maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'Froxlor:master' into logo-custom-login

Browse Source
This commit is contained in:
Daniel
2021-06-28 10:39:02 +08:00
committed by GitHub
parent acb04566f5 73991e855c
commit dfbb4127e2
10 changed files with 524 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
actions/admin/settings/131.ssl.php
View File

@@ -142,6 +142,9 @@ return array(
'default' => '/etc/apache2/conf-enabled/acme.conf', 'default' => '/etc/apache2/conf-enabled/acme.conf',
'save_method' => 'storeSettingField' 'save_method' => 'storeSettingField'
), ),
/**
* currently the only option anyway
*
'system_leapiversion' => array( 'system_leapiversion' => array(
'label' => $lng['serversettings']['leapiversion'], 'label' => $lng['serversettings']['leapiversion'],
'settinggroup' => 'system', 'settinggroup' => 'system',
@@ -154,16 +157,18 @@ return array(
), ),
'save_method' => 'storeSettingField' 'save_method' => 'storeSettingField'
), ),
*/
'system_letsencryptca' => array( 'system_letsencryptca' => array(
'label' => $lng['serversettings']['letsencryptca'], 'label' => $lng['serversettings']['letsencryptca'],
'settinggroup' => 'system', 'settinggroup' => 'system',
'varname' => 'letsencryptca', 'varname' => 'letsencryptca',
'type' => 'option', 'type' => 'option',
'default' => 'production', 'default' => 'letsencrypt',
'option_mode' => 'one', 'option_mode' => 'one',
'option_options' => array( 'option_options' => array(
'testing' => 'https://acme-staging-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Test)', 'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)',
'production' => 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)' 'letsencrypt' => 'Let\'s Encrypt (Live)',
'zerossl' => 'ZeroSSL (Live)'
), ),
'save_method' => 'storeSettingField' 'save_method' => 'storeSettingField'
), ),

14
composer.lock generated
View File

@@ -150,16 +150,16 @@
}, },
{ {
"name": "phpmailer/phpmailer", "name": "phpmailer/phpmailer",
"version": "v6.4.1", "version": "v6.5.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/PHPMailer/PHPMailer.git", "url": "https://github.com/PHPMailer/PHPMailer.git",
"reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d" "reference": "a5b5c43e50b7fba655f793ad27303cd74c57363c"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9256f12d8fb0cd0500f93b19e18c356906cbed3d", "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a5b5c43e50b7fba655f793ad27303cd74c57363c",
"reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d", "reference": "a5b5c43e50b7fba655f793ad27303cd74c57363c",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@@ -214,7 +214,7 @@
"description": "PHPMailer is a full-featured email creation and transfer class for PHP", "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
"support": { "support": {
"issues": "https://github.com/PHPMailer/PHPMailer/issues", "issues": "https://github.com/PHPMailer/PHPMailer/issues",
"source": "https://github.com/PHPMailer/PHPMailer/tree/v6.4.1" "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.5.0"
}, },
"funding": [ "funding": [
{ {
@@ -222,7 +222,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2021-04-29T12:25:04+00:00" "time": "2021-06-16T14:33:43+00:00"
}, },
{ {
"name": "psr/log", "name": "psr/log",
@@ -4133,5 +4133,5 @@
"php": ">=7.3", "php": ">=7.3",
"ext-pcntl": "*" "ext-pcntl": "*"
}, },
"plugin-api-version": "2.0.0" "plugin-api-version": "2.1.0"
} }

4
install/froxlor.sql
View File

@@ -628,7 +628,7 @@ opcache.interned_strings_buffer'),
('system', 'apacheitksupport', '0'), ('system', 'apacheitksupport', '0'),
('system', 'leprivatekey', 'unset'), ('system', 'leprivatekey', 'unset'),
('system', 'lepublickey', 'unset'), ('system', 'lepublickey', 'unset'),
('system', 'letsencryptca', 'production'), ('system', 'letsencryptca', 'letsencrypt'),
('system', 'letsencryptcountrycode', 'DE'), ('system', 'letsencryptcountrycode', 'DE'),
('system', 'letsencryptstate', 'Hessen'), ('system', 'letsencryptstate', 'Hessen'),
('system', 'letsencryptchallengepath', '/var/www/froxlor'), ('system', 'letsencryptchallengepath', '/var/www/froxlor'),
@@ -716,7 +716,7 @@ opcache.interned_strings_buffer'),
('panel', 'terms_url', ''), ('panel', 'terms_url', ''),
('panel', 'privacy_url', ''), ('panel', 'privacy_url', ''),
('panel', 'version', '0.10.26'), ('panel', 'version', '0.10.26'),
('panel', 'db_version', '202106160'); ('panel', 'db_version', '202106270');
DROP TABLE IF EXISTS `panel_tasks`; DROP TABLE IF EXISTS `panel_tasks`;

13
install/updates/froxlor/0.10/update_0.10.inc.php
View File

@@ -812,3 +812,16 @@ if (\Froxlor\Froxlor::isDatabaseVersion('202103240')) {
\Froxlor\Froxlor::updateToDbVersion('202106160'); \Froxlor\Froxlor::updateToDbVersion('202106160');
} }
if (\Froxlor\Froxlor::isDatabaseVersion('202106160')) {
showUpdateStep("Adjusting Let's Encrypt endpoint configuration to support ZeroSSL", true);
if (Settings::Get('system.letsencryptca') == 'testing') {
Settings::Set("system.letsencryptca", 'letsencrypt_test');
} else {
Settings::Set("system.letsencryptca", 'letsencrypt');
}
lastStepStatus(0);
\Froxlor\Froxlor::updateToDbVersion('202106270');
}

