maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

class.lescript.php: OpenSSL requires integer for key size. DB returns string. Cast string to integer

Browse Source 
trusty.xml: All files in conf.d get automatically included causing the location to be out of place and nginx fails to start
cron_tasks.inc.http.30.nginx.php: Location directives should be included in a host, nginx doesn't have the concept of global location directives in the way apache does
This commit is contained in:
Evi Vanoost
2016-02-21 18:55:02 -05:00
parent f00a1ca092
commit 83fd1ab0ca
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/classes/ssl/class.lescript.php
View File

@@ -324,7 +324,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
{ {
$res = openssl_pkey_new(array( $res = openssl_pkey_new(array(
"private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_type" => OPENSSL_KEYTYPE_RSA,
"private_key_bits" => Settings::Get('system.letsencryptkeysize'), "private_key_bits" => (int)Settings::Get('system.letsencryptkeysize'),
)); ));
if(!openssl_pkey_export($res, $privateKey)) { if(!openssl_pkey_export($res, $privateKey)) {

4
lib/configfiles/trusty.xml
View File

@@ -273,10 +273,10 @@ fastcgi_param REDIRECT_STATUS 200;
]]> ]]>
</content> </content>
</file> </file>
<file name="/etc/nginx/conf.d/acme.conf"> <file name="/etc/nginx/acme.conf">
<content><![CDATA[ <content><![CDATA[
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
alias {{settings.system.letsencryptchallengepath}}; alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
location ~ /.well-known/acme-challenge/(.*) { location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain; default_type text/plain;

9
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -422,6 +422,7 @@ class nginx extends HttpConfigBase {
) { ) {
$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n"; $vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
} }
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
// if the documentroot is an URL we just redirect // if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
@@ -595,13 +596,13 @@ class nginx extends HttpConfigBase {
} }
} }
if ($domain['hsts'] > 0) { if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain['hsts']; $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
if ($domain['hsts_sub'] == 1) { if ($domain_or_ip['hsts_sub'] == 1) {
$vhost_content .= '; includeSubdomains'; $vhost_content .= '; includeSubdomains';
} }
if ($domain['hsts_preload'] == 1) { if ($domain_or_ip['hsts_preload'] == 1) {
$vhost_content .= '; preload'; $vhost_content .= '; preload';
} }
$vhost_content .= '";' . "\n"; $vhost_content .= '";' . "\n";