maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

try to implement ssl-redirect for froxlor-vhost; combine various settings that are froxlor-vhost related into its own category, fixes #1480

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2016-09-11 17:48:08 +02:00
parent 28461de7bc
commit b8c2047379
15 changed files with 931 additions and 823 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
actions/admin/settings/120.system.php
View File

@@ -69,14 +69,6 @@ return array(
'save_method' => 'storeSettingHostname',
'plausibility_check_method' => 'checkHostname',
),
'system_froxlordirectlyviahostname' => array(
'label' => $lng['serversettings']['froxlordirectlyviahostname'],
'settinggroup' => 'system',
'varname' => 'froxlordirectlyviahostname',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
),
'system_validatedomain' => array(
'label' => $lng['serversettings']['validate_domain'],
'settinggroup' => 'system',

163
actions/admin/settings/122.froxlorvhost.php Normal file
View File

@@ -0,0 +1,163 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Settings
*
*/
return array(
'groups' => array(
'froxlorvhost' => array(
'title' => $lng['admin']['froxlorvhost'],
'fields' => array(
/**
* Webserver-Vhost
*/
'system_froxlordirectlyviahostname' => array(
'label' => $lng['serversettings']['froxlordirectlyviahostname'],
'settinggroup' => 'system',
'varname' => 'froxlordirectlyviahostname',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
/**
* SSL / Let's Encrypt
*/
'system_le_froxlor_enabled' => array(
'label' => $lng['serversettings']['le_froxlor_enabled'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_enabled',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.leenabled')
),
'system_le_froxlor_redirect' => array(
'label' => $lng['serversettings']['le_froxlor_redirect'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_redirect',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.leenabled')
),
/**
* FCGID
*/
'system_mod_fcgid_enabled_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_httpuser' => array(
'label' => $lng['admin']['mod_fcgid_user'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_httpgroup' => array(
'label' => $lng['admin']['mod_fcgid_group'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_defaultini_ownvhost',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
/**
* php-fpm
*/
'system_phpfpm_enabled_ownvhost' => array(
'label' => $lng['phpfpm']['ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'enabled_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_httpuser' => array(
'label' => $lng['phpfpm']['vhost_httpuser'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_httpgroup' => array(
'label' => $lng['phpfpm']['vhost_httpgroup'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_defaultini',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
/**
* DNS
*/
'system_dns_createhostnameentry' => array(
'label' => $lng['serversettings']['dns_createhostnameentry'],
'settinggroup' => 'system',
'varname' => 'dns_createhostnameentry',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.bind_enable')
)
)
)
)
);

46
actions/admin/settings/131.ssl.php
View File

@@ -16,7 +16,6 @@
* @package Settings
*
*/
return array(
'groups' => array(
'ssl' => array(
@@ -38,7 +37,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_cert_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -48,7 +47,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '/etc/apache2/apache2.pem',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_key_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_key_file'],
@@ -58,7 +57,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '/etc/apache2/apache2.key',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_cert_chainfile' => array(
'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
@@ -68,7 +67,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_ca_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
@@ -78,7 +77,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_leenabled' => array(
'label' => $lng['serversettings']['leenabled'],
@@ -89,22 +88,6 @@ return array(
'cronmodule' => 'froxlor/letsencrypt',
'save_method' => 'storeSettingField'
),
'system_le_froxlor_enabled' => array(
'label' => $lng['serversettings']['le_froxlor_enabled'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_enabled',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_le_froxlor_redirect' => array(
'label' => $lng['serversettings']['le_froxlor_redirect'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_redirect',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_letsencryptca' => array(
'label' => $lng['serversettings']['letsencryptca'],
'settinggroup' => 'system',
@@ -112,8 +95,11 @@ return array(
'type' => 'option',
'default' => 'testing',
'option_mode' => 'one',
'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
'save_method' => 'storeSettingField',
'option_options' => array(
'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
),
'save_method' => 'storeSettingField'
),
'system_letsencryptcountrycode' => array(
'label' => $lng['serversettings']['letsencryptcountrycode'],
@@ -122,7 +108,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'DE',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptstate' => array(
'label' => $lng['serversettings']['letsencryptstate'],
@@ -131,7 +117,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'Hessen',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptchallengepath' => array(
'label' => $lng['serversettings']['letsencryptchallengepath'],
@@ -140,7 +126,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => FROXLOR_INSTALL_DIR,
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptkeysize' => array(
'label' => $lng['serversettings']['letsencryptkeysize'],
@@ -149,7 +135,7 @@ return array(
'type' => 'int',
'int_min' => 2048,
'default' => 4096,
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptreuseold' => array(
'label' => $lng['serversettings']['letsencryptreuseold'],
@@ -157,8 +143,8 @@ return array(
'varname' => 'letsencryptreuseold',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
),
'save_method' => 'storeSettingField'
)
)
)
)

