maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

try to implement ssl-redirect for froxlor-vhost; combine various settings that are froxlor-vhost related into its own category, fixes #1480

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2016-09-11 17:48:08 +02:00
parent 28461de7bc
commit b8c2047379
15 changed files with 931 additions and 823 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
actions/admin/settings/120.system.php
View File

@@ -69,14 +69,6 @@ return array(
'save_method' => 'storeSettingHostname',
'plausibility_check_method' => 'checkHostname',
),
'system_froxlordirectlyviahostname' => array(
'label' => $lng['serversettings']['froxlordirectlyviahostname'],
'settinggroup' => 'system',
'varname' => 'froxlordirectlyviahostname',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
),
'system_validatedomain' => array(
'label' => $lng['serversettings']['validate_domain'],
'settinggroup' => 'system',

163
actions/admin/settings/122.froxlorvhost.php Normal file
View File

@@ -0,0 +1,163 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Settings
*
*/
return array(
'groups' => array(
'froxlorvhost' => array(
'title' => $lng['admin']['froxlorvhost'],
'fields' => array(
/**
* Webserver-Vhost
*/
'system_froxlordirectlyviahostname' => array(
'label' => $lng['serversettings']['froxlordirectlyviahostname'],
'settinggroup' => 'system',
'varname' => 'froxlordirectlyviahostname',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
/**
* SSL / Let's Encrypt
*/
'system_le_froxlor_enabled' => array(
'label' => $lng['serversettings']['le_froxlor_enabled'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_enabled',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.leenabled')
),
'system_le_froxlor_redirect' => array(
'label' => $lng['serversettings']['le_froxlor_redirect'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_redirect',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.leenabled')
),
/**
* FCGID
*/
'system_mod_fcgid_enabled_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_httpuser' => array(
'label' => $lng['admin']['mod_fcgid_user'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_httpgroup' => array(
'label' => $lng['admin']['mod_fcgid_group'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
'system_mod_fcgid_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_defaultini_ownvhost',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'websrv_avail' => array(
'apache2'
),
'visible' => Settings::Get('system.mod_fcgid')
),
/**
* php-fpm
*/
'system_phpfpm_enabled_ownvhost' => array(
'label' => $lng['phpfpm']['ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'enabled_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_httpuser' => array(
'label' => $lng['phpfpm']['vhost_httpuser'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_httpgroup' => array(
'label' => $lng['phpfpm']['vhost_httpgroup'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
'system_phpfpm_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_defaultini',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'visible' => Settings::Get('phpfpm.enabled')
),
/**
* DNS
*/
'system_dns_createhostnameentry' => array(
'label' => $lng['serversettings']['dns_createhostnameentry'],
'settinggroup' => 'system',
'varname' => 'dns_createhostnameentry',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
'visible' => Settings::Get('system.bind_enable')
)
)
)
)
);

