get('system.apacheconf_htpasswddir'))) { $umask = umask(); @@ -1269,7 +1269,7 @@ class apache extends HttpConfigBase mkdir(Settings::Get('system.apacheconf_htpasswddir'), 0751); umask($umask); } - + $htpasswdDir = new frxDirectory(Settings::Get('system.apacheconf_htpasswddir')); if ($htpasswdDir->isConfigDir(true)) { foreach ($this->htpasswds_data as $htpasswd_filename => $htpasswd_file) { @@ -1282,34 +1282,34 @@ class apache extends HttpConfigBase $this->logger->logAction(CRON_ACTION, LOG_WARNING, 'WARNING!!! ' . Settings::Get('system.apacheconf_htpasswddir') . ' is not a directory. htpasswd directory protection is disabled!!!'); } } - + // Write virtualhosts $this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost')); - + if (count($this->virtualhosts_data) > 0) { $vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost')); if (! $vhostDir->isConfigDir()) { // Save one big file $vhosts_file = ''; - + // sort by filename so the order is: // 1. subdomains x-29 // 2. subdomains as main-domains 30 // 3. main-domains 35 // #437 ksort($this->virtualhosts_data); - + foreach ($this->virtualhosts_data as $vhosts_filename => $vhost_content) { $vhosts_file .= $vhost_content . "\n\n"; } - + // Include diroptions file in case it exists if (file_exists(Settings::Get('system.apacheconf_diroptions'))) { $vhosts_file .= "\n" . 'Include ' . Settings::Get('system.apacheconf_diroptions') . "\n\n"; } - + $vhosts_filename = Settings::Get('system.apacheconf_vhost'); - + // Apply header $vhosts_file = '# ' . basename($vhosts_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $vhosts_file; $vhosts_file_handler = fopen($vhosts_filename, 'w'); @@ -1320,11 +1320,11 @@ class apache extends HttpConfigBase $this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost')))); safe_exec('mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost')))); } - + // Write a single file for every vhost foreach ($this->virtualhosts_data as $vhosts_filename => $vhosts_file) { $this->known_vhostfilenames[] = basename($vhosts_filename); - + // Apply header $vhosts_file = '# ' . basename($vhosts_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $vhosts_file; $vhosts_file_handler = fopen($vhosts_filename, 'w'); diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index d4d27c77..5c932fd1 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -432,7 +432,7 @@ class nginx extends HttpConfigBase $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } - $http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1'); + $http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1'); $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; }