38
actions/admin/settings/135.fcgid.php
View File

@@ -97,44 +97,6 @@ return array(
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
),
'system_mod_fcgid_enabled_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_httpuser' => array(
'label' => $lng['admin']['mod_fcgid_user'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_httpgroup' => array(
'label' => $lng['admin']['mod_fcgid_group'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_defaultini_ownvhost',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_idle_timeout' => array(
'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
'settinggroup' => 'system',

34
actions/admin/settings/136.phpfpm.php
View File

@@ -30,30 +30,6 @@ return array(
'plausibility_check_method' => 'checkFcgidPhpFpm',
'overview_option' => true
),
'system_phpfpm_enabled_ownvhost' => array(
'label' => $lng['phpfpm']['ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'enabled_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField'
),
'system_phpfpm_httpuser' => array(
'label' => $lng['phpfpm']['vhost_httpuser'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser'
),
'system_phpfpm_httpgroup' => array(
'label' => $lng['phpfpm']['vhost_httpgroup'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField'
),
'system_phpfpm_defaultini' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
'settinggroup' => 'phpfpm',
@@ -64,16 +40,6 @@ return array(
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField'
),
'system_phpfpm_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_defaultini',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField'
),
'system_phpfpm_configdir' => array(
'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
'settinggroup' => 'phpfpm',

10
actions/admin/settings/160.nameserver.php
View File

@@ -97,14 +97,6 @@ return array(
'default' => '',
'save_method' => 'storeSettingField',
),
'system_dns_createhostnameentry' => array(
'label' => $lng['serversettings']['dns_createhostnameentry'],
'settinggroup' => 'system',
'varname' => 'dns_createhostnameentry',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_dns_createmailentry' => array(
'label' => $lng['serversettings']['mail_also_with_mxservers'],
'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
),
),
);
?>

2
lib/classes/webserver/class.DomainSSL.php
View File

@@ -46,7 +46,7 @@ class DomainSSL {
|| $dom_certs['ssl_cert_file'] == ''
) {
// maybe its parent?
if ($domain['parentdomainid'] != 0) {
if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
}
}

1
lng/english.lng.php
View File

@@ -2036,3 +2036,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt fo
$lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate.";
$lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
$lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';

1
lng/german.lng.php
View File

@@ -1688,3 +1688,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den
$lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat.";
$lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren";
$lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet.";
$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';

44
scripts/classes/class.DnsBase.php
View File

@@ -1,10 +1,24 @@
<?php
/***
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* Class DnsBase
*
* Base class for all DNS server configs
*
*/
abstract class DnsBase
{
@@ -69,8 +83,7 @@ abstract class DnsBase
protected function getDomainList()
{
$result_domains_stmt = Database::query(
"
$result_domains_stmt = Database::query("
SELECT
`d`.`id`,
`d`.`domain`,
@@ -134,28 +147,14 @@ abstract class DnsBase
if (isset($domains[$domains[$key]['ismainbutsubto']])) {
$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
} else {
$this->_logger->logAction(CRON_ACTION, LOG_ERR,
'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key .
') is set to to be subdomain to non-existent domain ID #' .
$domains[$key]['ismainbutsubto'] .
'. No DNS record(s) will be created for this domain.');
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.');
}
}
}
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG,
str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') .
'ismainbutsubto ' . str_pad('parent domain', 40, ' ') .
"list of child domain ids");
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
foreach ($domains as $domain) {
$logLine =
str_pad($domain['id'], 9, ' ') .
str_pad($domain['domain'], 40, ' ') .
str_pad($domain['ismainbutsubto'], 15, ' ') .
str_pad(((isset($domains[ $domain['ismainbutsubto'] ])) ?
$domains[ $domain['ismainbutsubto'] ]['domain'] :
'-'), 40, ' ') .
join(', ', $domain['children']);
$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
}
@@ -171,8 +170,7 @@ abstract class DnsBase
if ($cmdStatus === 0) {
$this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');
} else {
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd .
'`: exit code (' . $cmdStatus . ') - please check your system logs');
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
}
}