48
actions/admin/settings/131.ssl.php
View File

@@ -16,7 +16,6 @@
* @package Settings
*
*/
return array(
'groups' => array(
'ssl' => array(
@@ -38,7 +37,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_cert_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -48,7 +47,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '/etc/apache2/apache2.pem',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_key_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_key_file'],
@@ -58,7 +57,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '/etc/apache2/apache2.key',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_cert_chainfile' => array(
'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
@@ -68,7 +67,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_ssl_ca_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
@@ -78,7 +77,7 @@ return array(
'string_type' => 'file',
'string_emptyallowed' => true,
'default' => '',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_leenabled' => array(
'label' => $lng['serversettings']['leenabled'],
@@ -89,22 +88,6 @@ return array(
'cronmodule' => 'froxlor/letsencrypt',
'save_method' => 'storeSettingField'
),
'system_le_froxlor_enabled' => array(
'label' => $lng['serversettings']['le_froxlor_enabled'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_enabled',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_le_froxlor_redirect' => array(
'label' => $lng['serversettings']['le_froxlor_redirect'],
'settinggroup' => 'system',
'varname' => 'le_froxlor_redirect',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_letsencryptca' => array(
'label' => $lng['serversettings']['letsencryptca'],
'settinggroup' => 'system',
@@ -112,8 +95,11 @@ return array(
'type' => 'option',
'default' => 'testing',
'option_mode' => 'one',
'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
'save_method' => 'storeSettingField',
'option_options' => array(
'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
),
'save_method' => 'storeSettingField'
),
'system_letsencryptcountrycode' => array(
'label' => $lng['serversettings']['letsencryptcountrycode'],
@@ -122,7 +108,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'DE',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptstate' => array(
'label' => $lng['serversettings']['letsencryptstate'],
@@ -131,7 +117,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => 'Hessen',
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptchallengepath' => array(
'label' => $lng['serversettings']['letsencryptchallengepath'],
@@ -140,7 +126,7 @@ return array(
'type' => 'string',
'string_emptyallowed' => false,
'default' => FROXLOR_INSTALL_DIR,
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptkeysize' => array(
'label' => $lng['serversettings']['letsencryptkeysize'],
@@ -149,7 +135,7 @@ return array(
'type' => 'int',
'int_min' => 2048,
'default' => 4096,
'save_method' => 'storeSettingField',
'save_method' => 'storeSettingField'
),
'system_letsencryptreuseold' => array(
'label' => $lng['serversettings']['letsencryptreuseold'],
@@ -157,9 +143,9 @@ return array(
'varname' => 'letsencryptreuseold',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField',
),
'save_method' => 'storeSettingField'
)
)
)
);
)
);

38
actions/admin/settings/135.fcgid.php
View File

@@ -97,44 +97,6 @@ return array(
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
),
'system_mod_fcgid_enabled_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_httpuser' => array(
'label' => $lng['admin']['mod_fcgid_user'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_httpgroup' => array(
'label' => $lng['admin']['mod_fcgid_group'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'system',
'varname' => 'mod_fcgid_defaultini_ownvhost',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField',
'websrv_avail' => array('apache2')
),
'system_mod_fcgid_idle_timeout' => array(
'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
'settinggroup' => 'system',

34
actions/admin/settings/136.phpfpm.php
View File

@@ -30,30 +30,6 @@ return array(
'plausibility_check_method' => 'checkFcgidPhpFpm',
'overview_option' => true
),
'system_phpfpm_enabled_ownvhost' => array(
'label' => $lng['phpfpm']['ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'enabled_ownvhost',
'type' => 'bool',
'default' => true,
'save_method' => 'storeSettingField'
),
'system_phpfpm_httpuser' => array(
'label' => $lng['phpfpm']['vhost_httpuser'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpuser',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingWebserverFcgidFpmUser'
),
'system_phpfpm_httpgroup' => array(
'label' => $lng['phpfpm']['vhost_httpgroup'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_httpgroup',
'type' => 'string',
'default' => 'froxlorlocal',
'save_method' => 'storeSettingField'
),
'system_phpfpm_defaultini' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
'settinggroup' => 'phpfpm',
@@ -64,16 +40,6 @@ return array(
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField'
),
'system_phpfpm_defaultini_ownvhost' => array(
'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
'settinggroup' => 'phpfpm',
'varname' => 'vhost_defaultini',
'type' => 'option',
'default' => '2',
'option_mode' => 'one',
'option_options_method' => 'getPhpConfigs',
'save_method' => 'storeSettingField'
),
'system_phpfpm_configdir' => array(
'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
'settinggroup' => 'phpfpm',

10
actions/admin/settings/160.nameserver.php
View File

@@ -97,14 +97,6 @@ return array(
'default' => '',
'save_method' => 'storeSettingField',
),
'system_dns_createhostnameentry' => array(
'label' => $lng['serversettings']['dns_createhostnameentry'],
'settinggroup' => 'system',
'varname' => 'dns_createhostnameentry',
'type' => 'bool',
'default' => false,
'save_method' => 'storeSettingField'
),
'system_dns_createmailentry' => array(
'label' => $lng['serversettings']['mail_also_with_mxservers'],
'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
),
),
);
?>