914
lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
View File

@@ -21,70 +21,76 @@ use Froxlor\FileDir;
* @author Froxlor team <team@froxlor.org> (2016-) * @author Froxlor team <team@froxlor.org> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron * @package Cron
* *
* @since 0.9.35 * @since 0.9.35
* *
*/ */
class AcmeSh extends \Froxlor\Cron\FroxlorCron class AcmeSh extends \Froxlor\Cron\FroxlorCron
{ {
private static $apiserver = ""; const ACME_PROVIDER = [
'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory",
'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
'zerossl' => "https://acme.zerossl.com/v2/DV90"
];
private static $acmesh = "/root/.acme.sh/acme.sh"; private static $apiserver = "";
/** private static $acmesh = "/root/.acme.sh/acme.sh";
*
* @var \PDOStatement
*/
private static $updcert_stmt = null;
/** /**
* *
* @var \PDOStatement * @var \PDOStatement
*/ */
private static $upddom_stmt = null; private static $updcert_stmt = null;
public static $no_inserttask = false; /**
*
* @var \PDOStatement
*/
private static $upddom_stmt = null;
/** public static $no_inserttask = false;
* run the task
*
* @param boolean $internal
* @return number
*/
public static function run($internal = false)
{
// usually, this is action is called from within the tasks-jobs
if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.
// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.
// check whether we MIGHT need to run although there is no task to regenerate config-files
$issue_froxlor = self::issueFroxlorVhost();
$issue_domains = self::issueDomains();
$renew_froxlor = self::renewFroxlorVhost();
$renew_domains = self::renewDomains(true);
if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
// insert task to generate certificates and vhost-configs
\Froxlor\System\Cronjob::inserttask(1);
}
return 0;
}
// set server according to settings /**
self::$apiserver = 'https://acme-' . (Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '') . 'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory'; * run the task
*
* @param boolean $internal
* @return number
*/
public static function run($internal = false)
{
// usually, this is action is called from within the tasks-jobs
if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.
// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.
// check whether we MIGHT need to run although there is no task to regenerate config-files
$issue_froxlor = self::issueFroxlorVhost();
$issue_domains = self::issueDomains();
$renew_froxlor = self::renewFroxlorVhost();
$renew_domains = self::renewDomains(true);
if ($issue_froxlor || ! empty($issue_domains) || ! empty($renew_froxlor) || $renew_domains) {
// insert task to generate certificates and vhost-configs
\Froxlor\System\Cronjob::inserttask(1);
}
return 0;
}
// validate acme.sh installation // set server according to settings
if (! self::checkInstall()) { self::$apiserver = self::ACME_PROVIDER[Settings::Get('system.letsencryptca')];
return - 1;
}
self::checkUpgrade(); // validate acme.sh installation
if (! self::checkInstall()) {
return - 1;
}
// flag for re-generation of vhost files self::checkUpgrade();
$changedetected = 0;
// prepare update sql // flag for re-generation of vhost files
self::$updcert_stmt = Database::prepare(" $changedetected = 0;
// prepare update sql
self::$updcert_stmt = Database::prepare("
REPLACE INTO REPLACE INTO
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
SET SET
@@ -99,99 +105,99 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
`expirationdate` = :expirationdate `expirationdate` = :expirationdate
"); ");
// prepare domain update sql // prepare domain update sql
self::$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid"); self::$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
// check whether there are certificates to issue // check whether there are certificates to issue
$issue_froxlor = self::issueFroxlorVhost(); $issue_froxlor = self::issueFroxlorVhost();
$issue_domains = self::issueDomains(); $issue_domains = self::issueDomains();
// first - generate LE for system-vhost if enabled // first - generate LE for system-vhost if enabled
if ($issue_froxlor) { if ($issue_froxlor) {
// build row // build row
$certrow = array( $certrow = array(
'loginname' => 'froxlor.panel', 'loginname' => 'froxlor.panel',
'domain' => Settings::Get('system.hostname'), 'domain' => Settings::Get('system.hostname'),
'domainid' => 0, 'domainid' => 0,
'documentroot' => \Froxlor\Froxlor::getInstallDir(), 'documentroot' => \Froxlor\Froxlor::getInstallDir(),
'leprivatekey' => Settings::Get('system.leprivatekey'), 'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'), 'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'), 'leregistered' => Settings::Get('system.leregistered'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'), 'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => null, 'expirationdate' => null,
'ssl_cert_file' => null, 'ssl_cert_file' => null,
'ssl_key_file' => null, 'ssl_key_file' => null,
'ssl_ca_file' => null, 'ssl_ca_file' => null,
'ssl_csr_file' => null, 'ssl_csr_file' => null,
'id' => null 'id' => null
); );
// add to queue // add to queue
$issue_domains[] = $certrow; $issue_domains[] = $certrow;
} }
if (count($issue_domains)) { if (count($issue_domains)) {
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting " . count($issue_domains) . " new Let's Encrypt certificates"); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting " . count($issue_domains) . " new Let's Encrypt certificates");
self::runIssueFor($issue_domains); self::runIssueFor($issue_domains);
$changedetected = 1; $changedetected = 1;
} }
// compare file-system certificates with the ones in our database // compare file-system certificates with the ones in our database
// and update if needed // and update if needed
$renew_froxlor = self::renewFroxlorVhost(); $renew_froxlor = self::renewFroxlorVhost();
$renew_domains = self::renewDomains(); $renew_domains = self::renewDomains();
if ($renew_froxlor) { if ($renew_froxlor) {
// build row // build row
$certrow = array( $certrow = array(
'loginname' => 'froxlor.panel', 'loginname' => 'froxlor.panel',
