merge tilman19-master branch (multistack support) - note: this is a very early stage, don't expect everything to work 100%, use at your own risk. Testers are very very welcome (only apache2 and nginx (even more testing) so far)
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -56,6 +56,7 @@ class apache
|
||||
$this->debugHandler = $debugHandler;
|
||||
$this->idnaConvert = $idnaConvert;
|
||||
$this->settings = $settings;
|
||||
|
||||
}
|
||||
|
||||
protected function getDB()
|
||||
@@ -584,135 +585,141 @@ class apache
|
||||
protected function getVhostContent($domain, $ssl_vhost = false)
|
||||
{
|
||||
if ($ssl_vhost === true
|
||||
&& $domain['ssl'] != '1'
|
||||
&& ($domain['ssl_redirect'] != '1'
|
||||
&& $domain['ssl'] != '1')
|
||||
) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$query = "SELECT * FROM `".TABLE_PANEL_IPSANDPORTS."` `i`, `".TABLE_DOMAINTOIP."` `dip`
|
||||
WHERE dip.id_domain = '".(int)$domain['id']."' AND i.id = dip.id_ipandports ";
|
||||
|
||||
if ($ssl_vhost === true
|
||||
&& $domain['ssl'] == '1'
|
||||
&& ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')
|
||||
) {
|
||||
$query = "SELECT * FROM " . TABLE_PANEL_IPSANDPORTS . " WHERE `id`='" . $domain['ssl_ipandport'] . "'";
|
||||
// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields
|
||||
$query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
|
||||
} else {
|
||||
$query = "SELECT * FROM " . TABLE_PANEL_IPSANDPORTS . " WHERE `id`='" . $domain['ipandport'] . "'";
|
||||
$query .= "AND i.ssl = '0';";
|
||||
}
|
||||
|
||||
$ipandport = $this->db->query_first($query);
|
||||
$domain['ip'] = $ipandport['ip'];
|
||||
$domain['port'] = $ipandport['port'];
|
||||
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
|
||||
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
|
||||
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
|
||||
// #418
|
||||
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
|
||||
$vhost_content = '';
|
||||
$result = $this->db->query($query);
|
||||
|
||||
// SSL STUFF
|
||||
$dssl = new DomainSSL($this->settings, $this->db);
|
||||
// this sets the ssl-related array-indices in the $domain array
|
||||
// if the domain has customer-defined ssl-certificates
|
||||
$dssl->setDomainSSLFilesArray($domain);
|
||||
|
||||
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
|
||||
} else {
|
||||
$ipport = $domain['ip'] . ':' . $domain['port'];
|
||||
}
|
||||
|
||||
$vhost_content = '<VirtualHost ' . $ipport . '>' . "\n";
|
||||
$vhost_content .= $this->getServerNames($domain);
|
||||
|
||||
if ($ssl_vhost == false
|
||||
&& $domain['ssl'] == '1'
|
||||
&& $domain['ssl_redirect'] == '1'
|
||||
) {
|
||||
$domain['documentroot'] = 'https://' . $domain['domain'] . '/';
|
||||
}
|
||||
|
||||
if ($ssl_vhost === true
|
||||
&& $domain['ssl'] == '1'
|
||||
&& $this->settings['system']['use_ssl'] == '1'
|
||||
) {
|
||||
if ($domain['ssl_cert_file'] == '') {
|
||||
$domain['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
|
||||
}
|
||||
|
||||
if ($domain['ssl_key_file'] == '') {
|
||||
$domain['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
|
||||
}
|
||||
|
||||
if ($domain['ssl_ca_file'] == '') {
|
||||
$domain['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
|
||||
}
|
||||
while ($ipandport = $this->db->fetch_array($result)) {
|
||||
|
||||
$ipport = '';
|
||||
$domain['ip'] = $ipandport['ip'];
|
||||
$domain['port'] = $ipandport['port'];
|
||||
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
|
||||
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
|
||||
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
|
||||
// #418
|
||||
if ($domain['ssl_cert_chainfile'] == '') {
|
||||
$domain['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
|
||||
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
|
||||
|
||||
// SSL STUFF
|
||||
$dssl = new DomainSSL($this->settings, $this->db);
|
||||
// this sets the ssl-related array-indices in the $domain array
|
||||
// if the domain has customer-defined ssl-certificates
|
||||
$dssl->setDomainSSLFilesArray($domain);
|
||||
|
||||
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$ipport = '['.$domain['ip'].']:'.$domain['port']. ' ';
|
||||
} else {
|
||||
$ipport = $domain['ip'].':'.$domain['port'].' ';
|
||||
}
|
||||
|
||||
if ($domain['ssl_cert_file'] != '') {
|
||||
$vhost_content .= ' SSLEngine On' . "\n";
|
||||
// this makes it more secure, thx to Marcel (08/2013)
|
||||
$vhost_content .= ' SSLHonorCipherOrder On' . "\n";
|
||||