91
scripts/classes/class.HttpConfigBase.php
View File

@@ -1,11 +1,28 @@
<?php
/***
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* Class HttpConfigBase
*
* Base class for all HTTP server configs
*
*/
class HttpConfigBase {
class HttpConfigBase
{
/**
* process special config as template, by substituting {VARIABLE} with the
@@ -20,10 +37,12 @@ class HttpConfigBase {
* {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
* {DOCROOT} - document root for this domain
*
* @param $template
* @param
* $template
* @return string
*/
protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) {
protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)
{
$templateVars = array(
'DOMAIN' => $domain['domain'],
'CUSTOMER' => $domain['loginname'],
@@ -35,4 +54,68 @@ class HttpConfigBase {
return replace_variables($template, $templateVars);
}
protected function getMyPath($ip_port = null)
{
if (! empty($ip_port) && $ip_port['docroot'] == '') {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
return $mypath;
}
protected function checkAlternativeSslPort()
{
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled,
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("
SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
WHERE `ip`.`ssl` = '1' AND `ip`.`port` != 443
ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
");
$ssldestport = Database::pexecute_first($ssldestport_stmt);
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
return $_sslport;
}
protected function froxlorVhostHasLetsEncryptCert()
{
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
return true;
}
return false;
}
protected function froxlorVhostLetsEncryptNeedsRenew()
{
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
return true;
}
return false;
}
}

33
scripts/jobs/cron_letsencrypt.php
View File

@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
exit();
}
$certificates_stmt = Database::query(
"
$certificates_stmt = Database::query("
SELECT
domssl.`id`,
domssl.`domainid`,
@@ -63,8 +62,7 @@ $certificates_stmt = Database::query(
)
");
$aliasdomains_stmt = Database::prepare(
"
$aliasdomains_stmt = Database::prepare("
SELECT
dom.`id` as domainid,
dom.`domain`,
@@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare(
AND dom.`iswildcarddomain` = 0
");
$updcert_stmt = Database::prepare(
"
$updcert_stmt = Database::prepare("
REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET
@@ -142,15 +139,14 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
}
}
if ($insert_or_update_required)
{
if ($insert_or_update_required) {
$domains = array(
$certrow['domain'],
'www.' . $certrow['domain']
);
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) {
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog = FroxlorLogger::getInstanceOf(array(
@@ -171,8 +167,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt,
array(
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
@@ -191,12 +186,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR,
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
}
}
@@ -252,8 +242,7 @@ foreach ($certrows as $certrow) {
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt,
array(
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
@@ -274,12 +263,10 @@ foreach ($certrows as $certrow) {
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR,
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
}
}