'domain' => Settings::Get('system.hostname'), 'domain' => Settings::Get('system.hostname'),
'domainid' => 0, 'domainid' => 0,
'documentroot' => \Froxlor\Froxlor::getInstallDir(), 'documentroot' => \Froxlor\Froxlor::getInstallDir(),
'leprivatekey' => Settings::Get('system.leprivatekey'), 'leprivatekey' => Settings::Get('system.leprivatekey'),
'lepublickey' => Settings::Get('system.lepublickey'), 'lepublickey' => Settings::Get('system.lepublickey'),
'leregistered' => Settings::Get('system.leregistered'), 'leregistered' => Settings::Get('system.leregistered'),
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'), 'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
'expirationdate' => is_array($renew_froxlor) ? $renew_froxlor['expirationdate'] : date('Y-m-d H:i:s', 0), 'expirationdate' => is_array($renew_froxlor) ? $renew_froxlor['expirationdate'] : date('Y-m-d H:i:s', 0),
'ssl_cert_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_cert_file'] : null, 'ssl_cert_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_cert_file'] : null,
'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null, 'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null,
'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null, 'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null,
'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null, 'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null,
'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null 'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null
); );
$renew_domains[] = $certrow; $renew_domains[] = $certrow;
} }
foreach ($renew_domains as $domain) { foreach ($renew_domains as $domain) {
$cronlog = FroxlorLogger::getInstanceOf(array( $cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $domain['loginname'], 'loginname' => $domain['loginname'],
'adminsession' => 0 'adminsession' => 0
)); ));
if (defined('CRON_IS_FORCED') || self::checkFsFilesAreNewer($domain['domain'], $domain['expirationdate'])) { if (defined('CRON_IS_FORCED') || self::checkFsFilesAreNewer($domain['domain'], $domain['expirationdate'])) {
self::certToDb($domain, $cronlog, array()); self::certToDb($domain, $cronlog, array());
$changedetected = 1; $changedetected = 1;
} }
} }
// If we have a change in a certificate, we need to update the webserver - configs // If we have a change in a certificate, we need to update the webserver - configs
// This is easiest done by just creating a new task ;) // This is easiest done by just creating a new task ;)
if ($changedetected) { if ($changedetected) {
if (self::$no_inserttask == false) { if (self::$no_inserttask == false) {
\Froxlor\System\Cronjob::inserttask(1); \Froxlor\System\Cronjob::inserttask(1);
} }
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated"); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
} else { } else {
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No new certificates or certificate updates found"); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No new certificates or certificate updates found");
} }
} }
/** /**
* issue certificates for a list of domains * issue certificates for a list of domains
*/ */
private static function runIssueFor($certrows = array()) private static function runIssueFor($certrows = array())
{ {
// prepare aliasdomain-check // prepare aliasdomain-check
$aliasdomains_stmt = Database::prepare(" $aliasdomains_stmt = Database::prepare("
SELECT SELECT
dom.`id` as domainid, dom.`id` as domainid,
dom.`domain`, dom.`domain`,
@@ -202,216 +208,216 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
AND dom.`letsencrypt` = 1 AND dom.`letsencrypt` = 1
AND dom.`iswildcarddomain` = 0 AND dom.`iswildcarddomain` = 0
"); ");
// iterate through all domains // iterate through all domains
foreach ($certrows as $certrow) { foreach ($certrows as $certrow) {
// set logger to corresponding loginname for the log to appear in the users system-log // set logger to corresponding loginname for the log to appear in the users system-log
$cronlog = FroxlorLogger::getInstanceOf(array( $cronlog = FroxlorLogger::getInstanceOf(array(
'loginname' => $certrow['loginname'], 'loginname' => $certrow['loginname'],
'adminsession' => 0 'adminsession' => 0
)); ));
// Only issue let's encrypt certificate if no broken ssl_redirect is enabled // Only issue let's encrypt certificate if no broken ssl_redirect is enabled
if ($certrow['ssl_redirect'] != 2) { if ($certrow['ssl_redirect'] != 2) {
$do_force = false; $do_force = false;
if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) { if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
// domain changed (SAN or similar) // domain changed (SAN or similar)
$do_force = true; $do_force = true;
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
} else { } else {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
} }
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding common-name: " . $certrow['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding common-name: " . $certrow['domain']);
$domains = array( $domains = array(
strtolower($certrow['domain']) strtolower($certrow['domain'])
); );
// add www.<domain> to SAN list // add www.<domain> to SAN list
if ($certrow['wwwserveralias'] == 1) { if ($certrow['wwwserveralias'] == 1) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
$domains[] = strtolower('www.' . $certrow['domain']); $domains[] = strtolower('www.' . $certrow['domain']);
} }
if ($certrow['domainid'] == 0) { if ($certrow['domainid'] == 0) {
$froxlor_aliases = Settings::Get('system.froxloraliases'); $froxlor_aliases = Settings::Get('system.froxloraliases');
if (! empty($froxlor_aliases)) { if (! empty($froxlor_aliases)) {
$froxlor_aliases = explode(",", $froxlor_aliases); $froxlor_aliases = explode(",", $froxlor_aliases);
foreach ($froxlor_aliases as $falias) { foreach ($froxlor_aliases as $falias) {
if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) { if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . strtolower(trim($falias))); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . strtolower(trim($falias)));
$domains[] = strtolower(trim($falias)); $domains[] = strtolower(trim($falias));
