diff --git a/actions/admin/settings/120.system.php b/actions/admin/settings/120.system.php index 810c931e..464244c5 100644 --- a/actions/admin/settings/120.system.php +++ b/actions/admin/settings/120.system.php @@ -69,14 +69,6 @@ return array( 'save_method' => 'storeSettingHostname', 'plausibility_check_method' => 'checkHostname', ), - 'system_froxlordirectlyviahostname' => array( - 'label' => $lng['serversettings']['froxlordirectlyviahostname'], - 'settinggroup' => 'system', - 'varname' => 'froxlordirectlyviahostname', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField', - ), 'system_validatedomain' => array( 'label' => $lng['serversettings']['validate_domain'], 'settinggroup' => 'system', diff --git a/actions/admin/settings/122.froxlorvhost.php b/actions/admin/settings/122.froxlorvhost.php new file mode 100644 index 00000000..e92fa582 --- /dev/null +++ b/actions/admin/settings/122.froxlorvhost.php @@ -0,0 +1,163 @@ + (2016-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package Settings + * + */ +return array( + 'groups' => array( + 'froxlorvhost' => array( + 'title' => $lng['admin']['froxlorvhost'], + 'fields' => array( + /** + * Webserver-Vhost + */ + 'system_froxlordirectlyviahostname' => array( + 'label' => $lng['serversettings']['froxlordirectlyviahostname'], + 'settinggroup' => 'system', + 'varname' => 'froxlordirectlyviahostname', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField' + ), + /** + * SSL / Let's Encrypt + */ + 'system_le_froxlor_enabled' => array( + 'label' => $lng['serversettings']['le_froxlor_enabled'], + 'settinggroup' => 'system', + 'varname' => 'le_froxlor_enabled', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('system.leenabled') + ), + 'system_le_froxlor_redirect' => array( + 'label' => $lng['serversettings']['le_froxlor_redirect'], + 'settinggroup' => 'system', + 'varname' => 'le_froxlor_redirect', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('system.leenabled') + ), + /** + * FCGID + */ + 'system_mod_fcgid_enabled_ownvhost' => array( + 'label' => $lng['serversettings']['mod_fcgid_ownvhost'], + 'settinggroup' => 'system', + 'varname' => 'mod_fcgid_ownvhost', + 'type' => 'bool', + 'default' => true, + 'save_method' => 'storeSettingField', + 'websrv_avail' => array( + 'apache2' + ), + 'visible' => Settings::Get('system.mod_fcgid') + ), + 'system_mod_fcgid_httpuser' => array( + 'label' => $lng['admin']['mod_fcgid_user'], + 'settinggroup' => 'system', + 'varname' => 'mod_fcgid_httpuser', + 'type' => 'string', + 'default' => 'froxlorlocal', + 'save_method' => 'storeSettingWebserverFcgidFpmUser', + 'websrv_avail' => array( + 'apache2' + ), + 'visible' => Settings::Get('system.mod_fcgid') + ), + 'system_mod_fcgid_httpgroup' => array( + 'label' => $lng['admin']['mod_fcgid_group'], + 'settinggroup' => 'system', + 'varname' => 'mod_fcgid_httpgroup', + 'type' => 'string', + 'default' => 'froxlorlocal', + 'save_method' => 'storeSettingField', + 'websrv_avail' => array( + 'apache2' + ), + 'visible' => Settings::Get('system.mod_fcgid') + ), + 'system_mod_fcgid_defaultini_ownvhost' => array( + 'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'], + 'settinggroup' => 'system', + 'varname' => 'mod_fcgid_defaultini_ownvhost', + 'type' => 'option', + 'default' => '2', + 'option_mode' => 'one', + 'option_options_method' => 'getPhpConfigs', + 'save_method' => 'storeSettingField', + 'websrv_avail' => array( + 'apache2' + ), + 'visible' => Settings::Get('system.mod_fcgid') + ), + /** + * php-fpm + */ + 'system_phpfpm_enabled_ownvhost' => array( + 'label' => $lng['phpfpm']['ownvhost'], + 'settinggroup' => 'phpfpm', + 'varname' => 'enabled_ownvhost', + 'type' => 'bool', + 'default' => true, + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('phpfpm.enabled') + ), + 'system_phpfpm_httpuser' => array( + 'label' => $lng['phpfpm']['vhost_httpuser'], + 'settinggroup' => 'phpfpm', + 'varname' => 'vhost_httpuser', + 'type' => 'string', + 'default' => 'froxlorlocal', + 'save_method' => 'storeSettingWebserverFcgidFpmUser', + 'visible' => Settings::Get('phpfpm.enabled') + ), + 'system_phpfpm_httpgroup' => array( + 'label' => $lng['phpfpm']['vhost_httpgroup'], + 'settinggroup' => 'phpfpm', + 'varname' => 'vhost_httpgroup', + 'type' => 'string', + 'default' => 'froxlorlocal', + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('phpfpm.enabled') + ), + 'system_phpfpm_defaultini_ownvhost' => array( + 'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'], + 'settinggroup' => 'phpfpm', + 'varname' => 'vhost_defaultini', + 'type' => 'option', + 'default' => '2', + 'option_mode' => 'one', + 'option_options_method' => 'getPhpConfigs', + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('phpfpm.enabled') + ), + /** + * DNS + */ + 'system_dns_createhostnameentry' => array( + 'label' => $lng['serversettings']['dns_createhostnameentry'], + 'settinggroup' => 'system', + 'varname' => 'dns_createhostnameentry', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + 'visible' => Settings::Get('system.bind_enable') + ) + ) + ) + ) +); diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php index f7b5c4e7..7dff2d50 100644 --- a/actions/admin/settings/131.ssl.php +++ b/actions/admin/settings/131.ssl.php @@ -16,150 +16,136 @@ * @package Settings * */ - return array( 'groups' => array( - 'ssl' => array( - 'title' => $lng['admin']['sslsettings'], - 'fields' => array( - 'system_ssl_enabled' => array( - 'label' => $lng['serversettings']['ssl']['use_ssl'], - 'settinggroup' => 'system', - 'varname' => 'use_ssl', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField', - 'overview_option' => true - ), - 'system_ssl_cipher_list' => array( - 'label' => $lng['serversettings']['ssl']['ssl_cipher_list'], - 'settinggroup' => 'system', - 'varname' => 'ssl_cipher_list', - 'type' => 'string', - 'string_emptyallowed' => false, - 'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128', - 'save_method' => 'storeSettingField', - ), - 'system_ssl_cert_file' => array( - 'label' => $lng['serversettings']['ssl']['ssl_cert_file'], - 'settinggroup' => 'system', - 'varname' => 'ssl_cert_file', - 'type' => 'string', - 'string_type' => 'file', - 'string_emptyallowed' => true, - 'default' => '/etc/apache2/apache2.pem', - 'save_method' => 'storeSettingField', - ), - 'system_ssl_key_file' => array( - 'label' => $lng['serversettings']['ssl']['ssl_key_file'], - 'settinggroup' => 'system', - 'varname' => 'ssl_key_file', - 'type' => 'string', - 'string_type' => 'file', - 'string_emptyallowed' => true, - 'default' => '/etc/apache2/apache2.key', - 'save_method' => 'storeSettingField', - ), - 'system_ssl_cert_chainfile' => array( - 'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'], - 'settinggroup' => 'system', - 'varname' => 'ssl_cert_chainfile', - 'type' => 'string', - 'string_type' => 'file', - 'string_emptyallowed' => true, - 'default' => '', - 'save_method' => 'storeSettingField', - ), - 'system_ssl_ca_file' => array( - 'label' => $lng['serversettings']['ssl']['ssl_ca_file'], - 'settinggroup' => 'system', - 'varname' => 'ssl_ca_file', - 'type' => 'string', - 'string_type' => 'file', - 'string_emptyallowed' => true, - 'default' => '', - 'save_method' => 'storeSettingField', - ), - 'system_leenabled' => array( - 'label' => $lng['serversettings']['leenabled'], - 'settinggroup' => 'system', - 'varname' => 'leenabled', - 'type' => 'bool', - 'default' => false, - 'cronmodule' => 'froxlor/letsencrypt', - 'save_method' => 'storeSettingField' - ), - 'system_le_froxlor_enabled' => array( - 'label' => $lng['serversettings']['le_froxlor_enabled'], - 'settinggroup' => 'system', - 'varname' => 'le_froxlor_enabled', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField' - ), - 'system_le_froxlor_redirect' => array( - 'label' => $lng['serversettings']['le_froxlor_redirect'], - 'settinggroup' => 'system', - 'varname' => 'le_froxlor_redirect', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField' - ), - 'system_letsencryptca' => array( - 'label' => $lng['serversettings']['letsencryptca'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptca', - 'type' => 'option', - 'default' => 'testing', - 'option_mode' => 'one', - 'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'), - 'save_method' => 'storeSettingField', - ), - 'system_letsencryptcountrycode' => array( - 'label' => $lng['serversettings']['letsencryptcountrycode'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptcountrycode', - 'type' => 'string', - 'string_emptyallowed' => false, - 'default' => 'DE', - 'save_method' => 'storeSettingField', - ), - 'system_letsencryptstate' => array( - 'label' => $lng['serversettings']['letsencryptstate'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptstate', - 'type' => 'string', - 'string_emptyallowed' => false, - 'default' => 'Hessen', - 'save_method' => 'storeSettingField', - ), - 'system_letsencryptchallengepath' => array( - 'label' => $lng['serversettings']['letsencryptchallengepath'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptchallengepath', - 'type' => 'string', - 'string_emptyallowed' => false, - 'default' => FROXLOR_INSTALL_DIR, - 'save_method' => 'storeSettingField', - ), - 'system_letsencryptkeysize' => array( - 'label' => $lng['serversettings']['letsencryptkeysize'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptkeysize', - 'type' => 'int', - 'int_min' => 2048, - 'default' => 4096, - 'save_method' => 'storeSettingField', - ), - 'system_letsencryptreuseold' => array( - 'label' => $lng['serversettings']['letsencryptreuseold'], - 'settinggroup' => 'system', - 'varname' => 'letsencryptreuseold', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField', - ), - ) + 'ssl' => array( + 'title' => $lng['admin']['sslsettings'], + 'fields' => array( + 'system_ssl_enabled' => array( + 'label' => $lng['serversettings']['ssl']['use_ssl'], + 'settinggroup' => 'system', + 'varname' => 'use_ssl', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + 'overview_option' => true + ), + 'system_ssl_cipher_list' => array( + 'label' => $lng['serversettings']['ssl']['ssl_cipher_list'], + 'settinggroup' => 'system', + 'varname' => 'ssl_cipher_list', + 'type' => 'string', + 'string_emptyallowed' => false, + 'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128', + 'save_method' => 'storeSettingField' + ), + 'system_ssl_cert_file' => array( + 'label' => $lng['serversettings']['ssl']['ssl_cert_file'], + 'settinggroup' => 'system', + 'varname' => 'ssl_cert_file', + 'type' => 'string', + 'string_type' => 'file', + 'string_emptyallowed' => true, + 'default' => '/etc/apache2/apache2.pem', + 'save_method' => 'storeSettingField' + ), + 'system_ssl_key_file' => array( + 'label' => $lng['serversettings']['ssl']['ssl_key_file'], + 'settinggroup' => 