try to implement ssl-redirect for froxlor-vhost; combine various settings that are froxlor-vhost related into its own category, fixes #1480
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$certificates_stmt = Database::query(
|
||||
"
|
||||
$certificates_stmt = Database::query("
|
||||
SELECT
|
||||
domssl.`id`,
|
||||
domssl.`domainid`,
|
||||
@@ -63,8 +62,7 @@ $certificates_stmt = Database::query(
|
||||
)
|
||||
");
|
||||
|
||||
$aliasdomains_stmt = Database::prepare(
|
||||
"
|
||||
$aliasdomains_stmt = Database::prepare("
|
||||
SELECT
|
||||
dom.`id` as domainid,
|
||||
dom.`domain`,
|
||||
@@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare(
|
||||
AND dom.`iswildcarddomain` = 0
|
||||
");
|
||||
|
||||
$updcert_stmt = Database::prepare(
|
||||
"
|
||||
$updcert_stmt = Database::prepare("
|
||||
REPLACE INTO
|
||||
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
SET
|
||||
@@ -116,7 +113,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
);
|
||||
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."`
|
||||
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
WHERE `domainid` = '0' AND
|
||||
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
|
||||
");
|
||||
@@ -134,69 +131,62 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
// check whether we have an entry with valid certificates which just does not need
|
||||
// updating yet, so we need to skip this here
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = '0'
|
||||
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
if ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {
|
||||
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
|
||||
$insert_or_update_required = false;
|
||||
}
|
||||
}
|
||||
|
||||
if ($insert_or_update_required)
|
||||
{
|
||||
if ($insert_or_update_required) {
|
||||
$domains = array(
|
||||
$certrow['domain'],
|
||||
'www.'.$certrow['domain']
|
||||
'www.' . $certrow['domain']
|
||||
);
|
||||
|
||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
|
||||
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
|
||||
|
||||
$cronlog = FroxlorLogger::getInstanceOf(array(
|
||||
'loginname' => $certrow['loginname']
|
||||
$cronlog = FroxlorLogger::getInstanceOf(array(
|
||||
'loginname' => $certrow['loginname']
|
||||
));
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog, $version);
|
||||
|
||||
// Initialize Lescript
|
||||
$le->initAccount($certrow, true);
|
||||
|
||||
// Request the new certificate (old key may be used)
|
||||
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
|
||||
|
||||
// We are interessted in the expirationdate
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt, array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog, $version);
|
||||
|
||||
// Initialize Lescript
|
||||
$le->initAccount($certrow, true);
|
||||
|
||||
// Request the new certificate (old key may be used)
|
||||
$return = $le->signDomains($domains, $certrow['ssl_key_file']);
|
||||
|
||||
// We are interessted in the expirationdate
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Settings::Set('system.le_froxlor_redirect', '1');
|
||||
}
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Settings::Set('system.le_froxlor_redirect', '1');
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -252,17 +242,16 @@ foreach ($certrows as $certrow) {
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
Database::pexecute($updcert_stmt, array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Database::pexecute($upddom_stmt, array(
|
||||
@@ -274,12 +263,10 @@ foreach ($certrows as $certrow) {
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user