} }
} }
} }
} else { } else {
// add alias domains (and possibly www.<aliasdomain>) to SAN list // add alias domains (and possibly www.<aliasdomain>) to SAN list
Database::pexecute($aliasdomains_stmt, array( Database::pexecute($aliasdomains_stmt, array(
'id' => $certrow['domainid'] 'id' => $certrow['domainid']
)); ));
$aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC); $aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC);
foreach ($aliasdomains as $aliasdomain) { foreach ($aliasdomains as $aliasdomain) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
$domains[] = strtolower($aliasdomain['domain']); $domains[] = strtolower($aliasdomain['domain']);
if ($aliasdomain['wwwserveralias'] == 1) { if ($aliasdomain['wwwserveralias'] == 1) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
$domains[] = strtolower('www.' . $aliasdomain['domain']); $domains[] = strtolower('www.' . $aliasdomain['domain']);
} }
} }
} }
self::validateDns($domains, $certrow['domainid'], $cronlog); self::validateDns($domains, $certrow['domainid'], $cronlog);
self::runAcmeSh($certrow, $domains, $cronlog, $do_force); self::runAcmeSh($certrow, $domains, $cronlog, $do_force);
} else { } else {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
} }
} }
} }
/** /**
* validate dns (A / AAAA record) of domain against known system ips * validate dns (A / AAAA record) of domain against known system ips
* *
* @param array $domains * @param array $domains
* @param int $domain_id * @param int $domain_id
* @param FroxlorLogger $cronlog * @param FroxlorLogger $cronlog
*/ */
private static function validateDns(array &$domains, $domain_id, &$cronlog) private static function validateDns(array &$domains, $domain_id, &$cronlog)
{ {
if (Settings::Get('system.le_domain_dnscheck') == '1' && ! empty($domains)) { if (Settings::Get('system.le_domain_dnscheck') == '1' && ! empty($domains)) {
$loop_domains = $domains; $loop_domains = $domains;
// ips according to our system // ips according to our system
$our_ips = Domain::getIpsOfDomain($domain_id); $our_ips = Domain::getIpsOfDomain($domain_id);
foreach ($loop_domains as $idx => $domain) { foreach ($loop_domains as $idx => $domain) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
// ips accordint to NS // ips accordint to NS
$domain_ips = PhpHelper::gethostbynamel6($domain); $domain_ips = PhpHelper::gethostbynamel6($domain);
if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) { if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
// no common ips... // no common ips...
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check"); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
unset($domains[$idx]); unset($domains[$idx]);
} }
} }
} }
} }
private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, $force = false) private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, $force = false)
{ {
if (! empty($domains)) { if (! empty($domains)) {
$acmesh_cmd = self::$acmesh . " --server " . self::$apiserver . " --issue -d " . implode(" -d ", $domains); $acmesh_cmd = self::$acmesh . " --server " . self::$apiserver . " --issue -d " . implode(" -d ", $domains);
// challenge path // challenge path
$acmesh_cmd .= " -w " . Settings::Get('system.letsencryptchallengepath'); $acmesh_cmd .= " -w " . Settings::Get('system.letsencryptchallengepath');
if (Settings::Get('system.leecc') > 0) { if (Settings::Get('system.leecc') > 0) {
// ecc certificate // ecc certificate
$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc'); $acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
} else { } else {
$acmesh_cmd .= " --keylength " . Settings::Get('system.letsencryptkeysize'); $acmesh_cmd .= " --keylength " . Settings::Get('system.letsencryptkeysize');
} }
if (Settings::Get('system.letsencryptreuseold') != '1') { if (Settings::Get('system.letsencryptreuseold') != '1') {
$acmesh_cmd .= " --always-force-new-domain-key"; $acmesh_cmd .= " --always-force-new-domain-key";
} }
if (Settings::Get('system.letsencryptca') == 'testing') { if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
$acmesh_cmd .= " --staging"; $acmesh_cmd .= " --staging";
} }
if ($force) { if ($force) {
$acmesh_cmd .= " --force"; $acmesh_cmd .= " --force";
} }
if (defined('CRON_DEBUG_FLAG')) { if (defined('CRON_DEBUG_FLAG')) {
$acmesh_cmd .= " --debug"; $acmesh_cmd .= " --debug";
} }
$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd); $acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
// debug output of acme.sh run // debug output of acme.sh run
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result)); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result));
self::certToDb($certrow, $cronlog, $acme_result); self::certToDb($certrow, $cronlog, $acme_result);
} }
} }
private static function certToDb($certrow, &$cronlog, $acme_result) private static function certToDb($certrow, &$cronlog, $acme_result)
{ {
$return = array(); $return = array();
self::readCertificateToVar(strtolower($certrow['domain']), $return, $cronlog); self::readCertificateToVar(strtolower($certrow['domain']), $return, $cronlog);
if (! empty($return['crt'])) { if (! empty($return['crt'])) {
$newcert = openssl_x509_parse($return['crt']); $newcert = openssl_x509_parse($return['crt']);
if ($newcert) { if ($newcert) {
// Store the new data // Store the new data
Database::pexecute(self::$updcert_stmt, array( Database::pexecute(self::$updcert_stmt, array(
'id' => $certrow['id'], 'id' => $certrow['id'],
'domainid' => $certrow['domainid'], 'domainid' => $certrow['domainid'],
'crt' => $return['crt'], 'crt' => $return['crt'],
'key' => $return['key'], 'key' => $return['key'],
'ca' => $return['chain'], 'ca' => $return['chain'],
'chain' => $return['chain'], 'chain' => $return['chain'],
'csr' => $return['csr'], 'csr' => $return['csr'],
'fullchain' => $return['fullchain'], 'fullchain' => $return['fullchain'],
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t']) 'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
)); ));
if ($certrow['ssl_redirect'] == 3) { if ($certrow['ssl_redirect'] == 3) {
Database::pexecute(self::$upddom_stmt, array( Database::pexecute(self::$upddom_stmt, array(