'system', + 'varname' => 'ssl_key_file', + 'type' => 'string', + 'string_type' => 'file', + 'string_emptyallowed' => true, + 'default' => '/etc/apache2/apache2.key', + 'save_method' => 'storeSettingField' + ), + 'system_ssl_cert_chainfile' => array( + 'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'], + 'settinggroup' => 'system', + 'varname' => 'ssl_cert_chainfile', + 'type' => 'string', + 'string_type' => 'file', + 'string_emptyallowed' => true, + 'default' => '', + 'save_method' => 'storeSettingField' + ), + 'system_ssl_ca_file' => array( + 'label' => $lng['serversettings']['ssl']['ssl_ca_file'], + 'settinggroup' => 'system', + 'varname' => 'ssl_ca_file', + 'type' => 'string', + 'string_type' => 'file', + 'string_emptyallowed' => true, + 'default' => '', + 'save_method' => 'storeSettingField' + ), + 'system_leenabled' => array( + 'label' => $lng['serversettings']['leenabled'], + 'settinggroup' => 'system', + 'varname' => 'leenabled', + 'type' => 'bool', + 'default' => false, + 'cronmodule' => 'froxlor/letsencrypt', + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptca' => array( + 'label' => $lng['serversettings']['letsencryptca'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptca', + 'type' => 'option', + 'default' => 'testing', + 'option_mode' => 'one', + 'option_options' => array( + 'testing' => 'https://acme-staging.api.letsencrypt.org (Test)', + 'production' => 'https://acme-v01.api.letsencrypt.org (Live)' + ), + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptcountrycode' => array( + 'label' => $lng['serversettings']['letsencryptcountrycode'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptcountrycode', + 'type' => 'string', + 'string_emptyallowed' => false, + 'default' => 'DE', + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptstate' => array( + 'label' => $lng['serversettings']['letsencryptstate'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptstate', + 'type' => 'string', + 'string_emptyallowed' => false, + 'default' => 'Hessen', + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptchallengepath' => array( + 'label' => $lng['serversettings']['letsencryptchallengepath'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptchallengepath', + 'type' => 'string', + 'string_emptyallowed' => false, + 'default' => FROXLOR_INSTALL_DIR, + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptkeysize' => array( + 'label' => $lng['serversettings']['letsencryptkeysize'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptkeysize', + 'type' => 'int', + 'int_min' => 2048, + 'default' => 4096, + 'save_method' => 'storeSettingField' + ), + 'system_letsencryptreuseold' => array( + 'label' => $lng['serversettings']['letsencryptreuseold'], + 'settinggroup' => 'system', + 'varname' => 'letsencryptreuseold', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField' + ) ) ) - ); + ) +); diff --git a/actions/admin/settings/135.fcgid.php b/actions/admin/settings/135.fcgid.php index 0161ce7f..050ede3b 100644 --- a/actions/admin/settings/135.fcgid.php +++ b/actions/admin/settings/135.fcgid.php @@ -97,44 +97,6 @@ return array( 'option_options_method' => 'getPhpConfigs', 'save_method' => 'storeSettingField', ), - 'system_mod_fcgid_enabled_ownvhost' => array( - 'label' => $lng['serversettings']['mod_fcgid_ownvhost'], - 'settinggroup' => 'system', - 'varname' => 'mod_fcgid_ownvhost', - 'type' => 'bool', - 'default' => true, - 'save_method' => 'storeSettingField', - 'websrv_avail' => array('apache2') - ), - 'system_mod_fcgid_httpuser' => array( - 'label' => $lng['admin']['mod_fcgid_user'], - 'settinggroup' => 'system', - 'varname' => 'mod_fcgid_httpuser', - 'type' => 'string', - 'default' => 'froxlorlocal', - 'save_method' => 'storeSettingWebserverFcgidFpmUser', - 'websrv_avail' => array('apache2') - ), - 'system_mod_fcgid_httpgroup' => array( - 'label' => $lng['admin']['mod_fcgid_group'], - 'settinggroup' => 'system', - 'varname' => 'mod_fcgid_httpgroup', - 'type' => 'string', - 'default' => 'froxlorlocal', - 'save_method' => 'storeSettingField', - 'websrv_avail' => array('apache2') - ), - 'system_mod_fcgid_defaultini_ownvhost' => array( - 'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'], - 'settinggroup' => 'system', - 'varname' => 'mod_fcgid_defaultini_ownvhost', - 'type' => 'option', - 'default' => '2', - 'option_mode' => 'one', - 'option_options_method' => 'getPhpConfigs', - 'save_method' => 'storeSettingField', - 'websrv_avail' => array('apache2') - ), 'system_mod_fcgid_idle_timeout' => array( 'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'], 'settinggroup' => 'system', diff --git a/actions/admin/settings/136.phpfpm.php b/actions/admin/settings/136.phpfpm.php index c4a3afd1..750a4660 100644 --- a/actions/admin/settings/136.phpfpm.php +++ b/actions/admin/settings/136.phpfpm.php @@ -30,46 +30,12 @@ return array( 'plausibility_check_method' => 'checkFcgidPhpFpm', 'overview_option' => true ), - 'system_phpfpm_enabled_ownvhost' => array( - 'label' => $lng['phpfpm']['ownvhost'], + 'system_phpfpm_defaultini' => array( + 'label' => $lng['serversettings']['mod_fcgid']['defaultini'], 'settinggroup' => 'phpfpm', - 'varname' => 'enabled_ownvhost', - 'type' => 'bool', - 'default' => true, - 'save_method' => 'storeSettingField' - ), - 'system_phpfpm_httpuser' => array( - 'label' => $lng['phpfpm']['vhost_httpuser'], - 'settinggroup' => 'phpfpm', - 'varname' => 'vhost_httpuser', - 'type' => 'string', - 'default' => 'froxlorlocal', - 'save_method' => 'storeSettingWebserverFcgidFpmUser' - ), - 'system_phpfpm_httpgroup' => array( - 'label' => $lng['phpfpm']['vhost_httpgroup'], - 'settinggroup' => 'phpfpm', - 'varname' => 'vhost_httpgroup', - 'type' => 'string', - 'default' => 'froxlorlocal', - 'save_method' => 'storeSettingField' - ), - 'system_phpfpm_defaultini' => array( - 'label' => $lng['serversettings']['mod_fcgid']['defaultini'], - 'settinggroup' => 'phpfpm', - 'varname' => 'defaultini', - 'type' => 'option', - 'default' => '1', - 'option_mode' => 'one', - 'option_options_method' => 'getPhpConfigs', - 'save_method' => 'storeSettingField' - ), - 'system_phpfpm_defaultini_ownvhost' => array( - 'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'], - 'settinggroup' => 'phpfpm', - 'varname' => 'vhost_defaultini', + 'varname' => 'defaultini', 'type' => 'option', - 'default' => '2', + 'default' => '1', 'option_mode' => 'one', 'option_options_method' => 'getPhpConfigs', 'save_method' => 'storeSettingField' diff --git a/actions/admin/settings/160.nameserver.php b/actions/admin/settings/160.nameserver.php index 11d2b6d3..bd7da456 100644 --- a/actions/admin/settings/160.nameserver.php +++ b/actions/admin/settings/160.nameserver.php @@ -97,14 +97,6 @@ return array( 'default' => '', 'save_method' => 'storeSettingField', ), - 'system_dns_createhostnameentry' => array( - 'label' => $lng['serversettings']['dns_createhostnameentry'], - 'settinggroup' => 'system', - 'varname' => 'dns_createhostnameentry', - 'type' => 'bool', - 'default' => false, - 'save_method' => 'storeSettingField' - ), 'system_dns_createmailentry' => array( 'label' => $lng['serversettings']['mail_also_with_mxservers'], 'settinggroup' => 'system', @@ -127,5 +119,3 @@ return array( ), ), ); - -?> \ No newline at end of file diff --git a/lib/classes/webserver/class.DomainSSL.php b/lib/classes/webserver/class.DomainSSL.php index dbf0d487..82ae9fcd 100644 --- a/lib/classes/webserver/class.DomainSSL.php +++ b/lib/classes/webserver/class.DomainSSL.php @@ -46,7 +46,7 @@ class DomainSSL { || $dom_certs['ssl_cert_file'] == '' ) { // maybe its parent? - if ($domain['parentdomainid'] != 0) { + if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) { $dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid'])); } } diff --git a/lng/english.lng.php b/lng/english.lng.php index 62b6e62a..d4a2c4bd 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2036,3 +2036,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt fo $lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate."; $lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost"; $lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site."; +$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 44ef1bdd..30c693b7 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1688,3 +1688,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den $lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat."; $lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren"; $lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet."; +$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen'; diff --git a/scripts/classes/class.DnsBase.php b/scripts/classes/class.DnsBase.php index 65753b59..46c83926 100644 --- a/scripts/classes/class.DnsBase.php +++ b/scripts/classes/class.DnsBase.php @@ -1,10 +1,24 @@ (2016-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package Cron + * + */ + +/** * Class DnsBase * * Base class for all DNS server configs - * */ abstract class DnsBase { @@ -69,8 +83,7 @@ abstract class DnsBase protected function getDomainList() { - $result_domains_stmt = Database::query( - " + $result_domains_stmt = Database::query(" SELECT `d`.`id`, `d`.