maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Implement CAA DNS record for letsencrypt.org

Browse Source
This commit is contained in:
Marc-André Kolly
2019-07-27 17:36:31 +02:00
parent d5e4182878
commit d4e5e32c14
9 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
install/froxlor.sql
View File

@@ -256,6 +256,7 @@ CREATE TABLE `panel_domains` (
`mod_fcgid_maxrequests` int(4) default '-1', `mod_fcgid_maxrequests` int(4) default '-1',
`ismainbutsubto` int(11) unsigned NOT NULL default '0', `ismainbutsubto` int(11) unsigned NOT NULL default '0',
`letsencrypt` tinyint(1) NOT NULL default '0', `letsencrypt` tinyint(1) NOT NULL default '0',
`caa` tinyint(1) NOT NULL default '0',
`hsts` varchar(10) NOT NULL default '0', `hsts` varchar(10) NOT NULL default '0',
`hsts_sub` tinyint(1) NOT NULL default '0', `hsts_sub` tinyint(1) NOT NULL default '0',
`hsts_preload` tinyint(1) NOT NULL default '0', `hsts_preload` tinyint(1) NOT NULL default '0',

6
install/updates/froxlor/0.10/update_0.10.inc.php
View File

@@ -263,3 +263,9 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201904100')) {
if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc1')) { if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc1')) {
\Froxlor\Froxlor::updateToVersion('0.10.0-rc2'); \Froxlor\Froxlor::updateToVersion('0.10.0-rc2');
} }
if (\Froxlor\Froxlor::isDatabaseVersion('201904250')) {
Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `caa` TINYINT(1) NOT NULL DEFAULT '0' AFTER `letsencrypt`;");
\Froxlor\Froxlor::updateToDbVersion('201907270');
}

11
lib/Froxlor/Dns/Dns.php
View File

@@ -130,6 +130,12 @@ class Dns
} }
} }
// additional required records for CAA if activated
if ($domain['caa'] == '1') {
// check for CAA content later
self::addRequiredEntry('@', 'CAA', $required_entries);
}
// additional required records for SPF and DKIM if activated // additional required records for SPF and DKIM if activated
if ($domain['isemaildomain'] == '1') { if ($domain['isemaildomain'] == '1') {
if (Settings::Get('spf.use_spf') == '1') { if (Settings::Get('spf.use_spf') == '1') {
@@ -278,6 +284,11 @@ class Dns
} }
} }
} }
// CAA
if (array_key_exists("CAA", $required_entries)) {
$zonerecords[] = new DnsEntry('@', 'CAA', '0 issue "letsencrypt.org"');
}
} }
if (empty($primary_ns)) { if (empty($primary_ns)) {

13
lib/formfields/admin/domains/formfield.domains_add.php
View File

@@ -214,6 +214,19 @@ return array(
), ),
'value' => array() 'value' => array()
), ),
'caa' => array(
'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'label' => $lng['admin']['caa']['title'],
'desc' => $lng['admin']['caa']['description'],
'type' => 'checkbox',
'values' => array(
array(
'label' => $lng['panel']['yes'],
'value' => '1'
)
),
'value' => array()
),
'http2' => array( 'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1', 'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
'label' => $lng['admin']['domain_http2']['title'], 'label' => $lng['admin']['domain_http2']['title'],

15
lib/formfields/admin/domains/formfield.domains_edit.php
View File

@@ -250,6 +250,21 @@ return array(
$result['letsencrypt'] $result['letsencrypt']
) )
), ),
'caa' => array(
'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
'label' => $lng['admin']['caa']['title'],
'desc' => $lng['admin']['caa']['description'],
'type' => 'checkbox',
'values' => array(
array(
'label' => $lng['panel']['yes'],
'value' => '1'
)
),
'value' => array(
$result['caa']
)
),
'http2' => array( 'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1', 'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
'label' => $lng['admin']['domain_http2']['title'], 'label' => $lng['admin']['domain_http2']['title'],

13
lib/formfields/customer/domains/formfield.domains_add.php
View File

@@ -108,6 +108,19 @@ return array(
), ),
'value' => array() 'value' => array()
), ),
'caa' => array(
'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false,
'label' => $lng['customer']['caa']['title'],
'desc' => $lng['customer']['caa']['description'],
'type' => 'checkbox',
'values' => array(
array(
'label' => $lng['panel']['yes'],
'value' => '1'
)
),
'value' => array()
),
'hsts_maxage' => array( 'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'], 'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'], 'desc' => $lng['admin']['domain_hsts_maxage']['description'],

15
lib/formfields/customer/domains/formfield.domains_edit.php
View File

@@ -128,6 +128,21 @@ return array(
$result['letsencrypt'] $result['letsencrypt']
) )
), ),
'caa' => array(
'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false,
'label' => $lng['customer']['caa']['title'],
'desc' => $lng['customer']['caa']['description'],
'type' => 'checkbox',
'values' => array(
array(
'label' => $lng['panel']['yes'],
'value' => '1'
)
),
'value' => array(
$result['caa']
)
),
'hsts_maxage' => array( 'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'], 'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'], 'desc' => $lng['admin']['domain_hsts_maxage']['description'],

6
lng/english.lng.php
View File

@@ -1848,6 +1848,12 @@ $lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
$lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration."; $lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated."; $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
// Added for CAA record support
$lng['admin']['caa']['title'] = 'Use CAA DNS record';
$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.';
$lng['customer']['caa']['title'] = 'Use CAA DNS record';
$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.';
// Autoupdate // Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update'; $lng['admin']['autoupdate'] = 'Auto-Update';
$lng['error']['customized_version'] = 'It looks like your Froxlor installation has been modified, no support sorry.'; $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been modified, no support sorry.';

6
lng/german.lng.php
View File

@@ -1500,6 +1500,12 @@ $lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
$lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/Port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt."; $lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/Port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert."; $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
// Added for CAA record support
$lng['admin']['caa']['title'] = 'CAA DNS Eintrag erstellen';
$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.';
$lng['customer']['caa']['title'] = 'CAA DNS Eintrag erstellen';
$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.';
// Autoupdate // Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update'; $lng['admin']['autoupdate'] = 'Auto-Update';
$lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.'; $lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';