'domainid' => $certrow['domainid'] 'domainid' => $certrow['domainid']
)); ));
} }
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
} else { } else {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result)); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
} }
} else { } else {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result)); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
} }
} }
/** /**
* check whether we need to issue a new certificate for froxlor itself * check whether we need to issue a new certificate for froxlor itself
* *
* @return boolean * @return boolean
*/ */
private static function issueFroxlorVhost() private static function issueFroxlorVhost()
{ {
if (Settings::Get('system.le_froxlor_enabled') == '1') { if (Settings::Get('system.le_froxlor_enabled') == '1') {
// let's encrypt is enabled, now check whether we have a certificate // let's encrypt is enabled, now check whether we have a certificate
$froxlor_ssl_settings_stmt = Database::prepare(" $froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' WHERE `domainid` = '0'
"); ");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt); $froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
// also check for possible existing certificate // also check for possible existing certificate
if (! $froxlor_ssl && ! self::checkFsFilesAreNewer(Settings::Get('system.hostname'), date('Y-m-d H:i:s'))) { if (! $froxlor_ssl && ! self::checkFsFilesAreNewer(Settings::Get('system.hostname'), date('Y-m-d H:i:s'))) {
return true; return true;
} }
} }
return false; return false;
} }
/** /**
* check whether we need to renew-check the certificate for froxlor itself * check whether we need to renew-check the certificate for froxlor itself
* *
* @return boolean * @return boolean
*/ */
private static function renewFroxlorVhost() private static function renewFroxlorVhost()
{ {
if (Settings::Get('system.le_froxlor_enabled') == '1') { if (Settings::Get('system.le_froxlor_enabled') == '1') {
// let's encrypt is enabled, now check whether we have a certificate // let's encrypt is enabled, now check whether we have a certificate
$froxlor_ssl_settings_stmt = Database::prepare(" $froxlor_ssl_settings_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
WHERE `domainid` = '0' WHERE `domainid` = '0'
"); ");
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt); $froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
// also check for possible existing certificate // also check for possible existing certificate
if ($froxlor_ssl && self::checkFsFilesAreNewer(Settings::Get('system.hostname'), $froxlor_ssl['expirationdate'])) { if ($froxlor_ssl && self::checkFsFilesAreNewer(Settings::Get('system.hostname'), $froxlor_ssl['expirationdate'])) {
return $froxlor_ssl; return $froxlor_ssl;
} }
} }
return false; return false;
} }
/** /**
* get a list of domains that have a lets encrypt certificate (possible renew) * get a list of domains that have a lets encrypt certificate (possible renew)
*/ */
private static function renewDomains($check = false) private static function renewDomains($check = false)
{ {
$certificates_stmt = Database::query(" $certificates_stmt = Database::query("
SELECT SELECT
domssl.`id`, domssl.`id`,
domssl.`domainid`, domssl.`domainid`,
@@ -435,27 +441,27 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
AND dom.`aliasdomain` IS NULL AND dom.`aliasdomain` IS NULL
AND dom.`iswildcarddomain` = 0 AND dom.`iswildcarddomain` = 0
"); ");
$renew_certs = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC); $renew_certs = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
if ($renew_certs) { if ($renew_certs) {
if ($check) { if ($check) {
foreach ($renew_certs as $cert) { foreach ($renew_certs as $cert) {
if (self::checkFsFilesAreNewer($cert['domain'], $cert['expirationdate'])) { if (self::checkFsFilesAreNewer($cert['domain'], $cert['expirationdate'])) {
return true; return true;
} }
} }
return false; return false;
} }
return $renew_certs; return $renew_certs;
} }
return array(); return array();
} }
/** /**
* get a list of domains that require a new certificate (issue) * get a list of domains that require a new certificate (issue)
*/ */
private static function issueDomains() private static function issueDomains()
{ {
$certificates_stmt = Database::query(" $certificates_stmt = Database::query("
SELECT SELECT
domssl.`id`, domssl.`id`,
domssl.`domainid`, domssl.`domainid`,
@@ -488,125 +494,125 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
AND dom.`iswildcarddomain` = 0 AND dom.`iswildcarddomain` = 0
AND domssl.`expirationdate` IS NULL AND domssl.`expirationdate` IS NULL
"); ");
$customer_ssl = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC); $customer_ssl = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
if ($customer_ssl) { if ($customer_ssl) {
return $customer_ssl; return $customer_ssl;
} }
return array(); return array();
} }
private static function checkFsFilesAreNewer($domain, $cert_date = 0) private static function checkFsFilesAreNewer($domain, $cert_date = 0)
{ {
$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain)); $certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));
$ssl_file = \Froxlor\FileDir::makeCorrectFile($certificate_folder . '/' . strtolower($domain) . '.cer'); $ssl_file = \Froxlor\FileDir::makeCorrectFile($certificate_folder . '/' . strtolower($domain) . '.cer');
if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) { if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {
$cert_data = openssl_x509_parse(file_get_contents($ssl_file)); $cert_data = openssl_x509_parse(file_get_contents($ssl_file));
if ($cert_data && $cert_data['validTo_time_t'] > strtotime($cert_date)) { if ($cert_data && $cert_data['validTo_time_t'] > strtotime($cert_date)) {
return true; return true;
} }
} }
return false; return false;
} }
public static function getWorkingDirFromEnv($domain = "", $forced_noecc = false) public static function getWorkingDirFromEnv($domain = "", $forced_noecc = false)
{ {
if (Settings::Get('system.leecc') > 0 && ! $forced_noecc) { if (Settings::Get('system.leecc') > 0 && ! $forced_noecc) {
