maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

enable ssl for postfix/dovecot by default using a self-signed certificate if not otherwise specified

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-11-12 16:36:57 +01:00
parent 1d938f2a43
commit cc1d427a69
11 changed files with 275 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/Froxlor/Cli/ConfigServices.php
View File

@@ -32,6 +32,7 @@ use Froxlor\Froxlor;
use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\SImExporter;
use Froxlor\System\Crypt;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
@@ -353,6 +354,14 @@ final class ConfigServices extends CliCommand
$services = $configfiles->getServices();
$replace_arr = $this->getReplacerArray();
// be sure the fallback certificate specified in the settings exists
$certFile = Settings::Get('system.ssl_cert_file');
$keyFile = Settings::Get('system.ssl_key_file');
if (empty($certFile) || empty($keyFile) || !file_exists($certFile) || !file_exists($keyFile)) {
$output->writeln('<comment>Creating missing certificate ' . $certFile . '</>');
Crypt::createSelfSignedCertificate();
}
foreach ($services as $si => $service) {
$output->writeln("--- Configuring: " . strtoupper($si) . " ---");
if (!isset($decoded_config[$si]) || $decoded_config[$si] == 'x') {
@@ -495,7 +504,9 @@ final class ConfigServices extends CliCommand
'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
'<CUSTOMER_LOGS>' => FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')),
'<FPM_IPCDIR>' => FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup'),
'<SSL_CERT_FILE>' => Settings::Get('system.ssl_cert_file'),
'<SSL_KEY_FILE>' => Settings::Get('system.ssl_key_file'),
];
return $replace_arr;
}

16
lib/Froxlor/System/Crypt.php
View File

@@ -242,6 +242,18 @@ class Crypt
*/
public static function createSelfSignedCertificate()
{
// validate that we have file names in the settings
$certFile = Settings::Get('system.ssl_cert_file');
$keyFile = Settings::Get('system.ssl_key_file');
if (empty($certFile)) {
$certFile = '/etc/ssl/froxlor_selfsigned.pem';
Settings::Set('system.ssl_cert_file', $certFile);
}
if (empty($keyFile)) {
$keyFile = '/etc/ssl/froxlor_selfsigned.key';
Settings::Set('system.ssl_key_file', $keyFile);
}
// certificate info
$dn = [
"countryName" => "DE",
@@ -262,7 +274,7 @@ class Crypt
// sign csr
$x509 = openssl_csr_sign($csr, null, $privkey, 365, array('digest_alg' => 'sha384'));
// export to files
openssl_x509_export_to_file($x509, Settings::Get('system.ssl_cert_file'));
openssl_pkey_export_to_file($privkey, Settings::Get('system.ssl_key_file'));
openssl_x509_export_to_file($x509, $certFile);
openssl_pkey_export_to_file($privkey, $keyFile);
}
}