maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Answer all Let's Encrypt challenges via alias to a directory in Froxlor itself, enables us to answer challenges before the vhost is set, thx PrfDrDrStullenBr for the idea \(vhost - configs for most distributions untested\)

Browse Source 
Signed-off-by: Florian Aders <eleras@froxlor.org>
This commit is contained in:
Florian Aders
2016-02-18 21:43:44 +01:00
parent 5151f50d49
commit 9f54e60056
8 changed files with 141 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/classes/ssl/class.lescript.php
View File

@@ -30,15 +30,12 @@ class lescript
{ {
public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'; public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
private $webRootDir;
private $logger; private $logger;
private $client; private $client;
private $accountKey; private $accountKey;
public function __construct($webRootDir, $logger) public function __construct($logger)
{ {
$this->webRootDir = $webRootDir;
$this->logger = $logger; $this->logger = $logger;
if (Settings::Get('system.letsencryptca') == 'production') { if (Settings::Get('system.letsencryptca') == 'production') {
$ca = 'https://acme-v01.api.letsencrypt.org'; $ca = 'https://acme-v01.api.letsencrypt.org';
@@ -117,7 +114,7 @@ class lescript
// 2. saving authentication token for web verification // 2. saving authentication token for web verification
// --------------------------------------------------- // ---------------------------------------------------
$directory = $this->webRootDir.'/.well-known/acme-challenge'; $directory = FROXLOR_INSTALL_DIR.'/.well-known/acme-challenge';
$tokenPath = $directory.'/'.$challenge['token']; $tokenPath = $directory.'/'.$challenge['token'];
if(!file_exists($directory) && !@mkdir($directory, 0755, true)) { if(!file_exists($directory) && !@mkdir($directory, 0755, true)) {

34
lib/configfiles/gentoo.xml
View File

@@ -61,6 +61,16 @@
Allow from env=REDIRECT_STATUS Allow from env=REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/modules.d/80_acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Order allow,deny
Allow from all
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -81,6 +91,15 @@
Require env REDIRECT_STATUS Require env REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/modules.d/80_acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Require all granted
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -148,6 +167,9 @@ fastcgi.server = (
) )
) )
) )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
]]> ]]>
</content> </content>
</file> </file>
@@ -237,6 +259,18 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect # PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
]]> ]]>
</content> </content>
</file> </file>

23
lib/configfiles/jessie.xml
View File

@@ -64,6 +64,15 @@
Require env REDIRECT_STATUS Require env REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Require all granted
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -98,6 +107,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/" compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
# default listening port for IPv6 falls back to the IPv4 port # default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -269,6 +280,18 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect # PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
]]> ]]>
</content> </content>
</file> </file>

24
lib/configfiles/precise.xml
View File

@@ -62,6 +62,16 @@
Allow from env=REDIRECT_STATUS Allow from env=REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Order allow,deny
Allow from all
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -126,6 +136,8 @@ fastcgi.server = (
) )
) )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
#### external configuration files #### external configuration files
## mimetype mapping ## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -227,6 +239,18 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect # PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
]]> ]]>
</content> </content>
</file> </file>

9
lib/configfiles/rhel_centos.xml
View File

@@ -47,6 +47,15 @@
<daemon name="apache" version="2.4" title="Apache 2.4" <daemon name="apache" version="2.4" title="Apache 2.4"
default="true"> default="true">
<include>//service[@type='http']/general/commands</include> <include>//service[@type='http']/general/commands</include>
<file name="/etc/httpd/conf.d/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Require all granted
</Directory>
]]>
</content>
</file>
<command><![CDATA[systemctl reload-or-restart httpd.service]]></command> <command><![CDATA[systemctl reload-or-restart httpd.service]]></command>
</daemon> </daemon>
</service> </service>

23
lib/configfiles/trusty.xml
View File

@@ -82,6 +82,15 @@
Require env REDIRECT_STATUS Require env REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Require all granted
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -146,6 +155,8 @@ fastcgi.server = (
) )
) )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
#### external configuration files #### external configuration files
## mimetype mapping ## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -247,6 +258,18 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect # PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
]]> ]]>
</content> </content>
</file> </file>

23
lib/configfiles/wheezy.xml
View File

@@ -82,6 +82,15 @@
Require env REDIRECT_STATUS Require env REDIRECT_STATUS
</Location> </Location>
</IfModule> </IfModule>
]]>
</content>
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Require all granted
</Directory>
]]> ]]>
</content> </content>
</file> </file>
@@ -116,6 +125,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/" compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
# default listening port for IPv6 falls back to the IPv4 port # default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -287,6 +298,18 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect # PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200; fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
]]> ]]>
</content> </content>
</file> </file>

2
scripts/jobs/cron_letsencrypt.php
View File

@@ -68,7 +68,7 @@ while ($certrow = $certificates_stmt->fetch(PDO::FETCH_ASSOC)) {
try { try {
// Initialize Lescript with documentroot // Initialize Lescript with documentroot
$le = new lescript($certrow['documentroot'], $cronlog); $le = new lescript($cronlog);
// Initialize Lescript // Initialize Lescript
$le->initAccount($certrow); $le->initAccount($certrow);