$domain .= "_ecc"; $domain .= "_ecc";
} }
$env_file = FileDir::makeCorrectFile(dirname(self::$acmesh) . '/acme.sh.env'); $env_file = FileDir::makeCorrectFile(dirname(self::$acmesh) . '/acme.sh.env');
if (file_exists($env_file)) { if (file_exists($env_file)) {
$output = []; $output = [];
$cut = <<<EOC $cut = <<<EOC
cut -d'"' -f2 cut -d'"' -f2
EOC; EOC;
exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output); exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output);
if (is_array($output) && ! empty($output) && isset($output[0]) && ! empty($output[0])) { if (is_array($output) && ! empty($output) && isset($output[0]) && ! empty($output[0])) {
return FileDir::makeCorrectDir($output[0] . "/" . $domain); return FileDir::makeCorrectDir($output[0] . "/" . $domain);
} }
} }
return FileDir::makeCorrectDir(dirname(self::$acmesh) . "/" . $domain); return FileDir::makeCorrectDir(dirname(self::$acmesh) . "/" . $domain);
} }
public static function getAcmeSh() public static function getAcmeSh()
{ {
return self::$acmesh; return self::$acmesh;
} }
/** /**
* get certificate files from filesystem and store in $return array * get certificate files from filesystem and store in $return array
* *
* @param string $domain * @param string $domain
* @param array $return * @param array $return
* @param object $cronlog * @param object $cronlog
*/ */
private static function readCertificateToVar($domain, &$return, &$cronlog) private static function readCertificateToVar($domain, &$return, &$cronlog)
{ {
$certificate_folder = self::getWorkingDirFromEnv($domain); $certificate_folder = self::getWorkingDirFromEnv($domain);
$certificate_folder_noecc = null; $certificate_folder_noecc = null;
if (Settings::Get('system.leecc') > 0) { if (Settings::Get('system.leecc') > 0) {
$certificate_folder_noecc = self::getWorkingDirFromEnv($domain, true); $certificate_folder_noecc = self::getWorkingDirFromEnv($domain, true);
} }
$certificate_folder = \Froxlor\FileDir::makeCorrectDir($certificate_folder); $certificate_folder = \Froxlor\FileDir::makeCorrectDir($certificate_folder);
if (is_dir($certificate_folder) || is_dir($certificate_folder_noecc)) { if (is_dir($certificate_folder) || is_dir($certificate_folder_noecc)) {
foreach ([ foreach ([
'crt' => $domain . '.cer', 'crt' => $domain . '.cer',
'key' => $domain . '.key', 'key' => $domain . '.key',
'chain' => 'ca.cer', 'chain' => 'ca.cer',
'fullchain' => 'fullchain.cer', 'fullchain' => 'fullchain.cer',
'csr' => $domain . '.csr' 'csr' => $domain . '.csr'
] as $index => $sslfile) { ] as $index => $sslfile) {
$ssl_file = \Froxlor\FileDir::makeCorrectFile($certificate_folder . '/' . $sslfile); $ssl_file = \Froxlor\FileDir::makeCorrectFile($certificate_folder . '/' . $sslfile);
if (file_exists($ssl_file)) { if (file_exists($ssl_file)) {
$return[$index] = file_get_contents($ssl_file); $return[$index] = file_get_contents($ssl_file);
} else { } else {
if (! empty($certificate_folder_noecc)) { if (! empty($certificate_folder_noecc)) {
$ssl_file_fb = \Froxlor\FileDir::makeCorrectFile($certificate_folder_noecc . '/' . $sslfile); $ssl_file_fb = \Froxlor\FileDir::makeCorrectFile($certificate_folder_noecc . '/' . $sslfile);
if (file_exists($ssl_file_fb)) { if (file_exists($ssl_file_fb)) {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "ECC certificates activated but found only non-ecc file"); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "ECC certificates activated but found only non-ecc file");
$return[$index] = file_get_contents($ssl_file_fb); $return[$index] = file_get_contents($ssl_file_fb);
continue; continue;
} }
} }
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find file '" . $sslfile . "' in '" . $certificate_folder . "'"); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find file '" . $sslfile . "' in '" . $certificate_folder . "'");
$return[$index] = null; $return[$index] = null;
} }
} }
} else { } else {
$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder '" . $certificate_folder . "'"); $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder '" . $certificate_folder . "'");
} }
} }
/** /**
* install acme.sh if not found yet * install acme.sh if not found yet
*/ */
private static function checkInstall($tries = 0) private static function checkInstall($tries = 0)
{ {
if (! file_exists(self::$acmesh) && $tries > 0) { if (! file_exists(self::$acmesh) && $tries > 0) {
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'"); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'");
echo PHP_EOL . "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'" . PHP_EOL; echo PHP_EOL . "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'" . PHP_EOL;
return false; return false;
} else if (! file_exists(self::$acmesh)) { } else if (! file_exists(self::$acmesh)) {
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Could not find acme.sh - installing it to /root/.acme.sh/"); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Could not find acme.sh - installing it to /root/.acme.sh/");
$return = false; $return = false;
\Froxlor\FileDir::safe_exec("wget -O - https://get.acme.sh | sh", $return, array( \Froxlor\FileDir::safe_exec("wget -O - https://get.acme.sh | sh", $return, array(
'|' '|'
)); ));
// check whether the installation worked // check whether the installation worked
return self::checkInstall(++ $tries); return self::checkInstall(++ $tries);
} }
return true; return true;
} }
/** /**
* run upgrade * run upgrade
*/ */
private static function checkUpgrade() private static function checkUpgrade()
{ {
$acmesh_result = \Froxlor\FileDir::safe_exec(self::$acmesh . " --upgrade --auto-upgrade 0"); $acmesh_result = \Froxlor\FileDir::safe_exec(self::$acmesh . " --upgrade --auto-upgrade 0");
// check for activated cron // check for activated cron
$acmesh_result2 = \Froxlor\FileDir::safe_exec(self::$acmesh . " --install-cronjob"); $acmesh_result2 = \Froxlor\FileDir::safe_exec(self::$acmesh . " --install-cronjob");
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result) . "\n" . implode("\n", $acmesh_result2)); FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result) . "\n" . implode("\n", $acmesh_result2));
} }
} }

