From 93aa8bff1e4a5827805e946269f9af46b8ff6189 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sat, 12 Oct 2019 14:34:18 +0200 Subject: [PATCH] add default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 Signed-off-by: Michael Kaufmann --- actions/admin/settings/130.webserver.php | 17 +++++++ install/froxlor.sql | 8 ++- .../updates/froxlor/0.10/update_0.10.inc.php | 30 +++++++++-- lib/Froxlor/Api/Commands/Domains.php | 48 +++++++++++++++++- lib/Froxlor/Api/Commands/IpsAndPorts.php | 50 +++++++++++++++++-- lib/Froxlor/Api/Commands/SubDomains.php | 4 ++ lib/Froxlor/Cron/Http/Apache.php | 24 +++++++-- lib/Froxlor/Cron/Http/Lighttpd.php | 25 ++++++++-- lib/Froxlor/Cron/Http/Nginx.php | 30 ++++++++--- lib/Froxlor/Froxlor.php | 2 +- .../admin/domains/formfield.domains_add.php | 20 ++++++++ .../admin/domains/formfield.domains_edit.php | 23 +++++++++ .../ipsandports/formfield.ipsandports_add.php | 19 +++++++ .../formfield.ipsandports_edit.php | 22 ++++++++ lng/english.lng.php | 3 ++ lng/german.lng.php | 3 ++ lng/lng_references.php | 3 ++ 17 files changed, 306 insertions(+), 25 deletions(-) diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php index 66d41047..e5b550a7 100644 --- a/actions/admin/settings/130.webserver.php +++ b/actions/admin/settings/130.webserver.php @@ -250,6 +250,23 @@ return array( 'default' => '', 'save_method' => 'storeSettingField' ), + 'system_default_sslvhostconf' => array( + 'label' => $lng['serversettings']['default_sslvhostconf'], + 'settinggroup' => 'system', + 'varname' => 'default_sslvhostconf', + 'type' => 'text', + 'default' => '', + 'save_method' => 'storeSettingField', + 'visible' => \Froxlor\Settings::Get('system.use_ssl') == 1 + ), + 'system_include_default_vhostconf' => array( + 'label' => $lng['serversettings']['includedefault_sslvhostconf'], + 'settinggroup' => 'system', + 'varname' => 'include_default_vhostconf', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField' + ), 'system_apache_globaldiropt' => array( 'label' => $lng['serversettings']['apache_globaldiropt'], 'settinggroup' => 'system', diff --git a/install/froxlor.sql b/install/froxlor.sql index df96ec7e..9eaa4780 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -248,6 +248,8 @@ CREATE TABLE `panel_domains` ( `speciallogfile` tinyint(1) NOT NULL default '0', `ssl_redirect` tinyint(4) NOT NULL default '0', `specialsettings` text, + `ssl_specialsettings` text, + `include_specialsettings` tinyint(1) NOT NULL default '0', `deactivated` tinyint(1) NOT NULL default '0', `bindserial` varchar(10) NOT NULL default '2000010100', `add_date` int( 11 ) NOT NULL default '0', @@ -291,6 +293,10 @@ CREATE TABLE `panel_ipsandports` ( `default_vhostconf_domain` text, `ssl_cert_chainfile` varchar(255) NOT NULL default '', `docroot` varchar(255) NOT NULL default '', + `ssl_specialsettings` text, + `include_specialsettings` tinyint(1) NOT NULL default '0', + `ssl_default_vhostconf_domain` text, + `include_default_vhostconf_domain` tinyint(1) NOT NULL default '0', PRIMARY KEY (`id`), UNIQUE KEY `ip_port` (`ip`,`port`) ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci; @@ -686,7 +692,7 @@ opcache.interned_strings_buffer'), ('panel', 'customer_hide_options', ''), ('panel', 'is_configured', '0'), ('panel', 'version', '0.10.1'), - ('panel', 'db_version', '201910110'); + ('panel', 'db_version', '201910120'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.10/update_0.10.inc.php b/install/updates/froxlor/0.10/update_0.10.inc.php index adbeb990..96710ebf 100644 --- a/install/updates/froxlor/0.10/update_0.10.inc.php +++ b/install/updates/froxlor/0.10/update_0.10.inc.php @@ -304,7 +304,7 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201907270')) { "templates/Sparkle/customer/tickets" ); $disabled = explode(',', ini_get('disable_functions')); - $exec_allowed = !in_array('exec', $disabled); + $exec_allowed = ! in_array('exec', $disabled); $del_list = ""; foreach ($to_clean as $filedir) { $complete_filedir = \Froxlor\Froxlor::getInstallDir() . $filedir; @@ -324,7 +324,7 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201907270')) { lastStepStatus(0); } else { lastStepStatus(1, 'manual commands needed'); - echo 'Please run the following commands manually:
'.$del_list.'

'; + echo 'Please run the following commands manually:
' . $del_list . '