2
lib/classes/webserver/class.DomainSSL.php
View File

@@ -46,7 +46,7 @@ class DomainSSL {
|| $dom_certs['ssl_cert_file'] == ''
) {
// maybe its parent?
if ($domain['parentdomainid'] != 0) {
if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
}
}

1
lng/english.lng.php
View File

@@ -2036,3 +2036,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt fo
$lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate.";
$lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
$lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';

1
lng/german.lng.php
View File

@@ -1688,3 +1688,4 @@ $lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den
$lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat.";
$lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren";
$lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet.";
$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';

48
scripts/classes/class.DnsBase.php
View File

@@ -1,10 +1,24 @@
<?php
/***
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* Class DnsBase
*
* Base class for all DNS server configs
*
*/
abstract class DnsBase
{
@@ -69,8 +83,7 @@ abstract class DnsBase
protected function getDomainList()
{
$result_domains_stmt = Database::query(
"
$result_domains_stmt = Database::query("
SELECT
`d`.`id`,
`d`.`domain`,
@@ -131,31 +144,17 @@ abstract class DnsBase
$domains[$key]['children'] = array();
}
if ($domains[$key]['ismainbutsubto'] > 0) {
if (isset($domains[ $domains[$key]['ismainbutsubto'] ])) {
$domains[ $domains[$key]['ismainbutsubto'] ]['children'][] = $domains[$key]['id'];
if (isset($domains[$domains[$key]['ismainbutsubto']])) {
$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
} else {
$this->_logger->logAction(CRON_ACTION, LOG_ERR,
'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key .
') is set to to be subdomain to non-existent domain ID #' .
$domains[$key]['ismainbutsubto'] .
'. No DNS record(s) will be created for this domain.');
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.');
}
}
}
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG,
str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') .
'ismainbutsubto ' . str_pad('parent domain', 40, ' ') .
"list of child domain ids");
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
foreach ($domains as $domain) {
$logLine =
str_pad($domain['id'], 9, ' ') .
str_pad($domain['domain'], 40, ' ') .
str_pad($domain['ismainbutsubto'], 15, ' ') .
str_pad(((isset($domains[ $domain['ismainbutsubto'] ])) ?
$domains[ $domain['ismainbutsubto'] ]['domain'] :
'-'), 40, ' ') .
join(', ', $domain['children']);
$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
}
@@ -171,8 +170,7 @@ abstract class DnsBase
if ($cmdStatus === 0) {
$this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');
} else {
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd .
'`: exit code (' . $cmdStatus . ') - please check your system logs');
$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
}
}

93
scripts/classes/class.HttpConfigBase.php
View File

@@ -1,11 +1,28 @@
<?php
/***
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* Class HttpConfigBase
*
* Base class for all HTTP server configs
*
*/
class HttpConfigBase {
class HttpConfigBase
{
/**
* process special config as template, by substituting {VARIABLE} with the
@@ -20,19 +37,85 @@ class HttpConfigBase {
* {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
* {DOCROOT} - document root for this domain
*
* @param $template
* @param
* $template
* @return string
*/
protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) {
protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)
{
$templateVars = array(
'DOMAIN' => $domain['domain'],
'CUSTOMER' => $domain['loginname'],
'IP' => $ip,
'PORT' => $port,
'SCHEME' => ($is_ssl_vhost)?'https':'http',
'SCHEME' => ($is_ssl_vhost) ? 'https' : 'http',
'DOCROOT' => $domain['documentroot']
);
return replace_variables($template, $templateVars);
}
protected function getMyPath($ip_port = null)
{
if (! empty($ip_port) && $ip_port['docroot'] == '') {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
return $mypath;
}
protected function checkAlternativeSslPort()
{
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled,
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("
SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
WHERE `ip`.`ssl` = '1' AND `ip`.`port` != 443
ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
");
$ssldestport = Database::pexecute_first($ssldestport_stmt);
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
return $_sslport;
}
protected function froxlorVhostHasLetsEncryptCert()
{
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
return true;
}
return false;
}
protected function froxlorVhostLetsEncryptNeedsRenew()
{
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
return true;
}
return false;
}
}

