maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add OCSP stapling support for apache2 and nginx

Browse Source
This commit is contained in:
Daniel Reichelt
2017-04-11 17:09:34 +02:00
parent d4cd827284
commit ec1bd6e19a
12 changed files with 160 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
scripts/jobs/cron_tasks.inc.http.10.apache.php
View File

@@ -107,6 +107,17 @@ class apache extends HttpConfigBase
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
}
$ocsp_cache_filename = makeCorrectFile($vhosts_folder . '/03_froxlor_ocsp_cache.conf');
if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.apache24') == 1) {
$this->virtualhosts_data[$ocsp_cache_filename] = 'SSLStaplingCache ' .
Settings::Get('system.apache24_ocsp_cache_path') . "\n";
} else {
if (file_exists($ocsp_cache_filename)) {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($ocsp_cache_filename));
unlink(makeCorrectFile($ocsp_cache_filename));
}
}
}
/**
@@ -504,7 +515,7 @@ class apache extends HttpConfigBase
// This vHost has PHP enabled and we are using the regular mod_php
$cmail = getCustomerDetail($domain['customerid'], 'email');
$php_options_text .= ' php_admin_value sendmail_path "/usr/sbin/sendmail -t -f '.$cmail.'"' . PHP_EOL;
if ($domain['openbasedir'] == '1') {
if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
@@ -878,6 +889,12 @@ class apache extends HttpConfigBase
$vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
}
if (Settings::Get('system.apache24') == '1' && isset($domain['ocsp_stapling']) &&
$domain['ocsp_stapling'] == '1')
{
$vhost_content .= ' SSLUseStapling on' . PHP_EOL;
}
if ($domain['hsts'] >= 0) {
$vhost_content .= ' <IfModule mod_headers.c>' . "\n";
$vhost_content .= ' Header always set Strict-Transport-Security "max-age=' . $domain['hsts'];

8
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -634,6 +634,14 @@ class nginx extends HttpConfigBase
}
$sslsettings .= '";' . "\n";
}
if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") ||
(isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1") ) {
$sslsettings .= "\t" . 'ssl_stapling on;' . "\n";
$sslsettings .= "\t" . 'ssl_stapling_verify on;' . "\n";
$sslsettings .= "\t" . 'ssl_trusted_certificate ' .
makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
}
}
}