`domain`, @@ -131,35 +144,21 @@ abstract class DnsBase $domains[$key]['children'] = array(); } if ($domains[$key]['ismainbutsubto'] > 0) { - if (isset($domains[ $domains[$key]['ismainbutsubto'] ])) { - $domains[ $domains[$key]['ismainbutsubto'] ]['children'][] = $domains[$key]['id']; + if (isset($domains[$domains[$key]['ismainbutsubto']])) { + $domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id']; } else { - $this->_logger->logAction(CRON_ACTION, LOG_ERR, - 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . - ') is set to to be subdomain to non-existent domain ID #' . - $domains[$key]['ismainbutsubto'] . - '. No DNS record(s) will be created for this domain.'); + $this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.'); } } } - $this->_logger->logAction(CRON_ACTION, LOG_DEBUG, - str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . - 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . - "list of child domain ids"); - foreach ($domains as $domain) { - $logLine = - str_pad($domain['id'], 9, ' ') . - str_pad($domain['domain'], 40, ' ') . - str_pad($domain['ismainbutsubto'], 15, ' ') . - str_pad(((isset($domains[ $domain['ismainbutsubto'] ])) ? - $domains[ $domain['ismainbutsubto'] ]['domain'] : - '-'), 40, ' ') . - join(', ', $domain['children']); - $this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine); - } + $this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids"); + foreach ($domains as $domain) { + $logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']); + $this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine); + } - return $domains; + return $domains; } public function reloadDaemon() @@ -171,8 +170,7 @@ abstract class DnsBase if ($cmdStatus === 0) { $this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded'); } else { - $this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . - '`: exit code (' . $cmdStatus . ') - please check your system logs'); + $this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs'); } } diff --git a/scripts/classes/class.HttpConfigBase.php b/scripts/classes/class.HttpConfigBase.php index 071f43c1..d24559c2 100644 --- a/scripts/classes/class.HttpConfigBase.php +++ b/scripts/classes/class.HttpConfigBase.php @@ -1,11 +1,28 @@ (2016-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package Cron + * + */ + +/** * Class HttpConfigBase * * Base class for all HTTP server configs * */ -class HttpConfigBase { +class HttpConfigBase +{ /** * process special config as template, by substituting {VARIABLE} with the @@ -13,26 +30,92 @@ class HttpConfigBase { * * The following variables are known at the moment: * - * {DOMAIN} - domain name - * {IP} - IP for this domain - * {PORT} - Port for this domain - * {CUSTOMER} - customer name - * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string - * {DOCROOT} - document root for this domain + * {DOMAIN} - domain name + * {IP} - IP for this domain + * {PORT} - Port for this domain + * {CUSTOMER} - customer name + * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string + * {DOCROOT} - document root for this domain * - * @param $template + * @param + * $template * @return string */ - protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) { + protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) + { $templateVars = array( 'DOMAIN' => $domain['domain'], 'CUSTOMER' => $domain['loginname'], 'IP' => $ip, 'PORT' => $port, - 'SCHEME' => ($is_ssl_vhost)?'https':'http', + 'SCHEME' => ($is_ssl_vhost) ? 'https' : 'http', 'DOCROOT' => $domain['documentroot'] ); return replace_variables($template, $templateVars); } -} \ No newline at end of file + protected function getMyPath($ip_port = null) + { + if (! empty($ip_port) && $ip_port['docroot'] == '') { + if (Settings::Get('system.froxlordirectlyviahostname')) { + $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); + } else { + $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__))))); + } + } else { + // user-defined docroot, #417 + $mypath = makeCorrectDir($row_ipsandports['docroot']); + } + return $mypath; + } + + protected function checkAlternativeSslPort() + { + // We must not check if our port differs from port 443, + // but if there is a destination-port != 443 + $_sslport = ''; + // This returns the first port that is != 443 with ssl enabled, + // ordered by ssl-certificate (if any) so that the ip/port combo + // with certificate is used + $ssldestport_stmt = Database::prepare(" + SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip` + WHERE `ip`.`ssl` = '1' AND `ip`.`port` != 443 + ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1; + "); + $ssldestport = Database::pexecute_first($ssldestport_stmt); + + if ($ssldestport['port'] != '') { + $_sslport = ":" . $ssldestport['port']; + } + + return $_sslport; + } + + protected function froxlorVhostHasLetsEncryptCert() + { + // check whether we have an entry with valid certificates which just does not need + // updating yet, so we need to skip this here + $froxlor_ssl_settings_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0' + "); + $froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt); + if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) { + return true; + } + return false; + } + + protected function froxlorVhostLetsEncryptNeedsRenew() + { + $froxlor_ssl_settings_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` + WHERE `domainid` = '0' AND + (`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL) + "); + $froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt); + if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) { + return true; + } + return false; + } +} diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php index 5e460698..8df9055f 100644 --- a/scripts/jobs/cron_letsencrypt.php +++ b/scripts/jobs/cron_letsencrypt.php @@ -27,8 +27,7 @@ if (! extension_loaded('curl')) { exit(); } -$certificates_stmt = Database::query( - " +$certificates_stmt = Database::query(" SELECT domssl.`id`, domssl.`domainid`, @@ -63,8 +62,7 @@ $certificates_stmt = Database::query( ) "); -$aliasdomains_stmt = Database::prepare( - " +$aliasdomains_stmt = Database::prepare(" SELECT dom.`id` as domainid, dom.`domain`, @@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare( AND dom.`iswildcarddomain` = 0 "); -$updcert_stmt = Database::prepare( - " +$updcert_stmt = Database::prepare(" REPLACE INTO `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SET @@ -116,7 +113,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') { ); $froxlor_ssl_settings_stmt = Database::prepare(" - SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` + SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0' AND (`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL) "); @@ -134,69 +131,62 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') { // check whether we have an entry with valid certificates which just does not need // updating yet, so we need to skip this here $froxlor_ssl_settings_stmt = Database::prepare(" - SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = '0' + SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0' "); $froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt); - if ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) { + if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) { $insert_or_update_required = false; } } - if ($insert_or_update_required) - { + if ($insert_or_update_required) { $domains = array( $certrow['domain'], - 'www.'.$certrow['domain'] + 'www.' . $certrow['domain'] ); // Only renew let's encrypt certificate if no broken ssl_redirect is enabled - if ($certrow['ssl_redirect'] != 2) { - $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']); + // - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']); - $cronlog = FroxlorLogger::getInstanceOf(array( - 'loginname' => $certrow['loginname'] + $cronlog = FroxlorLogger::getInstanceOf(array( + 'loginname' => $certrow['loginname'] + )); + + try { + // Initialize Lescript with documentroot + $le = new lescript($cronlog, $version); + + // Initialize Lescript + $le->initAccount($certrow, true); + + // Request the new certificate (old key may be used) + $return = $le->signDomains($domains, $certrow['ssl_key_file']); + + // We are interessted in the expirationdate + $newcert = openssl_x509_parse($return['crt']); + + // Store the new data + Database::pexecute($updcert_stmt, array( + 'id' => $certrow['id'], + 'domainid' => $certrow['domainid'], + 'crt' => $return['crt'], + 'key' => $return['key'], + 'ca' => $return['chain'], + 'chain' => $return['chain'], + 'csr' => $return['csr'], + 'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']) )); - try { - // Initialize Lescript with documentroot - $le = new lescript($cronlog, $version); - - // Initialize Lescript - $le->initAccount($certrow, true); - - // Request the new certificate (old key may be used) - $return = $le->signDomains($domains, $certrow['ssl_key_file']); - - // We are interessted in the expirationdate - $newcert = openssl_x509_parse($return['crt']); - - // Store the new data - Database::pexecute($updcert_stmt, - array( - 'id' => $certrow['id'], - 'domainid' => $certrow['domainid'], - 'crt' => $return['crt'], - 'key' => $return['key'], - 'ca' => $return['chain'], - 'chain' => $return['chain'], - 'csr' => $return['csr'], - 'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']) - )); - - if ($certrow['ssl_redirect'] == 3) { - Settings::Set('system.le_froxlor_redirect', '1'); - } - - $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']); - - $changedetected = 1; - } catch (Exception $e) { - $cronlog->logAction(CRON_ACTION, LOG_ERR, - "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage()); + if ($certrow['ssl_redirect'] == 3) { + Settings::Set('system.le_froxlor_redirect', '1'); } - } else { - $cronlog->logAction(CRON_ACTION, LOG_WARNING, - "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); + + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']); + + $changedetected = 1; + } catch (Exception $e) { + $cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage()); } } } @@ -252,17 +242,16 @@ foreach ($certrows as $certrow) { $newcert = openssl_x509_parse($return['crt']); // Store the new data - Database::pexecute($updcert_stmt, - array( - 'id' => $certrow['id'], - 'domainid' => $certrow['domainid'], - 'crt' => $return['crt'], - 'key' => $return['key'], - 'ca' => $return['chain'], - 'chain' => $return['chain'], - 'csr' => $return['csr'], - 'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']) - )); + Database::pexecute($updcert_stmt, array( + 'id' => $certrow['id'], + 'domainid' => $certrow['domainid'], + 'crt' => $return['crt'], + 'key' => $return['key'], + 'ca' => $return['chain'], + 'chain' => $return['chain'], + 'csr' => $return['csr'], + 'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']) + )); if ($certrow['ssl_redirect'] == 3) { Database::pexecute($upddom_stmt, array( @@ -274,12 +263,10 @@ foreach ($certrows as $certrow) { $changedetected = 1; } catch (Exception $e) { - $cronlog->logAction(CRON_ACTION, LOG_ERR, - "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage()); + $cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage()); } } else { - $cronlog->logAction(CRON_ACTION, LOG_WARNING, - "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); + $cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); } } diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 06eca8d4..88e30c6f 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -1,4 +1,7 @@ - (2003-2009) - * @author Froxlor team (2010-) - * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt - * @package Cron + * @copyright (c) the authors + * @author Florian Lippert (2003-2009) + * @author Froxlor team (2010-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package Cron * */ -require_once(dirname(__FILE__).'