'; } } @@ -356,8 +356,8 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201910030')) { } if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0')) { - showUpdateStep("Updating from 0.10.0 to 0.10.1 final", false); - \Froxlor\Froxlor::updateToVersion('0.10.1'); + showUpdateStep("Updating from 0.10.0 to 0.10.1 final", false); + \Froxlor\Froxlor::updateToVersion('0.10.1'); } if (\Froxlor\Froxlor::isDatabaseVersion('201910090')) { @@ -368,3 +368,25 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201910090')) { \Froxlor\Froxlor::updateToDbVersion('201910110'); } + +if (\Froxlor\Froxlor::isDatabaseVersion('201910110')) { + + showUpdateStep("Adding new settings for ssl-vhost default content"); + Settings::AddNew("system.default_sslvhostconf", ''); + Settings::AddNew("system.include_default_vhostconf", '0'); + lastStepStatus(0); + + showUpdateStep("Adding new fields to ips and ports-table"); + Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD `ssl_specialsettings` text AFTER `docroot`;"); + Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD `include_specialsettings` tinyint(1) NOT NULL default '0' AFTER `ssl_specialsettings`;"); + Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD `ssl_default_vhostconf_domain` text AFTER `include_specialsettings`;"); + Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD `include_default_vhostconf_domain` tinyint(1) NOT NULL default '0' AFTER `ssl_default_vhostconf_domain`;"); + lastStepStatus(0); + + showUpdateStep("Adding new fields to domains-table"); + Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `ssl_specialsettings` text AFTER `specialsettings`;"); + Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `include_specialsettings` tinyint(1) NOT NULL default '0', AFTER `ssl_specialsettings`;"); + lastStepStatus(0); + + \Froxlor\Froxlor::updateToDbVersion('201910120'); +} diff --git a/lib/Froxlor/Api/Commands/Domains.php b/lib/Froxlor/Api/Commands/Domains.php index f55ac021..97435726 100644 --- a/lib/Froxlor/Api/Commands/Domains.php +++ b/lib/Froxlor/Api/Commands/Domains.php @@ -147,6 +147,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn * optional, currently not in use, default 0 (false) * @param string $specialsettings * optional, custom webserver vhost-content which is added to the generated vhost, default empty + * @param string $ssl_specialsettings + * optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty + * @param bool $include_specialsettings + * optional, whether or not to include non-ssl specialsettings in the generated ssl-vhost, default false * @param bool $notryfiles * optional, [nginx only] do not generate the default try-files directive, default 0 (false) * @param bool $writeaccesslog @@ -214,6 +218,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $zonefile = $this->getParam('zonefile', true, ''); $dkim = $this->getBoolParam('dkim', true, 0); $specialsettings = $this->getParam('specialsettings', true, ''); + $ssl_specialsettings = $this->getParam('ssl_specialsettings', true, ''); + $include_specialsettings = $this->getBoolParam('include_specialsettings', true, 0); $notryfiles = $this->getBoolParam('notryfiles', true, 0); $writeaccesslog = $this->getBoolParam('writeaccesslog', true, 1); $writeerrorlog = $this->getBoolParam('writeerrorlog', true, 1); @@ -328,6 +334,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $zonefile = ''; $dkim = '0'; $specialsettings = ''; + $ssl_specialsettings = ''; + $include_specialsettings = 0; $notryfiles = '0'; $writeaccesslog = '1'; $writeerrorlog = '1'; @@ -391,6 +399,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $ssl_ipandports = array(); if (Settings::Get('system.use_ssl') == "1" && ! empty($p_ssl_ipandports)) { $ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true); + + if ($this->getUserDetail('change_serversettings') == '1') { + $ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $ssl_specialsettings), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true); + } } if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) { $ssl_redirect = 0; @@ -407,6 +419,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn // OCSP stapling $ocsp_stapling = 0; + + // vhost container settings + $ssl_specialsettings = ''; + $include_specialsettings = 0; } // We can't enable let's encrypt for wildcard-domains @@ -540,6 +556,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn 'openbasedir' => $openbasedir, 'speciallogfile' => $speciallogfile, 'specialsettings' => $specialsettings, + 'ssl_specialsettings' => $ssl_specialsettings, + 'include_specialsettings' => $include_specialsettings, 'notryfiles' => $notryfiles, 'writeaccesslog' => $writeaccesslog, 'writeerrorlog' => $writeerrorlog, @@ -582,6 +600,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn `openbasedir` = :openbasedir, `speciallogfile` = :speciallogfile, `specialsettings` = :specialsettings, + `ssl_specialsettings` = :ssl_specialsettings, + `include_specialsettings` = :include_specialsettings, `notryfiles` = :notryfiles, `writeaccesslog` = :writeaccesslog, `writeerrorlog` = :writeerrorlog, @@ -698,6 +718,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn * optional, currently not in use, default 0 (false) * @param string $specialsettings * optional, custom webserver vhost-content which is added to the generated vhost, default empty + * @param string $ssl_specialsettings + * optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty + * @param bool $include_specialsettings + * optional, whether or not to include non-ssl specialsettings in the generated ssl-vhost, default false * @param bool $specialsettingsforsubdomains * optional, whether to apply specialsettings to all subdomains of this domain, default 0 (false) * @param bool $notryfiles @@ -777,6 +801,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $zonefile = $this->getParam('zonefile', true, $result['zonefile']); $dkim = $this->getBoolParam('dkim', true, $result['dkim']); $specialsettings = $this->getParam('specialsettings', true, $result['specialsettings']); + $ssl_specialsettings = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']); + $include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']); $ssfs = $this->getBoolParam('specialsettingsforsubdomains', true, 0); $notryfiles = $this->getBoolParam('notryfiles', true, $result['notryfiles']); $writeaccesslog = $this->getBoolParam('writeaccesslog', true, $result['writeaccesslog']); @@ -971,6 +997,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $zonefile = $result['zonefile']; $dkim = $result['dkim']; $specialsettings = $result['specialsettings']; + $ssl_specialsettings = $result['ssl_specialsettings']; + $include_specialsettings = $result['include_specialsettings']; $ssfs = (empty($specialsettings) ? 0 : 1); $notryfiles = $result['notryfiles']; $writeaccesslog = $result['writeaccesslog']; @@ -1026,6 +1054,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $ssl_ipandports = array(); if (Settings::Get('system.use_ssl') == "1" && ! empty($p_ssl_ipandports)) { $ssl_ipandports = $this->validateIpAddresses($p_ssl_ipandports, true, $result['id']); + + if ($this->getUserDetail('change_serversettings') == '1') { + $ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $ssl_specialsettings), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true); + } } if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) { $ssl_redirect = 0; @@ -1042,6 +1074,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn // OCSP stapling $ocsp_stapling = 0; + + // vhost container settings + $ssl_specialsettings = ''; + $include_specialsettings = 0; } // We can't enable let's encrypt for wildcard-domains @@ -1245,12 +1281,16 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn if ($ssfs == 1) { $_update_data['specialsettings'] = $specialsettings; - $upd_specialsettings = ", `specialsettings` = :specialsettings "; + $_update_data['ssl_specialsettings'] = $ssl_specialsettings; + $_update_data['include_specialsettings'] = $include_specialsettings; + $upd_specialsettings = ", `specialsettings` = :specialsettings, `ssl_specialsettings` = :ssl_specialsettings, `include_specialsettings` = :include_specialsettings "; } else { $upd_specialsettings = ''; unset($_update_data['specialsettings']); + unset($_update_data['ssl_specialsettings']); + unset($_update_data['include_specialsettings']); $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `specialsettings`='' WHERE `parentdomainid` = :id + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `specialsettings`='', `ssl_specialsettings`='', `include_specialsettings`='0' WHERE `parentdomainid` = :id "); Database::pexecute($upd_stmt, array( 'id' => $id @@ -1283,6 +1323,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn $update_data['mod_fcgid_starter'] = $mod_fcgid_starter; $update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests; $update_data['specialsettings'] = $specialsettings; + $update_data['ssl_specialsettings'] = $ssl_specialsettings; + $update_data['include_specialsettings'] = $include_specialsettings; $update_data['notryfiles'] = $notryfiles; $update_data['writeaccesslog'] = $writeaccesslog; $update_data['writeerrorlog'] = $writeerrorlog; @@ -1320,6 +1362,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn `mod_fcgid_starter` = :mod_fcgid_starter, `mod_fcgid_maxrequests` = :mod_fcgid_maxrequests, `specialsettings` = :specialsettings, + `ssl_specialsettings` = :ssl_specialsettings, + `include_specialsettings` = :include_specialsettings, `notryfiles` = :notryfiles, `writeaccesslog` = :writeaccesslog, `writeerrorlog` = :writeerrorlog, diff --git a/lib/Froxlor/Api/Commands/IpsAndPorts.php b/lib/Froxlor/Api/Commands/IpsAndPorts.php index 6ce764bc..b0a9f05e 100644 --- a/lib/Froxlor/Api/Commands/IpsAndPorts.php +++ b/lib/Froxlor/Api/Commands/IpsAndPorts.php @@ -118,6 +118,14 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour * optional, requires $ssl = 1, default empty * @param string $ssl_cert_chainfile * optional, requires $ssl = 1, default empty + * @param string $ssl_specialsettings + * optional, requires $ssl = 1, default empty + * @param bool $include_specialsettings + * optional, requires $ssl = 1, whether or not to include non-ssl specialsettings, default false + * @param string $ssl_default_vhostconf_domain + * optional, requires $ssl = 1, defatul empty + * @param bool $include_default_vhostconf_domain + * optional, requires $ssl = 1, whether or not to include non-ssl default_vhostconf_domain, default false * * @access admin * @throws \Exception @@ -146,12 +154,20 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour $ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, ''), 'ssl_key_file', '', '', array(), true); $ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, ''), 'ssl_ca_file', '', '', array(), true); $ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, ''), 'ssl_cert_chainfile', '', '', array(), true); + $ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, '')), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true); + $include_specialsettings = ! empty($this->getBoolParam('include_specialsettings', true, 0)) ? 1 : 0; + $ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, '')), 'ssl_default_vhostconf_domain', '/^[^\0]*$/', '', array(), true); + $include_default_vhostconf_domain = ! empty($this->getBoolParam('include_default_vhostconf_domain', true, 0)) ? 1 : 0; } else { $ssl = 0; $ssl_cert_file = ''; $ssl_key_file = ''; $ssl_ca_file = ''; $ssl_cert_chainfile = ''; + $ssl_specialsettings = ''; + $include_specialsettings = 0; + $ssl_default_vhostconf_domain = ''; + $include_default_vhostconf_domain = 0; } if ($listen_statement != '1') { @@ -217,7 +233,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour `specialsettings` = :ss, `ssl` = :ssl, `ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key, `ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain, - `default_vhostconf_domain` = :dvhd, `docroot` = :docroot; + `default_vhostconf_domain` = :dvhd, `docroot` = :docroot, + `ssl_specialsettings` = :ssl_ss, `include_specialsettings` = :incss, + `ssl_default_vhostconf_domain` = :ssl_dvhd, `include_default_vhostconf_domain` = :incdvhd; "); $ins_data = array( 'ip' => $ip, @@ -233,7 +251,11 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour 'ssl_ca' => $ssl_ca_file, 'ssl_chain' => $ssl_cert_chainfile, 'dvhd' => $default_vhostconf_domain, - 'docroot' => $docroot + 'docroot' => $docroot, + 'ssl_ss' => $ssl_specialsettings, + 'incss' => $include_specialsettings, + 'ssl_dvhd' => $ssl_default_vhostconf_domain, + 'incdvhd' => $include_default_vhostconf_domain ); Database::pexecute($ins_stmt, $ins_data); $ins_data['id'] = Database::lastInsertId(); @@ -287,6 +309,14 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour * optional, requires $ssl = 1, default empty * @param string $ssl_cert_chainfile * optional, requires $ssl = 1, default empty + * @param string $ssl_specialsettings + * optional, requires $ssl = 1, default empty + * @param bool $include_specialsettings + * optional, requires $ssl = 1, whether or not to include non-ssl specialsettings, default false + * @param string $ssl_default_vhostconf_domain + * optional, requires $ssl = 1, defatul empty + * @param bool $include_default_vhostconf_domain + * optional, requires $ssl = 1, whether or not to include non-ssl default_vhostconf_domain, default false * * * @access admin @@ -321,12 +351,20 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour $ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true); $ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true); $ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true); + $ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true); + $include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']); + $ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', '/^[^\0]*$/', '', array(), true); + $include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']); } else { $ssl = 0; $ssl_cert_file = ''; $ssl_key_file = ''; $ssl_ca_file = ''; $ssl_cert_chainfile = ''; + $ssl_specialsettings = ''; + $include_specialsettings = 0; + $ssl_default_vhostconf_domain = ''; + $include_default_vhostconf_domain = 0; } $result_checkfordouble_stmt = Database::prepare(" @@ -404,7 +442,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour `specialsettings` = :ss, `ssl` = :ssl, `ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key, `ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain, - `default_vhostconf_domain` = :dvhd, `docroot` = :docroot + `default_vhostconf_domain` = :dvhd, `docroot` = :docroot, + `ssl_specialsettings` = :ssl_ss, `include_specialsettings` = :incss, + `ssl_default_vhostconf_domain` = :ssl_dvhd, `include_default_vhostconf_domain` = :incdvhd WHERE `id` = :id; "); $upd_data = array( @@ -422,6 +462,10 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour 'ssl_chain' => $ssl_cert_chainfile, 'dvhd' => $default_vhostconf_domain, 'docroot' => $docroot, + 'ssl_ss' => $ssl_specialsettings, + 'incss' => $include_specialsettings, + 'ssl_dvhd' => $ssl_default_vhostconf_domain, + 'incdvhd' => $include_default_vhostconf_domain, 'id' => $id ); Database::pexecute($upd_stmt, $upd_data); diff --git a/lib/Froxlor/Api/Commands/SubDomains.php b/lib/Froxlor/Api/Commands/SubDomains.php index b9a5e9a8..5aeb1cf0 100644 --- a/lib/Froxlor/Api/Commands/SubDomains.php +++ b/lib/Froxlor/Api/Commands/SubDomains.php @@ -262,6 +262,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc `openbasedir_path` = :openbasedir_path, `speciallogfile` = :speciallogfile, `specialsettings` = :specialsettings, + `ssl_specialsettings` = :ssl_specialsettings, + `include_specialsettings` = :include_specialsettings, `ssl_redirect` = :ssl_redirect, `phpsettingid` = :phpsettingid, `letsencrypt` = :letsencrypt, @@ -285,6 +287,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc "phpenabled" => $domain_check['phpenabled'], "speciallogfile" => $domain_check['speciallogfile'], "specialsettings" => $domain_check['specialsettings'], + "ssl_specialsettings" => $domain_check['ssl_specialsettings'], + "include_specialsettings" => $domain_check['include_specialsettings'], "ssl_redirect" => $ssl_redirect, "phpsettingid" => $phpsid_result['phpsettingid'], "letsencrypt" => $letsencrypt, diff --git a/lib/Froxlor/Cron/Http/Apache.php b/lib/Froxlor/Cron/Http/Apache.php index ef48e075..c1aba56c 100644 --- a/lib/Froxlor/Cron/Http/Apache.php +++ b/lib/Froxlor/Cron/Http/Apache.php @@ -403,11 +403,16 @@ class Apache extends HttpConfigBase * end of dirprotection */ - if ($row_ipsandports['specialsettings'] != '') { + if ($row_ipsandports['specialsettings'] != '' && ($row_ipsandports['ssl'] == '0' || ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1' && $row_ipsandports['include_specialsettings'] == '1'))) { $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; } if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { + + if ($row_ipsandports['ssl_specialsettings'] != '') { + $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; + } + if ($row_ipsandports['ssl_cert_file'] == '') { $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); if (! file_exists($row_ipsandports['ssl_cert_file'])) { @@ -900,9 +905,12 @@ class Apache extends HttpConfigBase $ipport = $domain['ip'] . ':' . $domain['port'] . ' '; } - if ($ipandport['default_vhostconf_domain'] != '') { + if ($ipandport['default_vhostconf_domain'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $ipandport['include_default_vhostconf_domain'] == '1'))) { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } + if ($ipandport['ssl_default_vhostconf_domain'] != '' && $ssl_vhost == true) { + $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['ssl_default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } $ipportlist .