diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index bad063f3..5fa70ae8 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -663,15 +663,24 @@ class apache && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') ) { - $_sslport = ''; // We must not check if our port differs from port 443, but if there is a destination-port != 443 - // This returns the lowest port != 443 with ssl enabled, if any - $ssldestport = $this->db->query_first("SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip` - LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) - WHERE `dip`.`id_domain` = '$domain[id]' AND `ip`.`ssl` = '1' AND `ip`.`port` != 443 - ORDER BY `ip`.`port` LIMIT 1;"); + // We must not check if our port differs from port 443, + // but if there is a destination-port != 443 + $_sslport = ''; + // This returns the first port that is != 443 with ssl enabled, if any + // ordered by ssl-certificate (if any) so that the ip/port combo + // with certificate is used + $ssldestport = $this->db->query_first( + "SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip` + LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) + WHERE `dip`.`id_domain` = '".(int)$domain['id']."' + AND `ip`.`ssl` = '1' AND `ip`.`port` != 443 + ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;" + ); + if ($ssldestport['port'] != '') { $_sslport = ":".$ssldestport['port']; } + $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index cc627ba5..0c8a2120 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -409,7 +409,25 @@ class lighttpd && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1' ) { - $domain['documentroot'] = 'https://' . $domain['domain'] . '/'; + // We must not check if our port differs from port 443, + // but if there is a destination-port != 443 + $_sslport = ''; + // This returns the first port that is != 443 with ssl enabled, if any + // ordered by ssl-certificate (if any) so that the ip/port combo + // with certificate is used + $ssldestport = $this->db->query_first( + "SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip` + LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) + WHERE `dip`.`id_domain` = '".(int)$domain['id']."' + AND `ip`.`ssl` = '1' AND `ip`.`port` != 443 + ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;" + ); + + if ($ssldestport['port'] != '') { + $_sslport = ":".$ssldestport['port']; + } + + $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } if (preg_match('/^https?\:\/\//', $domain['documentroot'])) { diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index f1a82f82..756fd6c1 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -398,10 +398,24 @@ class nginx && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') { + // We must not check if our port differs from port 443, + // but if there is a destination-port != 443 $_sslport = ''; - if ($domain['port'] != '443') { - $_sslport = ":".$domain['port']; + // This returns the first port that is != 443 with ssl enabled, if any + // ordered by ssl-certificate (if any) so that the ip/port combo + // with certificate is used + $ssldestport = $this->db->query_first( + "SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip` + LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`) + WHERE `dip`.`id_domain` = '".(int)$domain['id']."' + AND `ip`.`ssl` = '1' AND `ip`.`port` != 443 + ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;" + ); + + if ($ssldestport['port'] != '') { + $_sslport = ":".$ssldestport['port']; } + $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; }