/../classes/class.HttpConfigBase.php'); +require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php'); + +class apache extends HttpConfigBase +{ -class apache extends HttpConfigBase { private $logger = false; + private $idnaConvert = false; // protected protected $known_vhostfilenames = array(); + protected $known_diroptionsfilenames = array(); + protected $known_htpasswdsfilenames = array(); + protected $virtualhosts_data = array(); + protected $diroptions_data = array(); + protected $htpasswds_data = array(); /** @@ -39,14 +50,15 @@ class apache extends HttpConfigBase { */ private $_deactivated = false; - public function __construct($logger, $idnaConvert) { + public function __construct($logger, $idnaConvert) + { $this->logger = $logger; $this->idnaConvert = $idnaConvert; } - - public function reload() { - if ((int)Settings::Get('phpfpm.enabled') == 1) { + public function reload() + { + if ((int) Settings::Get('phpfpm.enabled') == 1) { $this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::reload: reloading php-fpm'); safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload'))); } @@ -54,11 +66,11 @@ class apache extends HttpConfigBase { safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command'))); } - /** * define a standard -statement, bug #32 */ - private function _createStandardDirectoryEntry() { + private function _createStandardDirectoryEntry() + { $vhosts_folder = ''; if (is_dir(Settings::Get('system.apacheconf_vhost'))) { $vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost')); @@ -67,53 +79,43 @@ class apache extends HttpConfigBase { } $vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf'); - if (Settings::Get('system.mod_fcgid') == '1' - || Settings::Get('phpfpm.enabled') == '1' - ) { + if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') { // if we use fcgid or php-fpm we don't need this file if (file_exists($vhosts_filename)) { $this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($vhosts_filename)); unlink(makeCorrectFile($vhosts_filename)); } } else { - if (!isset($this->virtualhosts_data[$vhosts_filename])) { + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; // check for custom values, see #1638 $custom_opts = Settings::Get('system.apacheglobaldiropt'); - if (!empty($custom_opts)) - { - $this->virtualhosts_data[$vhosts_filename].= $custom_opts . "\n"; - } - else - { + if (! empty($custom_opts)) { + $this->virtualhosts_data[$vhosts_filename] .= $custom_opts . "\n"; + } else { // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { - $this->virtualhosts_data[$vhosts_filename].= ' Require all granted' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' AllowOverride All' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n"; } else { - $this->virtualhosts_data[$vhosts_filename].= ' Order allow,deny' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' allow from all' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n"; } } - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; } } - /** * define a default ErrorDocument-statement, bug #unknown-yet */ - private function _createStandardErrorHandler() { - if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' - && (Settings::Get('defaultwebsrverrhandler.err401') != '' - || Settings::Get('defaultwebsrverrhandler.err403') != '' - || Settings::Get('defaultwebsrverrhandler.err404') != '' - || Settings::Get('defaultwebsrverrhandler.err500') != '') - ) { + private function _createStandardErrorHandler() + { + if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) { $vhosts_folder = ''; if (is_dir(Settings::Get('system.apacheconf_vhost'))) { $vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost')); @@ -123,17 +125,22 @@ class apache extends HttpConfigBase { $vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_default_errorhandler.conf'); - if (!isset($this->virtualhosts_data[$vhosts_filename])) { + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } - $statusCodes = array('401', '403', '404', '500'); + $statusCodes = array( + '401', + '403', + '404', + '500' + ); foreach ($statusCodes as $statusCode) { if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') { $defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode); - if (!validateUrl($defhandler)) { - if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') { - $defhandler = '"'.makeCorrectFile($defhandler).'"'; + if (! validateUrl($defhandler)) { + if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') { + $defhandler = '"' . makeCorrectFile($defhandler) . '"'; } } $this->virtualhosts_data[$vhosts_filename] .= 'ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; @@ -142,8 +149,8 @@ class apache extends HttpConfigBase { } } - - public function createIpPort() { + public function createIpPort() + { $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC"); while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { @@ -156,7 +163,7 @@ class apache extends HttpConfigBase { $this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::createIpPort: creating ip/port settings for ' . $ipport); $vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf'); - if (!isset($this->virtualhosts_data[$vhosts_filename])) { + if (! isset($this->virtualhosts_data[$vhosts_filename])) { $this->virtualhosts_data[$vhosts_filename] = ''; } @@ -170,7 +177,7 @@ class apache extends HttpConfigBase { if (Settings::Get('system.apache24') == '1') { $this->logger->logAction(CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4'); } else { - $this->virtualhosts_data[$vhosts_filename].= 'NameVirtualHost ' . $ipport . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n"; $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement'); } } @@ -178,171 +185,180 @@ class apache extends HttpConfigBase { if ($row_ipsandports['vhostcontainer'] == '1') { $this->virtualhosts_data[$vhosts_filename] .= '' . "\n"; - if ($row_ipsandports['docroot'] == '') { - /** - * add 'real'-vhost content here, like doc-root :) - */ - if (Settings::Get('system.froxlordirectlyviahostname')) { - $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); - } else { - $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__))))); - } - } else { - // user-defined docroot, #417 - $mypath = makeCorrectDir($row_ipsandports['docroot']); - } + $mypath = $this->getMyPath($row_ipsandports); - $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "'.$mypath.'"'."\n"; + $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n"; if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') { $this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n"; } - // create fcgid -Part (starter is created in apache_fcgid) - if (Settings::Get('system.mod_fcgid_ownvhost') == '1' - && Settings::Get('system.mod_fcgid') == '1' - ) { - $configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname')); - $this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n"; - if ((int)Settings::Get('system.mod_fcgid_wrapper') == 0) { - $this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . "\n"; + $is_redirect = false; + // check for SSL redirect + if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') { + $is_redirect = true; + // check whether froxlor uses Let's Encrypt and not cert is being generated yet + // or a renew is ongoing - disable redirect + if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) { + $this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL; + $is_redirect = false; } else { + $_sslport = $this->checkAlternativeSslPort(); + + $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; + $code = '301'; + $modrew_red = ' [R=' . $code . ';L,NE]'; + + // redirect everything, not only root-directory, #541 + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' RewriteEngine On' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{HTTPS} off' . "\n"; + if (System::Get('system.le_froxlor_enabled') == '1') { + $this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge' . "\n"; + } + $this->virtualhosts_data[$vhosts_filename] .= ' RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Redirect ' . $code . ' / ' . $mypath . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + } + } + + if (!$is_redirect) { + // create fcgid -Part (starter is created in apache_fcgid) + if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') { + $configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname')); + $this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n"; + if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) { + $this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . "\n"; + } else { + $domain = array( + 'id' => 'none', + 'domain' => Settings::Get('system.hostname'), + 'adminid' => 1, /* first admin-user (superadmin) */ + 'mod_fcgid_starter' => - 1, + 'mod_fcgid_maxrequests' => - 1, + 'guid' => Settings::Get('phpfpm.vhost_httpuser'), + 'openbasedir' => 0, + 'email' => Settings::Get('panel.adminmail'), + 'loginname' => 'froxlor.panel', + 'documentroot' => $mypath + ); + $php = new phpinterface($domain); + $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost')); + + $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter'); + $this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $file_extensions = explode(' ', $phpconfig['file_extensions']); + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SetHandler fcgid-script' . "\n"; + foreach ($file_extensions as $file_extension) { + $this->virtualhosts_data[$vhosts_filename] .= ' FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n"; + } + $this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + // >=apache-2.4 enabled? + if (Settings::Get('system.apache24') == '1') { + $mypath_dir = new frxDirectory($mypath); + // only create the require all granted if there is not active directory-protection + // for this path, as this would be the first require and therefore grant all access + if ($mypath_dir->isUserProtected() == false) { + $this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n"; + } + } else { + $this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n"; + } + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + } + } // create php-fpm -Part (config is created in apache_fcgid) + elseif (Settings::Get('phpfpm.enabled') == '1') { $domain = array( 'id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, /* first admin-user (superadmin) */ - 'mod_fcgid_starter' => -1, - 'mod_fcgid_maxrequests' => -1, + 'mod_fcgid_starter' => - 1, + 'mod_fcgid_maxrequests' => - 1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath ); + $php = new phpinterface($domain); - $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost')); - - $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter'); - $this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; - $file_extensions = explode(' ', $phpconfig['file_extensions']); - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' SetHandler fcgid-script' . "\n"; - foreach ($file_extensions as $file_extension) { - $this->virtualhosts_data[$vhosts_filename].= ' FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n"; + $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini')); + $srvName = substr(md5($ipport), 0, 4) . '.fpm.external'; + if ($row_ipsandports['ssl']) { + $srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external'; } - $this->virtualhosts_data[$vhosts_filename].