24
lib/Froxlor/Dns/Dns.php
View File

@@ -53,7 +53,7 @@ class Dns
$domain = $domain_id; $domain = $domain_id;
} }
if ($domain['isbinddomain'] != '1') { if (!isset($domain['isbinddomain']) || $domain['isbinddomain'] != '1') {
return; return;
} }
@@ -190,12 +190,26 @@ class Dns
'@', '@',
'www', 'www',
'*' '*'
] as $crceord) { ] as $crecord) {
if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crceord), $required_entries['A']) || array_key_exists(md5($crceord), $required_entries['AAAA']))) { if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
unset($required_entries['A'][md5($crceord)]); unset($required_entries['A'][md5($crecord)]);
unset($required_entries['AAAA'][md5($crceord)]); unset($required_entries['AAAA'][md5($crecord)]);
} }
} }
// also allow overriding of auto-generated values (imap,pop3,mail,smtp) if enabled in the settings
if (Settings::Get('system.dns_createmailentry')) {
foreach (array(
'imap',
'pop3',
'mail',
'smtp'
) as $crecord) {
if ($entry['type'] == 'CNAME' && $entry['record'] == $crecord && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
unset($required_entries['A'][md5($crecord)]);
unset($required_entries['AAAA'][md5($crecord)]);
}
}
}
$zonerecords[] = new DnsEntry($entry['record'], $entry['type'], $entry['content'], $entry['prio'], $entry['ttl']); $zonerecords[] = new DnsEntry($entry['record'], $entry['type'], $entry['content'], $entry['prio'], $entry['ttl']);
} }

2
lib/Froxlor/Froxlor.php
View File

@@ -10,7 +10,7 @@ final class Froxlor
const VERSION = '0.10.26'; const VERSION = '0.10.26';
// Database version (YYYYMMDDC where C is a daily counter) // Database version (YYYYMMDDC where C is a daily counter)
const DBVERSION = '202106160'; const DBVERSION = '202106270';
// Distribution branding-tag (used for Debian etc.) // Distribution branding-tag (used for Debian etc.)
const BRANDING = ''; const BRANDING = '';