333
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

@@ -1,4 +1,7 @@
<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
<?php
if (! defined('MASTER_CRONJOB'))
die('You cannot access this file directly!');
/**
* This file is part of the Froxlor project.
@@ -19,16 +22,24 @@
require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
class apache extends HttpConfigBase {
class apache extends HttpConfigBase
{
private $logger = false;
private $idnaConvert = false;
// protected
protected $known_vhostfilenames = array();
protected $known_diroptionsfilenames = array();
protected $known_htpasswdsfilenames = array();
protected $virtualhosts_data = array();
protected $diroptions_data = array();
protected $htpasswds_data = array();
/**
@@ -39,13 +50,14 @@ class apache extends HttpConfigBase {
*/
private $_deactivated = false;
public function __construct($logger, $idnaConvert) {
public function __construct($logger, $idnaConvert)
{
$this->logger = $logger;
$this->idnaConvert = $idnaConvert;
}
public function reload() {
public function reload()
{
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::reload: reloading php-fpm');
safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
@@ -54,11 +66,11 @@ class apache extends HttpConfigBase {
safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
}
/**
* define a standard <Directory>-statement, bug #32
*/
private function _createStandardDirectoryEntry() {
private function _createStandardDirectoryEntry()
{
$vhosts_folder = '';
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -67,9 +79,7 @@ class apache extends HttpConfigBase {
}
$vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf');
if (Settings::Get('system.mod_fcgid') == '1'
|| Settings::Get('phpfpm.enabled') == '1'
) {
if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
// if we use fcgid or php-fpm we don't need this file
if (file_exists($vhosts_filename)) {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($vhosts_filename));
@@ -84,12 +94,9 @@ class apache extends HttpConfigBase {
// check for custom values, see #1638
$custom_opts = Settings::Get('system.apacheglobaldiropt');
if (!empty($custom_opts))
{
if (! empty($custom_opts)) {
$this->virtualhosts_data[$vhosts_filename] .= $custom_opts . "\n";
}
else
{
} else {
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n";
@@ -103,17 +110,12 @@ class apache extends HttpConfigBase {
}
}
/**
* define a default ErrorDocument-statement, bug #unknown-yet
*/
private function _createStandardErrorHandler() {
if (Settings::Get('defaultwebsrverrhandler.enabled') == '1'
&& (Settings::Get('defaultwebsrverrhandler.err401') != ''
|| Settings::Get('defaultwebsrverrhandler.err403') != ''
|| Settings::Get('defaultwebsrverrhandler.err404') != ''
|| Settings::Get('defaultwebsrverrhandler.err500') != '')
) {
private function _createStandardErrorHandler()
{
if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
$vhosts_folder = '';
if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -127,7 +129,12 @@ class apache extends HttpConfigBase {
$this->virtualhosts_data[$vhosts_filename] = '';
}
$statusCodes = array('401', '403', '404', '500');
$statusCodes = array(
'401',
'403',
'404',
'500'
);
foreach ($statusCodes as $statusCode) {
if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
@@ -142,8 +149,8 @@ class apache extends HttpConfigBase {
}
}
public function createIpPort() {
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -178,19 +185,7 @@ class apache extends HttpConfigBase {
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
if ($row_ipsandports['docroot'] == '') {
/**
* add 'real'-vhost content here, like doc-root :)
*/
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$mypath = $this->getMyPath($row_ipsandports);
$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
@@ -198,10 +193,40 @@ class apache extends HttpConfigBase {
$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
}
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$code = '301';
$modrew_red = ' [R=' . $code . ';L,NE]';
// redirect everything, not only root-directory, #541
$this->virtualhosts_data[$vhosts_filename] .= ' <IfModule mod_rewrite.c>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteEngine On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{HTTPS} off' . "\n";
if (System::Get('system.le_froxlor_enabled') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </IfModule>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <IfModule !mod_rewrite.c>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Redirect ' . $code . ' / ' . $mypath . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </IfModule>' . "\n";
}
}
if (!$is_redirect) {
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
if (Settings::Get('system.mod_fcgid_ownvhost') == '1'
&& Settings::Get('system.mod_fcgid') == '1'
) {
if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
@@ -249,8 +274,7 @@ class apache extends HttpConfigBase {
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
}
}
// create php-fpm <Directory>-Part (config is created in apache_fcgid)
} // create php-fpm <Directory>-Part (config is created in apache_fcgid)
elseif (Settings::Get('phpfpm.enabled') == '1') {
$domain = array(
'id' => 'none',
@@ -262,7 +286,7 @@ class apache extends HttpConfigBase {
'openbasedir' => 0,
'email' => Settings::Get('panel.adminmail'),
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
'documentroot' => $mypath
);
$php = new phpinterface($domain);
@@ -273,13 +297,10 @@ class apache extends HttpConfigBase {
}
// mod_proxy stuff for apache-2.4
if (Settings::Get('system.apache24') == '1'
&& Settings::Get('phpfpm.use_mod_proxy') == '1'
) {
if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch \.php$>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
@@ -305,9 +326,7 @@ class apache extends HttpConfigBase {
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
}
}
else
{
} else {
// mod_php
$domain = array(
'id' => 'none',
@@ -320,29 +339,26 @@ class apache extends HttpConfigBase {
'documentroot' => $mypath
);
}
} // end of ssl-redirect check
/**
* dirprotection, see #72
* @TODO deferred until 0.9.5, needs more testing
$this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
*
* @todo deferred until 0.9.5, needs more testing
* $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
*