= ' Options +ExecCGI' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; - // >=apache-2.4 enabled? - if (Settings::Get('system.apache24') == '1') { - $mypath_dir = new frxDirectory($mypath); - // only create the require all granted if there is not active directory-protection - // for this path, as this would be the first require and therefore grant all access - if ($mypath_dir->isUserProtected() == false) { - $this->virtualhosts_data[$vhosts_filename].= ' Require all granted' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' AllowOverride All' . "\n"; - } + + // mod_proxy stuff for apache-2.4 + if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') { + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; } else { - $this->virtualhosts_data[$vhosts_filename].= ' Order allow,deny' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' allow from all' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $file_extensions = explode(' ', $phpconfig['file_extensions']); + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php5-fastcgi .php' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Action php5-fastcgi /fastcgiphp' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + // >=apache-2.4 enabled? + if (Settings::Get('system.apache24') == '1') { + $mypath_dir = new frxDirectory($mypath); + // only create the require all granted if there is not active directory-protection + // for this path, as this would be the first require and therefore grant all access + if ($mypath_dir->isUserProtected() == false) { + $this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n"; + } + } else { + $this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n"; + } + $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n"; } - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; - } - } - // create php-fpm -Part (config is created in apache_fcgid) - elseif (Settings::Get('phpfpm.enabled') == '1') { - $domain = array( - 'id' => 'none', - 'domain' => Settings::Get('system.hostname'), - 'adminid' => 1, /* first admin-user (superadmin) */ - 'mod_fcgid_starter' => -1, - 'mod_fcgid_maxrequests' => -1, - 'guid' => Settings::Get('phpfpm.vhost_httpuser'), - 'openbasedir' => 0, - 'email' => Settings::Get('panel.adminmail'), - 'loginname' => 'froxlor.panel', - 'documentroot' => $mypath, - ); - - $php = new phpinterface($domain); - $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini')); - $srvName = substr(md5($ipport),0,4).'.fpm.external'; - if ($row_ipsandports['ssl']) { - $srvName = substr(md5($ipport),0,4).'.ssl-fpm.external'; - } - - // mod_proxy stuff for apache-2.4 - if (Settings::Get('system.apache24') == '1' - && Settings::Get('phpfpm.use_mod_proxy') == '1' - ) { - $this->virtualhosts_data[$vhosts_filename] .= ' '. "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost'. "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - } else { - $this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName .' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - $file_extensions = explode(' ', $phpconfig['file_extensions']); - $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php5-fastcgi .php'. "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' Action php5-fastcgi /fastcgiphp' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' Options +ExecCGI' . "\n"; - $this->virtualhosts_data[$vhosts_filename].= ' ' . "\n"; - // >=apache-2.4 enabled? - if (Settings::Get('system.apache24') == '1') { - $mypath_dir = new frxDirectory($mypath); - // only create the require all granted if there is not active directory-protection - // for this path, as this would be the first require and therefore grant all access - if ($mypath_dir->isUserProtected() == false) { - $this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n"; - } - } else { - $this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n"; - } - $this->virtualhosts_data[$vhosts_filename] .= ' ' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n"; - } - } - else - { - // mod_php - $domain = array( - 'id' => 'none', - 'domain' => Settings::Get('system.hostname'), - 'adminid' => 1, /* first admin-user (superadmin) */ + // mod_php + $domain = array( + 'id' => 'none', + 'domain' => Settings::Get('system.hostname'), + 'adminid' => 1, /* first admin-user (superadmin) */ 'guid' => Settings::Get('system.httpuser'), - 'openbasedir' => 0, - 'email' => Settings::Get('panel.adminmail'), - 'loginname' => 'froxlor.panel', - 'documentroot' => $mypath - ); - } + 'openbasedir' => 0, + 'email' => Settings::Get('panel.adminmail'), + 'loginname' => 'froxlor.panel', + 'documentroot' => $mypath + ); + } + } // end of ssl-redirect check /** * dirprotection, see #72 - * @TODO deferred until 0.9.5, needs more testing - $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; - - $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n"; - $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; - * end of dirprotection + * + * @todo deferred until 0.9.5, needs more testing + * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; + * + * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n"; + * $this->virtualhosts_data[$vhosts_filename] .= "\t\n"; + * end of dirprotection */ if ($row_ipsandports['specialsettings'] != '') { - $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate( - $row_ipsandports['specialsettings'], - $domain, - $row_ipsandports['ip'], - $row_ipsandports['port'], - $row_ipsandports['ssl'] == '1') . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n"; } if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { @@ -369,7 +385,7 @@ class apache extends HttpConfigBase { 'adminid' => 1, /* first admin-user (superadmin) */ 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, - 'parentdomainid' => 0, + 'parentdomainid' => 0 ); // override corresponding array values @@ -387,9 +403,9 @@ class apache extends HttpConfigBase { if ($domain['ssl_cert_file'] != '') { // check for existence, #1485 - if (!file_exists($domain['ssl_cert_file'])) { - $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "'.$domain['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); - echo $ipport . ' :: certificate file "'.$domain['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n"; + if (! file_exists($domain['ssl_cert_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n"; } else { $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n"; @@ -402,9 +418,9 @@ class apache extends HttpConfigBase { if ($domain['ssl_key_file'] != '') { // check for existence, #1485 - if (!file_exists($domain['ssl_key_file'])) { - $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "'.$domain['ssl_key_file'].'" does not exist! Cannot create ssl-directives'); - echo $ipport . ' :: certificate key file "'.$domain['ssl_key_file'].'" does not exist! SSL-directives might not be working'."\n"; + if (! file_exists($domain['ssl_key_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "' . $domain['ssl_key_file'] . '" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate key file "' . $domain['ssl_key_file'] . '" does not exist! SSL-directives might not be working' . "\n"; } else { $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n"; } @@ -412,9 +428,9 @@ class apache extends HttpConfigBase { if ($domain['ssl_ca_file'] != '') { // check for existence, #1485 - if (!file_exists($domain['ssl_ca_file'])) { - $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "'.$domain['ssl_ca_file'].'" does not exist! Cannot create ssl-directives'); - echo $ipport . ' :: certificate CA file "'.$domain['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n"; + if (! file_exists($domain['ssl_ca_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n"; } else { $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n"; } @@ -423,9 +439,9 @@ class apache extends HttpConfigBase { // #418 if ($domain['ssl_cert_chainfile'] != '') { // check for existence, #1485 - if (!file_exists($domain['ssl_cert_chainfile'])) { - $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "'.$domain['ssl_cert_chainfile'].'" does not exist! Cannot create ssl-directives'); - echo $ipport . ' :: certificate chain file "'.$domain['ssl_cert_chainfile'].'" does not exist! SSL-directives might not be working'."\n"; + if (! file_exists($domain['ssl_cert_chainfile'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "' . $domain['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate chain file "' . $domain['ssl_cert_chainfile'] . '" does not exist! SSL-directives might not be working' . "\n"; } else { $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n"; } @@ -451,7 +467,6 @@ class apache extends HttpConfigBase { $this->_createStandardErrorHandler(); } - /** * We put together the needed php options in the virtualhost entries * @@ -460,29 +475,26 @@ class apache extends HttpConfigBase { * * @return string */ - protected function composePhpOptions($domain, $ssl_vhost = false) { + protected function composePhpOptions($domain, $ssl_vhost = false) + { $php_options_text = ''; if ($domain['phpenabled'] == '1') { // This vHost has PHP enabled and we are using the regular mod_php - if ($domain['openbasedir'] == '1') - { - if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) - { - $_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true); - } - else - { - $_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true); - } + if ($domain['openbasedir'] == '1') { + if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) { + $_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true); + } else { + $_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true); + } $_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir')); foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } - $php_options_text .= ' php_admin_value open_basedir "' . $_phpappendopenbasedir . '"'."\n"; + $php_options_text .= ' php_admin_value open_basedir "' . $_phpappendopenbasedir . '"' . "\n"; } } else { $php_options_text .= ' # PHP is disabled for this vHost' . "\n"; @@ -494,22 +506,22 @@ class apache extends HttpConfigBase { * why is this here? Because it only works with mod_php */ if (Settings::get('system.apacheitksupport') == 1) { - $php_options_text .= ' ' . "\n"; - $php_options_text .= ' AssignUserID '. $domain['loginname'] . ' ' . $domain['loginname'] . "\n"; - $php_options_text .= ' ' . "\n"; + $php_options_text .= ' ' . "\n"; + $php_options_text .= ' AssignUserID ' . $domain['loginname'] . ' ' . $domain['loginname'] . "\n"; + $php_options_text .