= $ipport; } @@ -1057,17 +1065,25 @@ class Apache extends HttpConfigBase } $vhost_content .= $this->getLogfiles($domain); - if ($domain['specialsettings'] != '') { + if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } + if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } + if ($_vhost_content != '') { $vhost_content .= $_vhost_content; } - if (Settings::Get('system.default_vhostconf') != '') { + if (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } + + if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } } $vhost_content .= '' . "\n"; diff --git a/lib/Froxlor/Cron/Http/Lighttpd.php b/lib/Froxlor/Cron/Http/Lighttpd.php index 0dac0193..cdd66ed9 100644 --- a/lib/Froxlor/Cron/Http/Lighttpd.php +++ b/lib/Froxlor/Cron/Http/Lighttpd.php @@ -175,7 +175,7 @@ class Lighttpd extends HttpConfigBase ); } - if ($row_ipsandports['specialsettings'] != '') { + if ($row_ipsandports['specialsettings'] != '' && ($row_ipsandports['ssl'] == '0' || ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1' && $row_ipsandports['include_specialsettings'] == '1'))) { $this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; } @@ -183,6 +183,11 @@ class Lighttpd extends HttpConfigBase } if ($row_ipsandports['ssl'] == '1') { + + if ($row_ipsandports['ssl_specialsettings'] != '') { + $this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; + } + if ($row_ipsandports['ssl_cert_file'] == '') { $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); if (! file_exists($row_ipsandports['ssl_cert_file'])) { @@ -512,17 +517,29 @@ class Lighttpd extends HttpConfigBase $vhost_content .= $this->getSslSettings($domain, $ssl_vhost); - if ($domain['specialsettings'] != "") { + if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } - if ($ipandport['default_vhostconf_domain'] != '') { + if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } + + if ($ipandport['default_vhostconf_domain'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $ipandport['include_default_vhostconf_domain'] == '1'))) { $vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } - if (Settings::Get('system.default_vhostconf') != '') { + if ($ipandport['ssl_default_vhostconf_domain'] != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate($ipandport['ssl_default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } + + if (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } + + if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } } $vhost_content .= $this->getLogFiles($domain); } diff --git a/lib/Froxlor/Cron/Http/Nginx.php b/lib/Froxlor/Cron/Http/Nginx.php index 9d6e1b1e..0f8f9943 100644 --- a/lib/Froxlor/Cron/Http/Nginx.php +++ b/lib/Froxlor/Cron/Http/Nginx.php @@ -258,7 +258,7 @@ class Nginx extends HttpConfigBase $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n"; } - if ($row_ipsandports['specialsettings'] != '') { + if ($row_ipsandports['specialsettings'] != '' && ($row_ipsandports['ssl'] == '0' || ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1' && $row_ipsandports['include_specialsettings'] == '1'))) { $this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array( 'domain' => Settings::Get('system.hostname'), 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), @@ -273,6 +273,14 @@ class Nginx extends HttpConfigBase if ($row_ipsandports['ssl'] == '1') { $row_ipsandports['domain'] = Settings::Get('system.hostname'); $this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports); + if ($row_ipsandports['ssl_specialsettings'] != '') { + $this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], array( + 'domain' => Settings::Get('system.hostname'), + 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), + 'documentroot' => $mypath, + 'customerroot' => $mypath + ), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; + } } if (! $is_redirect) { @@ -447,10 +455,12 @@ class Nginx extends HttpConfigBase $ipport = $domain['ip'] . ':' . $domain['port']; } - if ($ipandport['default_vhostconf_domain'] != '') { + if ($ipandport['default_vhostconf_domain'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $ipandport['include_default_vhostconf_domain'] == '1'))) { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } - + if ($ipandport['ssl_default_vhostconf_domain'] != '' && $ssl_vhost == true) { + $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['ssl_default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } $http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1'); $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; @@ -522,17 +532,25 @@ class Nginx extends HttpConfigBase $vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : ''; - if ($domain['specialsettings'] != "") { + if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) { $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost)); } + if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } + if ($_vhost_content != '') { $vhost_content = $this->mergeVhostCustom($vhost_content, $_vhost_content); } - if (Settings::Get('system.default_vhostconf') != '') { + if (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) { $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"); } + + if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) { + $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; + } } } $vhost_content .= "\n}\n\n"; @@ -675,7 +693,7 @@ class Nginx extends HttpConfigBase // (When specifyng just one, there's no fallback when specific curve is not supported by client.) // When >1.11.0: Defaults to auto, using recommended curves provided by OpenSSL. // see https://github.com/Froxlor/Froxlor/issues/652 - //$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n"; + // $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n"; $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; $sslsettings .= "\t" . 'ssl_session_cache shared:SSL:10m;' . "\n"; $sslsettings .= "\t" . 'ssl_certificate ' . \Froxlor\FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n"; diff --git a/lib/Froxlor/Froxlor.php b/lib/Froxlor/Froxlor.php index 0dd1fecb..0528785d 100644 --- a/lib/Froxlor/Froxlor.php +++ b/lib/Froxlor/Froxlor.php @@ -10,7 +10,7 @@ final class Froxlor const VERSION = '0.10.1'; // Database version (YYYYMMDDC where C is a daily counter) - const DBVERSION = '201910110'; + const DBVERSION = '201910120'; // Distribution branding-tag (used for Debian etc.) const BRANDING = ''; diff --git a/lib/formfields/admin/domains/formfield.domains_add.php b/lib/formfields/admin/domains/formfield.domains_add.php index ddbb6266..b18aa610 100644 --- a/lib/formfields/admin/domains/formfield.domains_add.php +++ b/lib/formfields/admin/domains/formfield.domains_add.php @@ -188,6 +188,26 @@ return array( 'value' => explode(',', \Froxlor\Settings::Get('system.defaultsslip')), 'is_array' => 1 ), + 'ssl_specialsettings' => array( + 'visible' => ($userinfo['change_serversettings'] == '1' ? true : false), + 'style' => 'align-top', + 'label' => $lng['admin']['ownsslvhostsettings'], + 'desc' => $lng['serversettings']['default_vhostconf']['description'], + 'type' => 'textarea', + 'cols' => 60, + 'rows' => 12 + ), + 'include_specialsettings' => array( + 'label' => $lng['admin']['include_ownvhostsettings'], + 'type' => 'checkbox', + 'values' => array( + array( + 'label' => $lng['panel']['yes'], + 'value' => '1' + ) + ), + 'value' => array() + ), 'ssl_redirect' => array( 'visible' => ($ssl_ipsandports != '' ? true : false), 'label' => $lng['domains']['ssl_redirect']['title'], diff --git a/lib/formfields/admin/domains/formfield.domains_edit.php b/lib/formfields/admin/domains/formfield.domains_edit.php index 4c756ec1..2bcee8da 100644 --- a/lib/formfields/admin/domains/formfield.domains_edit.php +++ b/lib/formfields/admin/domains/formfield.domains_edit.php @@ -220,6 +220,29 @@ return array( 'value' => $usedips, 'is_array' => 1 ), + 'ssl_specialsettings' => array( + 'visible' => ($userinfo['change_serversettings'] == '1' ? true : false), + 'style' => 'align-top', + 'label' => $lng['admin']['ownsslvhostsettings'], + 'desc' => $lng['serversettings']['default_vhostconf']['description'], + 'type' => 'textarea', + 'cols' => 60, + 'rows' => 12, + 'value' => $result['ssl_specialsettings'] + ), + 'include_specialsettings' => array( + 'label' => $lng['admin']['include_ownvhostsettings'], + 'type' => 'checkbox', + 'values' => array( + array( + 'label' => $lng['panel']['yes'], + 'value' => '1' + ) + ), + 