$vhost_content .= ' SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n";
|
||||
$vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
|
||||
$vhost_content .= '<VirtualHost ' . $ipport . '>' . "\n";
|
||||
$vhost_content.= $this->getServerNames($domain);
|
||||
|
||||
if ($domain['ssl_key_file'] != '') {
|
||||
$vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
|
||||
if(($ssl_vhost == false
|
||||
&& $domain['ssl'] == '1'
|
||||
&& $domain['ssl_redirect'] == '1')
|
||||
) {
|
||||
$domain['documentroot'] = 'https://' . $domain['domain'] . '/';
|
||||
}
|
||||
|
||||
if ($ssl_vhost === true
|
||||
&& $domain['ssl'] == '1'
|
||||
&& $this->settings['system']['use_ssl'] == '1'
|
||||
) {
|
||||
if ($domain['ssl_cert_file'] == '') {
|
||||
$domain['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
|
||||
}
|
||||
|
||||
if ($domain['ssl_ca_file'] != '') {
|
||||
$vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
|
||||
if ($domain['ssl_key_file'] == '') {
|
||||
$domain['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
|
||||
}
|
||||
|
||||
if ($domain['ssl_ca_file'] == '') {
|
||||
$domain['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
|
||||
}
|
||||
|
||||
// #418
|
||||
if ($domain['ssl_cert_chainfile'] != '') {
|
||||
$vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
|
||||
if ($domain['ssl_cert_chainfile'] == '') {
|
||||
$domain['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
|
||||
}
|
||||
|
||||
if ($domain['ssl_cert_file'] != '') {
|
||||
$vhost_content .= ' SSLEngine On' . "\n";
|
||||
// this makes it more secure, thx to Marcel (08/2013)
|
||||
$vhost_content .= ' SSLHonorCipherOrder On' . "\n";
|
||||
$vhost_content .= ' SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n";
|
||||
$vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
|
||||
|
||||
if ($domain['ssl_key_file'] != '') {
|
||||
$vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
|
||||
$corrected_docroot = $this->idnaConvert->encode($domain['documentroot']);
|
||||
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
|
||||
$corrected_docroot = $this->idnaConvert->encode($domain['documentroot']);
|
||||
|
||||
/* Get domain's redirect code */
|
||||
$code = getDomainRedirectCode($domain['id']);
|
||||
$modrew_red = '';
|
||||
if ($code != '') {
|
||||
$modrew_red = '[R='. $code . ';L]';
|
||||
/* Get domain's redirect code */
|
||||
$code = getDomainRedirectCode($domain['id']);
|
||||
$modrew_red = '';
|
||||
if ($code != '') {
|
||||
$modrew_red = '[R='. $code . ';L]';
|
||||
}
|
||||
|
||||
// redirect everything, not only root-directory, #541
|
||||
$vhost_content .= ' <IfModule mod_rewrite.c>'."\n";
|
||||
$vhost_content .= ' RewriteEngine On' . "\n";
|
||||
$vhost_content .= ' RewriteCond %{HTTPS} off' . "\n";
|
||||
$vhost_content .= ' RewriteRule ^/(.*) '. $corrected_docroot.'$1 ' . $modrew_red . "\n";
|
||||
$vhost_content .= ' </IfModule>' . "\n";
|
||||
|
||||
$code = getDomainRedirectCode($domain['id']);
|
||||
$vhost_content .= ' Redirect '.$code.' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
|
||||
|
||||
} else {
|
||||
|
||||
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
|
||||
$vhost_content .= $this->getWebroot($domain);
|
||||
if ($this->_deactivated == false) {
|
||||
$vhost_content .= $this->composePhpOptions($domain,$ssl_vhost);
|
||||
$vhost_content .= $this->getStats($domain);
|
||||
}
|
||||
$vhost_content .= $this->getLogfiles($domain);
|
||||
|
||||
if ($domain['specialsettings'] != '') {
|
||||
$vhost_content .= $domain['specialsettings'] . "\n";
|
||||
}
|
||||
|
||||
if ($ipandport['default_vhostconf_domain'] != '') {
|
||||
$vhost_content .= $ipandport['default_vhostconf_domain'] . "\n";
|
||||
}
|
||||
|
||||
if ($this->settings['system']['default_vhostconf'] != '') {
|
||||
$vhost_content .= $this->settings['system']['default_vhostconf'] . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
// redirect everything, not only root-directory, #541
|
||||
$vhost_content .= ' <IfModule mod_rewrite.c>'."\n";
|
||||
$vhost_content .= ' RewriteEngine On' . "\n";
|
||||
$vhost_content .= ' RewriteCond %{HTTPS} off' . "\n";
|
||||
$vhost_content .= ' RewriteRule ^/(.*) '. $corrected_docroot.'$1 ' . $modrew_red . "\n";
|
||||
$vhost_content .= ' </IfModule>' . "\n";
|
||||
$vhost_content .= '</VirtualHost>' . "\n";
|
||||
|
||||
$code = getDomainRedirectCode($domain['id']);
|
||||
$vhost_content .= ' Redirect '.$code.' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
|
||||
} else {
|
||||
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