= ' ' . "\n"; } return $php_options_text; } - - public function createOwnVhostStarter() {} - + public function createOwnVhostStarter() + {} /** * We collect all servernames and Aliases */ - protected function getServerNames($domain) { + protected function getServerNames($domain) + { $servernames_text = ' ServerName ' . $domain['domain'] . "\n"; $server_alias = ''; @@ -528,7 +540,9 @@ class apache extends HttpConfigBase { FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain`= :domainid "); - Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id'])); + Database::pexecute($alias_domains_stmt, array( + 'domainid' => $domain['id'] + )); while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) { $server_alias = ' ServerAlias ' . $alias_domain['domain']; @@ -548,18 +562,16 @@ class apache extends HttpConfigBase { return $servernames_text; } - /** * Let's get the webroot */ - protected function getWebroot($domain) { + protected function getWebroot($domain) + { $webroot_text = ''; $domain['customerroot'] = makeCorrectDir($domain['customerroot']); $domain['documentroot'] = makeCorrectDir($domain['documentroot']); - if ($domain['deactivated'] == '1' - && Settings::Get('system.deactivateddocroot') != '' - ) { + if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') { $webroot_text .= ' # Using docroot for deactivated users...' . "\n"; $webroot_text .= ' DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n"; $this->_deactivated = true; @@ -571,11 +583,11 @@ class apache extends HttpConfigBase { return $webroot_text; } - /** * Lets set the text part for the stats software */ - protected function getStats($domain) { + protected function getStats($domain) + { $stats_text = ''; if ($domain['speciallogfile'] == '1') { @@ -589,31 +601,29 @@ class apache extends HttpConfigBase { } else { if ($domain['customerroot'] != $domain['documentroot']) { if (Settings::Get('system.awstats_enabled') == '1') { - $stats_text.= ' Alias /awstats "' . makeCorrectFile($domain['customerroot'] . '/awstats/' . $domain['domain']) . '"' . "\n"; - $stats_text.= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n"; + $stats_text .= ' Alias /awstats "' . makeCorrectFile($domain['customerroot'] . '/awstats/' . $domain['domain']) . '"' . "\n"; + $stats_text .= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n"; } else { - $stats_text.= ' Alias /webalizer "' . makeCorrectFile($domain['customerroot'] . '/webalizer') . '"' . "\n"; + $stats_text .= ' Alias /webalizer "' . makeCorrectFile($domain['customerroot'] . '/webalizer') . '"' . "\n"; } - } - // if the docroots are equal, we still have to set an alias for awstats + } // if the docroots are equal, we still have to set an alias for awstats // because the stats are in /awstats/[domain], not just /awstats/ // also, the awstats-icons are someplace else too! // -> webalizer does not need this! elseif (Settings::Get('system.awstats_enabled') == '1') { - $stats_text.= ' Alias /awstats "' . makeCorrectFile($domain['documentroot'] . '/awstats/' . $domain['domain']) . '"' . "\n"; - $stats_text.= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n"; + $stats_text .= ' Alias /awstats "' . makeCorrectFile($domain['documentroot'] . '/awstats/' . $domain['domain']) . '"' . "\n"; + $stats_text .= ' Alias /awstats-icon "' . makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n"; } } return $stats_text; } - /** * Lets set the logfiles */ - protected function getLogfiles($domain) { - + protected function getLogfiles($domain) + { $logfiles_text = ''; if ($domain['speciallogfile'] == '1') { @@ -640,10 +650,10 @@ class apache extends HttpConfigBase { chgrp($access_log, Settings::Get('system.httpgroup')); $logfiles_text .= ' ErrorLog "' . $error_log . "\"\n"; - $logfiles_text .= ' CustomLog "' . $access_log .'" combined' . "\n"; + $logfiles_text .= ' CustomLog "' . $access_log . '" combined' . "\n"; if (Settings::Get('system.awstats_enabled') == '1') { - if ((int)$domain['parentdomainid'] == 0) { + if ((int) $domain['parentdomainid'] == 0) { // prepare the aliases and subdomains for stats config files $server_alias = ''; $alias_domains_stmt = Database::prepare(" @@ -651,7 +661,9 @@ class apache extends HttpConfigBase { FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid "); - Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id'])); + Database::pexecute($alias_domains_stmt, array( + 'domainid' => $domain['id'] + )); while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) { @@ -682,31 +694,24 @@ class apache extends HttpConfigBase { return $logfiles_text; } - /** * Get the filename for the virtualhost */ - protected function getVhostFilename($domain, $ssl_vhost = false) { - if ((int)$domain['parentdomainid'] == 0 - && isCustomerStdSubdomain((int)$domain['id']) == false - && ((int)$domain['ismainbutsubto'] == 0 - || domainMainToSubExists($domain['ismainbutsubto']) == false) - ) { + protected function getVhostFilename($domain, $ssl_vhost = false) + { + if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) { $vhost_no = '35'; - } elseif ((int)$domain['parentdomainid'] == 0 - && isCustomerStdSubdomain((int)$domain['id']) == false - && (int)$domain['ismainbutsubto'] > 0 - ) { + } elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) { $vhost_no = '30'; } else { // number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth - $vhost_no = (string)(30 - substr_count($domain['domain'], ".") + 1); + $vhost_no = (string) (30 - substr_count($domain['domain'], ".") + 1); } if ($ssl_vhost === true) { - $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/'.$vhost_no.'_froxlor_ssl_vhost_' . $domain['domain'] . '.conf'); + $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_ssl_vhost_' . $domain['domain'] . '.conf'); } else { - $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/'.$vhost_no.'_froxlor_normal_vhost_' . $domain['domain'] . '.conf'); + $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_normal_vhost_' . $domain['domain'] . '.conf'); } return $vhost_filename; @@ -715,20 +720,16 @@ class apache extends HttpConfigBase { /** * We compose the virtualhost entry for one domain */ - protected function getVhostContent($domain, $ssl_vhost = false) { - if ($ssl_vhost === true - && ($domain['ssl_redirect'] != '1' - && $domain['ssl'] != '1') - ) { + protected function getVhostContent($domain, $ssl_vhost = false) + { + if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) { return ''; } - $query = "SELECT * FROM `".TABLE_PANEL_IPSANDPORTS."` `i`, `".TABLE_DOMAINTOIP."` `dip` + $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip` WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; - if ($ssl_vhost === true - && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') - ) { + if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) { // by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields $query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;"; } else { @@ -737,7 +738,9 @@ class apache extends HttpConfigBase { $vhost_content = ''; $result_stmt = Database::prepare($query); - Database::pexecute($result_stmt, array('domainid' => $domain['id'])); + Database::pexecute($result_stmt, array( + 'domainid' => $domain['id'] + )); $ipportlist = ''; $_vhost_content = ''; @@ -760,29 +763,21 @@ class apache extends HttpConfigBase { } if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - $ipport = '['.$domain['ip'].']:'.$domain['port']. ' '; + $ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' '; } else { - $ipport = $domain['ip'].':'.$domain['port'].' '; + $ipport = $domain['ip'] . ':' . $domain['port'] . ' '; } if ($ipandport['default_vhostconf_domain'] != '') { - $_vhost_content .= $this->processSpecialConfigTemplate( - $ipandport['default_vhostconf_domain'], - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost) . "\n"; + $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } $ipportlist .= $ipport; } $vhost_content .= '' . "\n"; - $vhost_content.= $this->getServerNames($domain); + $vhost_content .= $this->getServerNames($domain); - if (($ssl_vhost == false - && $domain['ssl'] == '1' - && $domain['ssl_redirect'] == '1') - ) { + if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) { // We must not check if our port differs from port 443, // but if there is a destination-port != 443 $_sslport = ''; @@ -790,25 +785,24 @@ class apache extends HttpConfigBase { // ordered by ssl-certificate (if any) so that the ip/port combo // with certificate is used $ssldestport_stmt = Database::prepare(" - SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip` - LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) + SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip` + LEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) WHERE `dip`.`id_domain` = :domainid AND `ip`.`ssl` = '1' AND `ip`.`port` != 443 ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1; "); - $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id'])); + $ssldestport = Database::pexecute_first($ssldestport_stmt, array( + 'domainid' => $domain['id'] + )); if ($ssldestport['port'] != '') { - $_sslport = ":".$ssldestport['port']; + $_sslport = ":" . $ssldestport['port']; } $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } - if ($ssl_vhost === true - && $domain['ssl'] == '1' - && Settings::Get('system.use_ssl') == '1' - ) { + if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { if ($domain['ssl_cert_file'] == '') { $domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); } @@ -876,41 +870,35 @@ class apache extends HttpConfigBase { $code = getDomainRedirectCode($domain['id']); $modrew_red = ''; if ($code != '') { - $modrew_red = ' [R='. $code . ';L,NE]'; + $modrew_red = ' [R=' . $code . ';L,NE]'; } // redirect everything, not only root-directory, #541 - $vhost_content .= ' '."\n"; + $vhost_content .= ' ' . "\n"; $vhost_content .= ' RewriteEngine On' . "\n"; - if (!$ssl_vhost) { + if (! $ssl_vhost) { $vhost_content .= ' RewriteCond %{HTTPS} off' . "\n"; } if ($domain['letsencrypt'] == '1') { $vhost_content .= ' RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge' . "\n"; } - $vhost_content .= ' RewriteRule ^/(.*) '. $corrected_docroot.'$1' . $modrew_red . "\n"; + $vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1' . $modrew_red . "\n"; $vhost_content .= ' ' . "\n"; - $vhost_content .= ' '."\n"; - $vhost_content .= ' Redirect '.$code.' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n"; + $vhost_content .= ' ' . "\n"; + $vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n"; $vhost_content .= ' ' . "\n"; - } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true); $vhost_content .= $this->getWebroot($domain); if ($this->_deactivated == false) { - $vhost_content .= $this->composePhpOptions($domain,$ssl_vhost); + $vhost_content .= $this->composePhpOptions($domain, $ssl_vhost); $vhost_content .= $this->getStats($domain); } $vhost_content .= $this->getLogfiles($domain); if ($domain['specialsettings'] != '') { - $vhost_content .