'value' => array( + $result['include_specialsettings'] + ) + ), 'ssl_redirect' => array( 'visible' => ($ssl_ipsandports != '' ? true : false), 'label' => $lng['domains']['ssl_redirect']['title'], diff --git a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php index 9a1348f0..3f325445 100644 --- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php +++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php @@ -154,6 +154,25 @@ return array( 'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['title'], 'desc' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['description'], 'type' => 'text' + ), + 'ssl_specialsettings' => array( + 'style' => 'align-top', + 'label' => $lng['admin']['ownsslvhostsettings'], + 'desc' => $lng['serversettings']['default_vhostconf']['description'], + 'type' => 'textarea', + 'cols' => 60, + 'rows' => 12 + ), + 'include_specialsettings' => array( + 'label' => $lng['admin']['include_ownvhostsettings'], + 'type' => 'checkbox', + 'values' => array( + array( + 'label' => $lng['panel']['yes'], + 'value' => '1' + ) + ), + 'value' => array() ) ) ) diff --git a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php index efa5161b..822633bc 100644 --- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php +++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php @@ -165,6 +165,28 @@ return array( 'desc' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['description'], 'type' => 'text', 'value' => $result['ssl_cert_chainfile'] + ), + 'ssl_specialsettings' => array( + 'style' => 'align-top', + 'label' => $lng['admin']['ownsslvhostsettings'], + 'desc' => $lng['serversettings']['default_vhostconf']['description'], + 'type' => 'textarea', + 'cols' => 60, + 'rows' => 12, + 'value' => $result['ssl_specialsettings'] + ), + 'include_specialsettings' => array( + 'label' => $lng['admin']['include_ownvhostsettings'], + 'type' => 'checkbox', + 'values' => array( + array( + 'label' => $lng['panel']['yes'], + 'value' => '1' + ) + ), + 'value' => array( + $result['include_specialsettings'] + ) ) ) ) diff --git a/lng/english.lng.php b/lng/english.lng.php index d5ad3590..47e628b9 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2072,3 +2072,6 @@ $lng['serversettings']['ssl']['tlsv13_cipher_list']['description'] = 'This is a $lng['usersettings']['api_allowed']['title'] = 'Allow API access'; $lng['usersettings']['api_allowed']['description'] = 'When enabled in the settings, this user can create API keys and access the froxlor API'; $lng['usersettings']['api_allowed']['notice'] = 'API access is not allowed for your account.'; +$lng['serversettings']['default_sslvhostconf']['title'] = 'Default SSL vHost-settings'; +$lng['serversettings']['includedefault_sslvhostconf'] = 'Include non-SSL vHost-settings in SSL-vHost'; +$lng['admin']['ownsslvhostsettings'] = 'Own SSL vHost-settings'; diff --git a/lng/german.lng.php b/lng/german.lng.php index b54a7c53..bd0cea9a 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1719,3 +1719,6 @@ $lng['serversettings']['ssl']['tlsv13_cipher_list']['description'] = 'Dies ist e $lng['usersettings']['api_allowed']['title'] = 'Erlaube API Zugriff'; $lng['usersettings']['api_allowed']['description'] = 'Wenn in den Einstellungen aktiviert, kann der Benutzer API Schlüssel erstellen und auf die froxlor API Zugreifen'; $lng['usersettings']['api_allowed']['notice'] = 'API Zugriff ist für dieses Konto deaktiviert.'; +$lng['serversettings']['default_sslvhostconf']['title'] = 'Standard SSL vHost-Einstellungen'; +$lng['serversettings']['includedefault_sslvhostconf'] = 'Nicht-SSL vHost-Einstellungen in SSL-vHost inkludieren'; +$lng['admin']['ownsslvhostsettings'] = 'Eigene SSL vHost-Einstellungen'; diff --git a/lng/lng_references.php b/lng/lng_references.php index fade3003..2fdbe385 100644 --- a/lng/lng_references.php +++ b/lng/lng_references.php @@ -37,3 +37,6 @@ $lng['domains']['ipandport_ssl_multi']['description'] = $lng['domains']['ipandpo $lng['success']['noupdatesavail'] = $lng['update']['noupdatesavail']; $lng['error']['autoupdate_3'] = $lng['error']['customized_version']; $lng['menue']['logger']['logger'] = $lng['admin']['loggersystem']; + +$lng['serversettings']['default_sslvhostconf']['description'] = $lng['serversettings']['default_vhostconf']['description']; +$lng['admin']['include_ownvhostsettings'] = $lng['serversettings']['includedefault_sslvhostconf'];