* $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
* end of dirprotection
*/
if ($row_ipsandports['specialsettings'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate(
$row_ipsandports['specialsettings'],
$domain,
$row_ipsandports['ip'],
$row_ipsandports['port'],
$row_ipsandports['ssl'] == '1') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -369,7 +385,7 @@ class apache extends HttpConfigBase {
'adminid' => 1, /* first admin-user (superadmin) */
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
'parentdomainid' => 0,
'parentdomainid' => 0
);
// override corresponding array values
@@ -451,7 +467,6 @@ class apache extends HttpConfigBase {
$this->_createStandardErrorHandler();
}
/**
* We put together the needed php options in the virtualhost entries
*
@@ -460,20 +475,17 @@ class apache extends HttpConfigBase {
*
* @return string
*/
protected function composePhpOptions($domain, $ssl_vhost = false) {
protected function composePhpOptions($domain, $ssl_vhost = false)
{
$php_options_text = '';
if ($domain['phpenabled'] == '1') {
// This vHost has PHP enabled and we are using the regular mod_php
if ($domain['openbasedir'] == '1')
{
if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false)
{
if ($domain['openbasedir'] == '1') {
if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
}
else
{
} else {
$_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true);
}
@@ -502,14 +514,14 @@ class apache extends HttpConfigBase {
return $php_options_text;
}
public function createOwnVhostStarter() {}
public function createOwnVhostStarter()
{}
/**
* We collect all servernames and Aliases
*/
protected function getServerNames($domain) {
protected function getServerNames($domain)
{
$servernames_text = ' ServerName ' . $domain['domain'] . "\n";
$server_alias = '';
@@ -528,7 +540,9 @@ class apache extends HttpConfigBase {
FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `aliasdomain`= :domainid
");
Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
Database::pexecute($alias_domains_stmt, array(
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
$server_alias = ' ServerAlias ' . $alias_domain['domain'];
@@ -548,18 +562,16 @@ class apache extends HttpConfigBase {
return $servernames_text;
}
/**
* Let's get the webroot
*/
protected function getWebroot($domain) {
protected function getWebroot($domain)
{
$webroot_text = '';
$domain['customerroot'] = makeCorrectDir($domain['customerroot']);
$domain['documentroot'] = makeCorrectDir($domain['documentroot']);
if ($domain['deactivated'] == '1'
&& Settings::Get('system.deactivateddocroot') != ''
) {
if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
$webroot_text .= ' # Using docroot for deactivated users...' . "\n";
$webroot_text .= ' DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
$this->_deactivated = true;
@@ -571,11 +583,11 @@ class apache extends HttpConfigBase {
return $webroot_text;
}
/**
* Lets set the text part for the stats software
*/
protected function getStats($domain) {
protected function getStats($domain)
{
$stats_text = '';
if ($domain['speciallogfile'] == '1') {
@@ -594,8 +606,7 @@ class apache extends HttpConfigBase {
} else {
$stats_text .= ' Alias /webalizer "' . makeCorrectFile($domain['customerroot'] . '/webalizer') . '"' . "\n";
}
}
// if the docroots are equal, we still have to set an alias for awstats
} // if the docroots are equal, we still have to set an alias for awstats
// because the stats are in /awstats/[domain], not just /awstats/
// also, the awstats-icons are someplace else too!
// -> webalizer does not need this!
@@ -608,12 +619,11 @@ class apache extends HttpConfigBase {
return $stats_text;
}
/**
* Lets set the logfiles
*/
protected function getLogfiles($domain) {
protected function getLogfiles($domain)
{
$logfiles_text = '';
if ($domain['speciallogfile'] == '1') {
@@ -651,7 +661,9 @@ class apache extends HttpConfigBase {
FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid
");
Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
Database::pexecute($alias_domains_stmt, array(
'domainid' => $domain['id']
));
while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
@@ -682,21 +694,14 @@ class apache extends HttpConfigBase {
return $logfiles_text;
}
/**
* Get the filename for the virtualhost
*/
protected function getVhostFilename($domain, $ssl_vhost = false) {
if ((int)$domain['parentdomainid'] == 0
&& isCustomerStdSubdomain((int)$domain['id']) == false
&& ((int)$domain['ismainbutsubto'] == 0
|| domainMainToSubExists($domain['ismainbutsubto']) == false)
) {
protected function getVhostFilename($domain, $ssl_vhost = false)
{
if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
$vhost_no = '35';
} elseif ((int)$domain['parentdomainid'] == 0
&& isCustomerStdSubdomain((int)$domain['id']) == false
&& (int)$domain['ismainbutsubto'] > 0
) {
} elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
$vhost_no = '30';
} else {
// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
@@ -715,20 +720,16 @@ class apache extends HttpConfigBase {
/**
* We compose the virtualhost entry for one domain
*/
protected function getVhostContent($domain, $ssl_vhost = false) {
if ($ssl_vhost === true
&& ($domain['ssl_redirect'] != '1'
&& $domain['ssl'] != '1')
) {
protected function getVhostContent($domain, $ssl_vhost = false)
{
if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) {
return '';
}
$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
if ($ssl_vhost === true
&& ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')
) {
if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields
$query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
} else {
@@ -737,7 +738,9 @@ class apache extends HttpConfigBase {
$vhost_content = '';
$result_stmt = Database::prepare($query);
Database::pexecute($result_stmt, array('domainid' => $domain['id']));
Database::pexecute($result_stmt, array(
'domainid' => $domain['id']
));
$ipportlist = '';
$_vhost_content = '';
@@ -766,12 +769,7 @@ class apache extends HttpConfigBase {
}
if ($ipandport['default_vhostconf_domain'] != '') {
$_vhost_content .= $this->processSpecialConfigTemplate(
$ipandport['default_vhostconf_domain'],
$domain,
$domain['ip'],
$domain['port'],
$ssl_vhost) . "\n";
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$ipportlist .= $ipport;
}
@@ -779,10 +777,7 @@ class apache extends HttpConfigBase {