= $this->processSpecialConfigTemplate( - $domain['specialsettings'], - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost) . "\n"; + $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } if ($_vhost_content != '') { @@ -918,12 +906,7 @@ class apache extends HttpConfigBase { } if (Settings::Get('system.default_vhostconf') != '') { - $vhost_content .= $this->processSpecialConfigTemplate( - Settings::Get('system.default_vhostconf'), - $domain, - $domain['ip'], - $domain['port'], - $ssl_vhost) . "\n"; + $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } } @@ -932,12 +915,11 @@ class apache extends HttpConfigBase { return $vhost_content; } - /** * We compose the virtualhost entries for the domains */ - public function createVirtualHosts() { - + public function createVirtualHosts() + { $domains = WebserverBase::getVhostsToCreate(); foreach ($domains as $domain) { @@ -947,11 +929,9 @@ class apache extends HttpConfigBase { // Apply header $this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n"; - if ($domain['deactivated'] != '1' - || Settings::Get('system.deactivateddocroot') != '' - ) { + if ($domain['deactivated'] != '1' || Settings::Get('system.deactivateddocroot') != '') { // Create vhost without ssl - $this->virtualhosts_data[$vhosts_filename].= $this->getVhostContent($domain, false); + $this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false); if ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') { // Adding ssl stuff if enabled @@ -965,11 +945,11 @@ class apache extends HttpConfigBase { } } - /** * We compose the diroption entries for the paths */ - public function createFileDirOptions() { + public function createFileDirOptions() + { $result_stmt = Database::query(" SELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot` FROM `" . TABLE_PANEL_HTACCESS . "` `htac` @@ -979,10 +959,7 @@ class apache extends HttpConfigBase { $diroptions = array(); while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) { - if ($row_diroptions['customerid'] != 0 - && isset($row_diroptions['customerroot']) - && $row_diroptions['customerroot'] != '' - ) { + if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') { $diroptions[$row_diroptions['path']] = $row_diroptions; $diroptions[$row_diroptions['path']]['htpasswds'] = array(); } @@ -996,11 +973,8 @@ class apache extends HttpConfigBase { "); while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) { - if ($row_htpasswds['customerid'] != 0 - && isset($row_htpasswds['customerroot']) - && $row_htpasswds['customerroot'] != '' - ) { - if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) { + if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') { + if (! isset($diroptions[$row_htpasswds['path']]) || ! is_array($diroptions[$row_htpasswds['path']])) { $diroptions[$row_htpasswds['path']] = array(); } @@ -1017,7 +991,7 @@ class apache extends HttpConfigBase { mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']); $diroptions_filename = makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf'); - if (!isset($this->diroptions_data[$diroptions_filename])) { + if (! isset($this->diroptions_data[$diroptions_filename])) { $this->diroptions_data[$diroptions_filename] = ''; } @@ -1026,59 +1000,48 @@ class apache extends HttpConfigBase { $this->diroptions_data[$diroptions_filename] .= '' . "\n"; - if (isset($row_diroptions['options_indexes']) - && $row_diroptions['options_indexes'] == '1' - ) { + if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' Options +Indexes'; // add perl options if enabled - if ($cperlenabled - && isset($row_diroptions['options_cgi']) - && $row_diroptions['options_cgi'] == '1' - ) { - $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n"; + if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { + $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options +Indexes for ' . $row_diroptions['path']); } - if (isset($row_diroptions['options_indexes']) - && $row_diroptions['options_indexes'] == '0' - ) { + if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') { $this->diroptions_data[$diroptions_filename] .= ' Options -Indexes'; // add perl options if enabled - if ($cperlenabled - && isset($row_diroptions['options_cgi']) - && $row_diroptions['options_cgi'] == '1' - ) { - $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks'."\n"; + if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { + $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options -Indexes for ' . $row_diroptions['path']); } - $statusCodes = array('404', '403', '500'); + $statusCodes = array( + '404', + '403', + '500' + ); foreach ($statusCodes as $statusCode) { - if (isset($row_diroptions['error' . $statusCode . 'path']) - && $row_diroptions['error' . $statusCode . 'path'] != '' - ) { + if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') { $defhandler = $row_diroptions['error' . $statusCode . 'path']; - if (!validateUrl($defhandler)) { - if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') { - $defhandler = '"'.makeCorrectFile($defhandler).'"'; + if (! validateUrl($defhandler)) { + if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') { + $defhandler = '"' . makeCorrectFile($defhandler) . '"'; } } - $this->diroptions_data[$diroptions_filename].= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; + $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; } } - if ($cperlenabled - && isset($row_diroptions['options_cgi']) - && $row_diroptions['options_cgi'] == '1' - ) { + if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n"; // >=apache-2.4 enabled? @@ -1088,7 +1051,7 @@ class apache extends HttpConfigBase { // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $this->diroptions_data[$diroptions_filename] .= ' Require all granted' . "\n"; - //$this->diroptions_data[$diroptions_filename] .= ' AllowOverride All' . "\n"; + // $this->diroptions_data[$diroptions_filename] .= ' AllowOverride All' . "\n"; } } else { $this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n"; @@ -1097,39 +1060,39 @@ class apache extends HttpConfigBase { $this->logger->logAction(CRON_ACTION, LOG_INFO, 'Enabling perl execution for ' . $row_diroptions['path']); // check for suexec-workaround, #319 - if ((int)Settings::Get('perl.suexecworkaround') == 1) { + if ((int) Settings::Get('perl.suexecworkaround') == 1) { // symlink this directory to suexec-safe-path $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); - $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath').'/'.$loginname.'/'.md5($row_diroptions['path']).'/'); + $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); - if (!file_exists($suexecpath)) { - safe_exec('mkdir -p '.escapeshellarg($suexecpath)); - safe_exec('chown -R '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($suexecpath)); + if (! file_exists($suexecpath)) { + safe_exec('mkdir -p ' . escapeshellarg($suexecpath)); + safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath)); } // symlink to {$givenpath}/cgi-bin // NOTE: symlinks are FILES, so do not append a / here - $perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin'); - if (!file_exists($perlsymlink)) { - safe_exec('ln -s '.escapeshellarg($suexecpath).' '.escapeshellarg($perlsymlink)); + $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); + if (! file_exists($perlsymlink)) { + safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink)); } - safe_exec('chown -h '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($perlsymlink)); + safe_exec('chown -h ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink)); } } else { // if no perl-execution is enabled but the workaround is, // we have to remove the symlink and folder in suexecpath - if ((int)Settings::Get('perl.suexecworkaround') == 1) { + if ((int) Settings::Get('perl.suexecworkaround') == 1) { $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); - $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath').'/'.$loginname.'/'.md5($row_diroptions['path']).'/'); - $perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin'); + $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); + $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); // remove symlink if (file_exists($perlsymlink)) { - safe_exec('rm -f '.escapeshellarg($perlsymlink)); + safe_exec('rm -f ' . escapeshellarg($perlsymlink)); } // remove folder in suexec-path if (file_exists($suexecpath)) { - safe_exec('rm -rf '.escapeshellarg($suexecpath)); + safe_exec('rm -rf ' . escapeshellarg($suexecpath)); } } } @@ -1137,7 +1100,7 @@ class apache extends HttpConfigBase { if (count($row_diroptions['htpasswds']) > 0) { $htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd'); - if (!isset($this->htpasswds_data[$htpasswd_filename])) { + if (! isset($this->htpasswds_data[$htpasswd_filename])) { $this->htpasswds_data[$htpasswd_filename] = ''; } @@ -1146,7 +1109,7 @@ class apache extends HttpConfigBase { } $this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n"; - $this->diroptions_data[$diroptions_filename] .= ' AuthName "'.$row_htpasswd['authname'].'"' . "\n"; + $this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n"; $this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n"; } @@ -1156,22 +1119,22 @@ class apache extends HttpConfigBase { } } - /** * We write the configs */ - public function writeConfigs() { + public function writeConfigs() + { // Write diroptions $this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_diroptions')); if (count($this->diroptions_data) > 0) { $optsDir = new frxDirectory(Settings::Get('system.apacheconf_diroptions')); - if (!$optsDir->isConfigDir()) { + if (! $optsDir->isConfigDir()) { // Save one big file $diroptions_file = ''; foreach ($this->diroptions_data as $diroptions_filename => $diroptions_content) { - $diroptions_file.= $diroptions_content . "\n\n"; + $diroptions_file .= $diroptions_content . "\n\n"; } $diroptions_filename = Settings::Get('system.apacheconf_diroptions'); @@ -1182,7 +1145,7 @@ class apache extends HttpConfigBase { fwrite($diroptions_file_handler, $diroptions_file); fclose($diroptions_file_handler); } else { - if (!file_exists(Settings::Get('system.apacheconf_diroptions'))) { + if (! file_exists(Settings::Get('system.apacheconf_diroptions'))) { $this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_diroptions')))); safe_exec('mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_diroptions')))); } @@ -1204,7 +1167,7 @@ class apache extends HttpConfigBase { $this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_htpasswddir')); if (count($this->htpasswds_data) > 0) { - if (!file_exists(Settings::Get('system.apacheconf_htpasswddir'))) { + if (! file_exists(Settings::Get('system.apacheconf_htpasswddir'))) { $umask = umask(); umask(0000); mkdir(Settings::Get('system.apacheconf_htpasswddir'), 0751); @@ -1229,24 +1192,24 @@ class apache extends HttpConfigBase { if (count($this->virtualhosts_data) > 0) { $vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost')); - if (!