|
||||
$vhost_content .= $this->getWebroot($domain);
|
||||
if ($this->_deactivated == false) {
|
||||
$vhost_content .= $this->composePhpOptions($domain,$ssl_vhost);
|
||||
$vhost_content .= $this->getStats($domain);
|
||||
}
|
||||
$vhost_content .= $this->getLogfiles($domain);
|
||||
} // while ip's
|
||||
|
||||
if ($domain['specialsettings'] != '') {
|
||||
$vhost_content .= $domain['specialsettings'] . "\n";
|
||||
}
|
||||
|
||||
if ($ipandport['default_vhostconf_domain'] != '') {
|
||||
$vhost_content .= $ipandport['default_vhostconf_domain'] . "\n";
|
||||
}
|
||||
|
||||
if ($this->settings['system']['default_vhostconf'] != '') {
|
||||
$vhost_content .= $this->settings['system']['default_vhostconf'] . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
$vhost_content .= '</VirtualHost>' . "\n";
|
||||
return $vhost_content;
|
||||
}
|
||||
|
||||
@@ -721,8 +728,32 @@ class apache
|
||||
*/
|
||||
public function createVirtualHosts()
|
||||
{
|
||||
$result_domains = $this->db->query("SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`, `d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`, `c`.`documentroot` AS `customerroot`, `c`.`deactivated`, `c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`, `d`.`mod_fcgid_maxrequests` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) " . "LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON (`pd`.`id` = `d`.`parentdomainid`) " . "WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> 1 ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC");
|
||||
//$result_domains = $this->db->query("SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`, `d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`, `c`.`documentroot` AS `customerroot`, `c`.`deactivated`, `c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`, `d`.`mod_fcgid_maxrequests` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) " . "LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON (`pd`.`id` = `d`.`parentdomainid`) " . "WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> 1 ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC");
|
||||
$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
|
||||
`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
|
||||
`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
|
||||
`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
|
||||
`d`.`mod_fcgid_maxrequests`, `p`.`ssl` AS `ssl`,
|
||||
`p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
|
||||
FROM `".TABLE_PANEL_DOMAINS."` `d`
|
||||
|
||||
LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)
|
||||
LEFT JOIN `".TABLE_PANEL_DOMAINS."` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)
|
||||
|
||||
INNER JOIN (
|
||||
SELECT * FROM (
|
||||
SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
|
||||
FROM `".TABLE_DOMAINTOIP."` `di` , `".TABLE_PANEL_IPSANDPORTS."` `p`
|
||||
WHERE `p`.`id` = `di`.`id_ipandports`
|
||||
ORDER BY `p`.`ssl` DESC
|
||||
) AS my_table_tmp
|
||||
GROUP BY `id_domain`
|
||||
) AS p ON p.`id_domain` = `d`.`id`
|
||||
|
||||
WHERE `d`.`aliasdomain` IS NULL
|
||||
ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;";
|
||||
|
||||
$result_domains = $this->db->query($query);
|
||||
while ($domain = $this->db->fetch_array($result_domains)) {
|
||||
fwrite($this->debugHandler, ' apache::createVirtualHosts: creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname'] . "\n");
|
||||
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname']);
|
||||
@@ -732,11 +763,12 @@ class apache
|
||||
$this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n";
|
||||
|
||||
if ($domain['deactivated'] != '1'
|
||||
|| $this->settings['system']['deactivateddocroot'] != ''
|
||||
|| $this->settings['system']['deactivateddocroot'] != ''
|
||||
) {
|
||||
$this->virtualhosts_data[$vhosts_filename].= $this->getVhostContent($domain);
|
||||
// Create vhost without ssl
|
||||
$this->virtualhosts_data[$vhosts_filename].= $this->getVhostContent($domain, false);
|
||||
|
||||
if ($domain['ssl'] == '1') {
|
||||
if ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') {
|
||||
// Adding ssl stuff if enabled
|
||||
$vhosts_filename_ssl = $this->getVhostFilename($domain, true);
|
||||
$this->virtualhosts_data[$vhosts_filename_ssl] = '# Domain ID: ' . $domain['id'] . ' (SSL) - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n";
|
||||
@@ -1048,7 +1080,6 @@ class apache
|
||||
fwrite($vhosts_file_handler, $vhosts_file);
|
||||
fclose($vhosts_file_handler);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user