41
scripts/jobs/cron_letsencrypt.php
View File

@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
exit();
}
$certificates_stmt = Database::query(
"
$certificates_stmt = Database::query("
SELECT
domssl.`id`,
domssl.`domainid`,
@@ -63,8 +62,7 @@ $certificates_stmt = Database::query(
)
");
$aliasdomains_stmt = Database::prepare(
"
$aliasdomains_stmt = Database::prepare("
SELECT
dom.`id` as domainid,
dom.`domain`,
@@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare(
AND dom.`iswildcarddomain` = 0
");
$updcert_stmt = Database::prepare(
"
$updcert_stmt = Database::prepare("
REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET
@@ -116,7 +113,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
);
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."`
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' AND
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
");
@@ -134,23 +131,22 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
// check whether we have an entry with valid certificates which just does not need
// updating yet, so we need to skip this here
$froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = '0'
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
if ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {
if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
$insert_or_update_required = false;
}
}
if ($insert_or_update_required)
{
if ($insert_or_update_required) {
$domains = array(
$certrow['domain'],
'www.'.$certrow['domain']
'www.' . $certrow['domain']
);
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) {
// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
$cronlog = FroxlorLogger::getInstanceOf(array(
@@ -171,8 +167,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt,
array(
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
@@ -191,12 +186,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR,
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
}
}
@@ -252,8 +242,7 @@ foreach ($certrows as $certrow) {
$newcert = openssl_x509_parse($return['crt']);
// Store the new data
Database::pexecute($updcert_stmt,
array(
Database::pexecute($updcert_stmt, array(
'id' => $certrow['id'],
'domainid' => $certrow['domainid'],
'crt' => $return['crt'],
@@ -274,12 +263,10 @@ foreach ($certrows as $certrow) {
$changedetected = 1;
} catch (Exception $e) {
$cronlog->logAction(CRON_ACTION, LOG_ERR,
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
}
} else {
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
}
}

559
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

File diff suppressed because it is too large Load Diff

32
scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
View File

@@ -100,19 +100,30 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
$this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\.|)' . $myhost . '$" {' . "\n";
if ($row_ipsandports['docroot'] == '') {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$mypath = $this->getMyPath($row_ipsandports);
$this->lighttpd_data[$vhost_filename] .= ' server.document-root = "' . $mypath . '"' . "\n";
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->lighttpd_data[$vhost_filename] .= ' url.redirect = (' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' "^/(.*)$" => "' . $mypath . '$1"' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if (!$is_redirect) {
/**
* dirprotection, see #72
*
@@ -152,6 +163,7 @@ class lighttpd extends HttpConfigBase
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if ($row_ipsandports['specialsettings'] != '') {
$this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";

30
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -134,6 +134,8 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
$mypath = $this->getMyPath($row_ipsandports);
// check for ssl before anything else so
// we know whether it's an ssl vhost or not
$ssl_vhost = false;
@@ -191,26 +193,28 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t".'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t".'access_log /var/log/nginx/access.log;' . "\n";
$mypath = '';
// no custom docroot set?
if ($row_ipsandports['docroot'] == '') {
// check whether the hostname should directly point to
// the froxlor-installation or not
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (System::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->nginx_data[$vhost_filename] .= "\t".'return 301 '.$mypath.'$request_uri;'."\n";
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\t".'root '.$mypath.';'."\n";
$this->nginx_data[$vhost_filename] .= "\t".'index index.php index.html index.htm;'."\n\n";
$this->nginx_data[$vhost_filename] .= "\t".'location / {'."\n";
$this->nginx_data[$vhost_filename] .= "\t".'}'."\n";
}
if ($row_ipsandports['specialsettings'] != '') {
$this->nginx_data[$vhost_filename].= $this->processSpecialConfigTemplate(
@@ -231,6 +235,7 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename].=$this->composeSslSettings($row_ipsandports);
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
$this->nginx_data[$vhost_filename] .= "\t\tinclude ".Settings::Get('nginx.fastcgiparams').";\n";
@@ -264,6 +269,7 @@ class nginx extends HttpConfigBase {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";
}
$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part