$vhostDir->isConfigDir()) { + if (! $vhostDir->isConfigDir()) { // Save one big file $vhosts_file = ''; // sort by filename so the order is: - // 1. subdomains x-29 - // 2. subdomains as main-domains 30 - // 3. main-domains 35 + // 1. subdomains x-29 + // 2. subdomains as main-domains 30 + // 3. main-domains 35 // #437 ksort($this->virtualhosts_data); foreach ($this->virtualhosts_data as $vhosts_filename => $vhost_content) { - $vhosts_file.= $vhost_content . "\n\n"; + $vhosts_file .= $vhost_content . "\n\n"; } // Include diroptions file in case it exists if (file_exists(Settings::Get('system.apacheconf_diroptions'))) { - $vhosts_file.= "\n" . 'Include ' . Settings::Get('system.apacheconf_diroptions') . "\n\n"; + $vhosts_file .= "\n" . 'Include ' . Settings::Get('system.apacheconf_diroptions') . "\n\n"; } $vhosts_filename = Settings::Get('system.apacheconf_vhost'); @@ -1257,7 +1220,7 @@ class apache extends HttpConfigBase { fwrite($vhosts_file_handler, $vhosts_file); fclose($vhosts_file_handler); } else { - if (!file_exists(Settings::Get('system.apacheconf_vhost'))) { + if (! file_exists(Settings::Get('system.apacheconf_vhost'))) { $this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::writeConfigs: mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost')))); safe_exec('mkdir ' . escapeshellarg(makeCorrectDir(Settings::Get('system.apacheconf_vhost')))); } @@ -1275,6 +1238,4 @@ class apache extends HttpConfigBase { } } } - - } diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index 1b7dfadb..664dc617 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -100,57 +100,69 @@ class lighttpd extends HttpConfigBase $this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n"; $this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\.|)' . $myhost . '$" {' . "\n"; - if ($row_ipsandports['docroot'] == '') { - if (Settings::Get('system.froxlordirectlyviahostname')) { - $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); - } else { - $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__))))); - } - } else { - // user-defined docroot, #417 - $mypath = makeCorrectDir($row_ipsandports['docroot']); - } + $mypath = $this->getMyPath($row_ipsandports); $this->lighttpd_data[$vhost_filename] .= ' server.document-root = "' . $mypath . '"' . "\n"; - /** - * dirprotection, see #72 - * - * @todo use better regex for this, deferred until 0.9.5 - * - * $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n"; - * $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n"; - * $this->lighttpd_data[$vhost_filename].= ' }' . "\n"; - */ + $is_redirect = false; + // check for SSL redirect + if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') { + $is_redirect = true; + // check whether froxlor uses Let's Encrypt and not cert is being generated yet + // or a renew is ongoing - disable redirect + if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) { + $this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL; + $is_redirect = false; + } else { + $_sslport = $this->checkAlternativeSslPort(); + $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; - /** - * own php-fpm vhost - */ - if ((int) Settings::Get('phpfpm.enabled') == 1) { - $domain = array( - 'id' => 'none', - 'domain' => Settings::Get('system.hostname'), - 'adminid' => 1, /* first admin-user (superadmin) */ - 'mod_fcgid_starter' => - 1, - 'mod_fcgid_maxrequests' => - 1, - 'guid' => Settings::Get('phpfpm.vhost_httpuser'), - 'openbasedir' => 0, - 'email' => Settings::Get('panel.adminmail'), - 'loginname' => 'froxlor.panel', - 'documentroot' => $mypath - ); + $this->lighttpd_data[$vhost_filename] .= ' url.redirect = (' . "\n"; + $this->lighttpd_data[$vhost_filename] .= ' "^/(.*)$" => "' . $mypath . '$1"' . "\n"; + $this->lighttpd_data[$vhost_filename] .= ' )' . "\n"; + } + } - $php = new phpinterface($domain); + if (!$is_redirect) { + /** + * dirprotection, see #72 + * + * @todo use better regex for this, deferred until 0.9.5 + * + * $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n"; + * $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n"; + * $this->lighttpd_data[$vhost_filename].= ' }' . "\n"; + */ - $this->lighttpd_data[$vhost_filename] .= ' fastcgi.server = ( ' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n"; - $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n"; - $this->lighttpd_data[$vhost_filename] .= ' )' . "\n"; + /** + * own php-fpm vhost + */ + if ((int) Settings::Get('phpfpm.enabled') == 1) { + $domain = array( + 'id' => 'none', + 'domain' => Settings::Get('system.hostname'), + 'adminid' => 1, /* first admin-user (superadmin) */ + 'mod_fcgid_starter' => - 1, + 'mod_fcgid_maxrequests' => - 1, + 'guid' => Settings::Get('phpfpm.vhost_httpuser'), + 'openbasedir' => 0, + 'email' => Settings::Get('panel.adminmail'), + 'loginname' => 'froxlor.panel', + 'documentroot' => $mypath + ); + + $php = new phpinterface($domain); + + $this->lighttpd_data[$vhost_filename] .= ' fastcgi.server = ( ' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n"; + $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n"; + $this->lighttpd_data[$vhost_filename] .= ' )' . "\n"; + } } if ($row_ipsandports['specialsettings'] != '') { diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index 985b4f7e..d715f193 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -134,6 +134,8 @@ class nginx extends HttpConfigBase { $this->nginx_data[$vhost_filename] .= 'server { ' . "\n"; + $mypath = $this->getMyPath($row_ipsandports); + // check for ssl before anything else so // we know whether it's an ssl vhost or not $ssl_vhost = false; @@ -191,26 +193,28 @@ class nginx extends HttpConfigBase { $this->nginx_data[$vhost_filename] .= "\t".'server_name ' . Settings::Get('system.hostname') . ';' . "\n"; $this->nginx_data[$vhost_filename] .= "\t".'access_log /var/log/nginx/access.log;' . "\n"; - $mypath = ''; - - // no custom docroot set? - if ($row_ipsandports['docroot'] == '') { - // check whether the hostname should directly point to - // the froxlor-installation or not - if (Settings::Get('system.froxlordirectlyviahostname')) { - $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__)))); + $is_redirect = false; + // check for SSL redirect + if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') { + $is_redirect = true; + // check whether froxlor uses Let's Encrypt and not cert is being generated yet + // or a renew is ongoing - disable redirect + if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) { + $this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL; + $is_redirect = false; } else { - $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__))))); + $_sslport = $this->checkAlternativeSslPort(); + $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; + $this->nginx_data[$vhost_filename] .= "\t".'return 301 '.$mypath.'$request_uri;'."\n"; } - } else { - // user-defined docroot, #417 - $mypath = makeCorrectDir($row_ipsandports['docroot']); } - $this->nginx_data[$vhost_filename] .= "\t".'root '.$mypath.';'."\n"; - $this->nginx_data[$vhost_filename] .= "\t".'index index.php index.html index.htm;'."\n\n"; - $this->nginx_data[$vhost_filename] .= "\t".'location / {'."\n"; - $this->nginx_data[$vhost_filename] .= "\t".'}'."\n"; + if (!$is_redirect) { + $this->nginx_data[$vhost_filename] .= "\t".'root '.$mypath.';'."\n"; + $this->nginx_data[$vhost_filename] .= "\t".'index index.php index.html index.htm;'."\n\n"; + $this->nginx_data[$vhost_filename] .= "\t".'location / {'."\n"; + $this->nginx_data[$vhost_filename] .= "\t".'}'."\n"; + } if ($row_ipsandports['specialsettings'] != '') { $this->nginx_data[$vhost_filename].= $this->processSpecialConfigTemplate( @@ -227,44 +231,46 @@ class nginx extends HttpConfigBase { * SSL config options */ if ($row_ipsandports['ssl'] == '1') { - $row_ipsandports['domain'] = Settings::Get('system.hostname'); + $row_ipsandports['domain'] = Settings::Get('system.hostname'); $this->nginx_data[$vhost_filename].=$this->composeSslSettings($row_ipsandports); } - $this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n"; - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n"; - $this->nginx_data[$vhost_filename] .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n"; - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n"; - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n"; - $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n"; + if (!$is_redirect) { + $this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n"; + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n"; + $this->nginx_data[$vhost_filename] .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n"; + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n"; + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n"; + $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n"; - if ($row_ipsandports['ssl'] == '1') { - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n"; + if ($row_ipsandports['ssl'] == '1') { + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n"; + } + + if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { + $domain = array( + 'id' => 'none', + 'domain' => Settings::Get('system.hostname'), + 'adminid' => 1, /* first admin-user (superadmin) */ + 'mod_fcgid_starter' => -1, + 'mod_fcgid_maxrequests' => -1, + 'guid' => Settings::Get('phpfpm.vhost_httpuser'), + 'openbasedir' => 0, + 'email' => Settings::Get('panel.adminmail'), + 'loginname' => 'froxlor.panel', + 'documentroot' => $mypath, + ); + + $php = new phpinterface($domain); + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n"; + } else { + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n"; + } + + $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n"; + $this->nginx_data[$vhost_filename] .= "\t}\n"; } - if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { - $domain = array( - 'id' => 'none', - 'domain' => Settings::Get('system.hostname'), - 'adminid' => 1, /* first admin-user (superadmin) */ - 'mod_fcgid_starter' => -1, - 'mod_fcgid_maxrequests' => -1, - 'guid' => Settings::Get('phpfpm.vhost_httpuser'), - 'openbasedir' => 0, - 'email' => Settings::Get('panel.adminmail'), - 'loginname' => 'froxlor.panel', - 'documentroot' => $mypath, - ); - - $php = new phpinterface($domain); - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n"; - } else { - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n"; - } - - $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n"; - $this->nginx_data[$vhost_filename] .= "\t}\n"; - $this->nginx_data[$vhost_filename] .= "}\n\n"; // End of Froxlor server{}-part }