$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
$vhost_content .= $this->getServerNames($domain);
if (($ssl_vhost == false
&& $domain['ssl'] == '1'
&& $domain['ssl_redirect'] == '1')
) {
if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
@@ -796,7 +791,9 @@ class apache extends HttpConfigBase {
AND `ip`.`ssl` = '1' AND `ip`.`port` != 443
ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
");
$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
$ssldestport = Database::pexecute_first($ssldestport_stmt, array(
'domainid' => $domain['id']
));
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
@@ -805,10 +802,7 @@ class apache extends HttpConfigBase {
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
}
if ($ssl_vhost === true
&& $domain['ssl'] == '1'
&& Settings::Get('system.use_ssl') == '1'
) {
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
if ($domain['ssl_cert_file'] == '') {
$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
@@ -893,7 +887,6 @@ class apache extends HttpConfigBase {
$vhost_content .= ' <IfModule !mod_rewrite.c>' . "\n";
$vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
$vhost_content .= ' </IfModule>' . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
@@ -905,12 +898,7 @@ class apache extends HttpConfigBase {
$vhost_content .= $this->getLogfiles($domain);
if ($domain['specialsettings'] != '') {
$vhost_content .= $this->processSpecialConfigTemplate(
$domain['specialsettings'],
$domain,
$domain['ip'],
$domain['port'],
$ssl_vhost) . "\n";
$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
if ($_vhost_content != '') {
@@ -918,12 +906,7 @@ class apache extends HttpConfigBase {
}
if (Settings::Get('system.default_vhostconf') != '') {
$vhost_content .= $this->processSpecialConfigTemplate(
Settings::Get('system.default_vhostconf'),
$domain,
$domain['ip'],
$domain['port'],
$ssl_vhost) . "\n";
$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
}
@@ -932,12 +915,11 @@ class apache extends HttpConfigBase {
return $vhost_content;
}
/**
* We compose the virtualhost entries for the domains
*/
public function createVirtualHosts() {
public function createVirtualHosts()
{
$domains = WebserverBase::getVhostsToCreate();
foreach ($domains as $domain) {
@@ -947,9 +929,7 @@ class apache extends HttpConfigBase {
// Apply header
$this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n";
if ($domain['deactivated'] != '1'
|| Settings::Get('system.deactivateddocroot') != ''
) {
if ($domain['deactivated'] != '1' || Settings::Get('system.deactivateddocroot') != '') {
// Create vhost without ssl
$this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false);
@@ -965,11 +945,11 @@ class apache extends HttpConfigBase {
}
}
/**
* We compose the diroption entries for the paths
*/
public function createFileDirOptions() {
public function createFileDirOptions()
{
$result_stmt = Database::query("
SELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`
FROM `" . TABLE_PANEL_HTACCESS . "` `htac`
@@ -979,10 +959,7 @@ class apache extends HttpConfigBase {
$diroptions = array();
while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row_diroptions['customerid'] != 0
&& isset($row_diroptions['customerroot'])
&& $row_diroptions['customerroot'] != ''
) {
if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') {
$diroptions[$row_diroptions['path']] = $row_diroptions;
$diroptions[$row_diroptions['path']]['htpasswds'] = array();
}
@@ -996,10 +973,7 @@ class apache extends HttpConfigBase {
");
while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row_htpasswds['customerid'] != 0
&& isset($row_htpasswds['customerroot'])
&& $row_htpasswds['customerroot'] != ''
) {
if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') {
if (! isset($diroptions[$row_htpasswds['path']]) || ! is_array($diroptions[$row_htpasswds['path']])) {
$diroptions[$row_htpasswds['path']] = array();
}
@@ -1026,16 +1000,11 @@ class apache extends HttpConfigBase {
$this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n";
if (isset($row_diroptions['options_indexes'])
&& $row_diroptions['options_indexes'] == '1'
) {
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' Options +Indexes';
// add perl options if enabled
if ($cperlenabled
&& isset($row_diroptions['options_cgi'])
&& $row_diroptions['options_cgi'] == '1'
) {
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
@@ -1043,16 +1012,11 @@ class apache extends HttpConfigBase {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options +Indexes for ' . $row_diroptions['path']);
}
if (isset($row_diroptions['options_indexes'])
&& $row_diroptions['options_indexes'] == '0'
) {
if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') {
$this->diroptions_data[$diroptions_filename] .= ' Options -Indexes';
// add perl options if enabled
if ($cperlenabled
&& isset($row_diroptions['options_cgi'])
&& $row_diroptions['options_cgi'] == '1'
) {
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
} else {
$this->diroptions_data[$diroptions_filename] .= "\n";
@@ -1060,11 +1024,13 @@ class apache extends HttpConfigBase {
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options -Indexes for ' . $row_diroptions['path']);
}
$statusCodes = array('404', '403', '500');
$statusCodes = array(
'404',
'403',
'500'
);
foreach ($statusCodes as $statusCode) {
if (isset($row_diroptions['error' . $statusCode . 'path'])
&& $row_diroptions['error' . $statusCode . 'path'] != ''
) {
if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') {
$defhandler = $row_diroptions['error' . $statusCode . 'path'];
if (! validateUrl($defhandler)) {
if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') {
@@ -1075,10 +1041,7 @@ class apache extends HttpConfigBase {
}
}
if ($cperlenabled
&& isset($row_diroptions['options_cgi'])
&& $row_diroptions['options_cgi'] == '1'
) {
if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
$this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n";
$this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n";
// >=apache-2.4 enabled?
@@ -1156,11 +1119,11 @@ class apache extends HttpConfigBase {
}
}
/**
* We write the configs
*/
public function writeConfigs() {
public function writeConfigs()
{
// Write diroptions
$this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_diroptions'));
@@ -1275,6 +1238,4 @@ class apache extends HttpConfigBase {
}
}
}
}