21
lib/configfiles/focal.xml
View File

@@ -74,7 +74,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
]]> ]]>
</content> </content>
</file> </file>
<command><![CDATA[/etc/init.d/apache2 restart]]></command> <command><![CDATA[service apache2 restart]]></command>
</daemon> </daemon>
<!-- HTTP Lighttpd --> <!-- HTTP Lighttpd -->
<daemon name="lighttpd" title="LigHTTPd"> <daemon name="lighttpd" title="LigHTTPd">
@@ -138,7 +138,7 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
</command> </command>
<command><![CDATA[lighty-disable-mod cgi]]></command> <command><![CDATA[lighty-disable-mod cgi]]></command>
<command><![CDATA[lighty-disable-mod fastcgi]]></command> <command><![CDATA[lighty-disable-mod fastcgi]]></command>
<command><![CDATA[/etc/init.d/lighttpd restart]]></command> <command><![CDATA[service lighttpd restart]]></command>
</daemon> </daemon>
<!-- HTTP Nginx --> <!-- HTTP Nginx -->
<daemon name="nginx" title="nginx"> <daemon name="nginx" title="nginx">
@@ -354,7 +354,6 @@ exit "$RETVAL"
</visibility> </visibility>
<content><![CDATA[/etc/init.d/php-fcgi restart]]></content> <content><![CDATA[/etc/init.d/php-fcgi restart]]></content>
</command> </command>
<command><![CDATA[/etc/init.d/nginx restart]]></command>
</daemon> </daemon>
</service> </service>
<!--DNS --> <!--DNS -->
@@ -366,7 +365,7 @@ exit "$RETVAL"
<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command> <command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[chown bind:0 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command> <command><![CDATA[chown bind:0 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command> <command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[/etc/init.d/bind9 restart]]></command> <command><![CDATA[service bind9 restart]]></command>
</daemon> </daemon>
<daemon name="powerdns" title="PowerDNS (standalone)"> <daemon name="powerdns" title="PowerDNS (standalone)">
<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install> <install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
@@ -908,7 +907,7 @@ gmysql-password=
]]> ]]>
</content> </content>
</file> </file>
<command><![CDATA[/etc/init.d/pdns restart]]></command> <command><![CDATA[service pdns restart]]></command>
</daemon> </daemon>
<daemon name="powerdns_bind" <daemon name="powerdns_bind"
title="PowerDNS via bind-backend"> title="PowerDNS via bind-backend">
@@ -1455,7 +1454,7 @@ bind-check-interval=180
]]> ]]>
</content> </content>
</file> </file>
<command><![CDATA[/etc/init.d/pdns restart]]></command> <command><![CDATA[service pdns restart]]></command>
</daemon> </daemon>
</service> </service>
<!-- SMTP services --> <!-- SMTP services -->
@@ -1578,7 +1577,7 @@ root: root@<SERVERNAME>
</files> </files>
<commands index="3"> <commands index="3">
<command><![CDATA[newaliases]]></command> <command><![CDATA[newaliases]]></command>
<command><![CDATA[/etc/init.d/postfix restart]]></command> <command><![CDATA[service postfix restart]]></command>
</commands> </commands>
</general> </general>
<!-- postfix with dovecot --> <!-- postfix with dovecot -->
@@ -3299,7 +3298,7 @@ plugin {
</file> </file>
</files> </files>
<commands index="1"> <commands index="1">
<command><![CDATA[/etc/init.d/dovecot restart]]></command> <command><![CDATA[service dovecot restart]]></command>
</commands> </commands>
</general> </general>
<!-- Dovecot with postfix --> <!-- Dovecot with postfix -->
@@ -3722,7 +3721,7 @@ TLSVerifyClient off
]]> ]]>
</content> </content>
</file> </file>
<command><![CDATA[/etc/init.d/proftpd restart]]></command> <command><![CDATA[service proftpd restart]]></command>
</daemon> </daemon>
<!-- Pureftpd --> <!-- Pureftpd -->
<daemon name="pureftpd" title="PureFTPd"> <daemon name="pureftpd" title="PureFTPd">
@@ -3948,7 +3947,7 @@ UPLOADGID=
]]> ]]>
</content> </content>
</file> </file>
<command><![CDATA[/etc/init.d/pure-ftpd-mysql restart]]></command> <command><![CDATA[service pure-ftpd-mysql restart]]></command>
</daemon> </daemon>
</service> </service>
<!-- System tools/services --> <!-- System tools/services -->
@@ -4088,7 +4087,7 @@ aliases: files
<commands index="5"> <commands index="5">
<visibility mode="equals" value="apache2">{{settings.system.webserver}} <visibility mode="equals" value="apache2">{{settings.system.webserver}}
</visibility> </visibility>
<command><![CDATA[/etc/init.d/apache2 restart]]></command> <command><![CDATA[service apache2 restart]]></command>
</commands> </commands>
<!-- instead of just restarting apache, we let the cronjob do all the <!-- instead of just restarting apache, we let the cronjob do all the
dirty work --> dirty work -->

4
lng/english.lng.php
View File

@@ -1839,8 +1839,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is
$lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot handle wildcard-domains using ACME in froxlor (requires dns-challenge), sorry. Please set the ServerAlias to WWW or disable it completely'; $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot handle wildcard-domains using ACME in froxlor (requires dns-challenge), sorry. Please set the ServerAlias to WWW or disable it completely';
$lng['panel']['letsencrypt'] = 'Using Let\'s encrypt'; $lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
$lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates'; $lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment"; $lng['serversettings']['letsencryptca']['title'] = "ACME environment";
$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt certificates."; $lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt / ZeroSSL certificates.";
$lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt country code"; $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt country code";
$lng['serversettings']['letsencryptcountrycode']['description'] = "2 letter country code used to generate Let's Encrypt certificates."; $lng['serversettings']['letsencryptcountrycode']['description'] = "2 letter country code used to generate Let's Encrypt certificates.";
$lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt state"; $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt state";

4
lng/german.lng.php
View File

@@ -1490,8 +1490,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s
$lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann mittels ACME Wildcard-Domains nur via DNS validieren, sorry. Bitte den ServerAlias auf WWW setzen oder deaktivieren'; $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann mittels ACME Wildcard-Domains nur via DNS validieren, sorry. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
$lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt'; $lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
$lng['crondesc']['cron_letsencrypt'] = 'Aktualisierung der Let\'s Encrypt Zertifikate'; $lng['crondesc']['cron_letsencrypt'] = 'Aktualisierung der Let\'s Encrypt Zertifikate';
$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung"; $lng['serversettings']['letsencryptca']['title'] = "ACME Umgebung";
$lng['serversettings']['letsencryptca']['description'] = "Let's Encrypt - Umgebung, welche genutzt wird um Zertifikate zu bestellen."; $lng['serversettings']['letsencryptca']['description'] = "Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
$lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt Ländercode"; $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt Ländercode";
$lng['serversettings']['letsencryptcountrycode']['description'] = "2 - stelliger Ländercode, welcher benutzt wird um Let's Encrypt - Zertifikate zu bestellen."; $lng['serversettings']['letsencryptcountrycode']['description'] = "2 - stelliger Ländercode, welcher benutzt wird um Let's Encrypt - Zertifikate zu bestellen.";
$lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt Bundesland"; $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt Bundesland";