32
scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
View File

@@ -100,19 +100,30 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
$this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\.|)' . $myhost . '$" {' . "\n";
if ($row_ipsandports['docroot'] == '') {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$mypath = $this->getMyPath($row_ipsandports);
$this->lighttpd_data[$vhost_filename] .= ' server.document-root = "' . $mypath . '"' . "\n";
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->lighttpd_data[$vhost_filename] .= ' url.redirect = (' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' "^/(.*)$" => "' . $mypath . '$1"' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if (!$is_redirect) {
/**
* dirprotection, see #72
*
@@ -152,6 +163,7 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if ($row_ipsandports['specialsettings'] != '') {
$this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";

30
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -134,6 +134,8 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
$mypath = $this->getMyPath($row_ipsandports);
// check for ssl before anything else so
// we know whether it's an ssl vhost or not
$ssl_vhost = false;
@@ -191,26 +193,28 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t".'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t".'access_log /var/log/nginx/access.log;' . "\n";
$mypath = '';
// no custom docroot set?
if ($row_ipsandports['docroot'] == '') {
// check whether the hostname should directly point to
// the froxlor-installation or not
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->nginx_data[$vhost_filename] .= "\t".'return 301 '.$mypath.'$request_uri;'."\n";
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\t".'root '.$mypath.';'."\n";
$this->nginx_data[$vhost_filename] .= "\t".'index index.php index.html index.htm;'."\n\n";
$this->nginx_data[$vhost_filename] .= "\t".'location / {'."\n";
$this->nginx_data[$vhost_filename] .= "\t".'}'."\n";
}
if ($row_ipsandports['specialsettings'] != '') {
$this->nginx_data[$vhost_filename].= $this->processSpecialConfigTemplate(
@@ -231,6 +235,7 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename].=$this->composeSslSettings($row_ipsandports);
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
$this->nginx_data[$vhost_filename] .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n";
@@ -264,6 +269,7 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";
}
$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part