implement per-domain-ssl-certificates in the cronjobs, refs #365
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -57,6 +57,32 @@ class ConfigIO {
|
||||
|
||||
// old htpasswd files
|
||||
$this->_cleanHtpasswdFiles();
|
||||
|
||||
// customer-specified ssl-certificates
|
||||
$this->_cleanCustomerSslCerts();
|
||||
}
|
||||
|
||||
/**
|
||||
* remove customer-specified auto-generated ssl-certificates
|
||||
* (they are being regenerated)
|
||||
*
|
||||
* @return null
|
||||
*/
|
||||
private function _cleanCustomerSslCerts() {
|
||||
|
||||
// get correct directory
|
||||
$configdir = $this->_getFile('system', 'customer_ssl_path');
|
||||
if ($configdir !== false) {
|
||||
|
||||
$configdir = makeCorrectDir($configdir);
|
||||
|
||||
if (@is_dir($configdir)) {
|
||||
// now get rid of old stuff
|
||||
//(but append /* so we don't delete the directory)
|
||||
$configdir.='/*';
|
||||
safe_exec('rm -rf '. makeCorrectFile($configdir));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -126,7 +152,7 @@ class ConfigIO {
|
||||
* @return null
|
||||
*/
|
||||
private function _cleanAwstatsFiles() {
|
||||
|
||||
|
||||
if ($this->_settings['system']['awstats_enabled'] == '0') {
|
||||
return;
|
||||
}
|
||||
@@ -182,13 +208,13 @@ class ConfigIO {
|
||||
if ($configdir !== false) {
|
||||
|
||||
$configdir = makeCorrectDir($configdir);
|
||||
|
||||
|
||||
if (@is_dir($configdir)) {
|
||||
// create directory iterator
|
||||
$its = new RecursiveIteratorIterator(
|
||||
new RecursiveDirectoryIterator($configdir)
|
||||
);
|
||||
|
||||
|
||||
// iterate through all subdirs,
|
||||
// look for php-fcgi-starter files
|
||||
// and take immutable-flag away from them
|
||||
@@ -199,7 +225,7 @@ class ConfigIO {
|
||||
removeImmutable($its->getPathname());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// now get rid of old stuff
|
||||
//(but append /* so we don't delete the directory)
|
||||
$configdir.='/*';
|
||||
|
||||
113
lib/classes/webserver/class.DomainSSL.php
Normal file
113
lib/classes/webserver/class.DomainSSL.php
Normal file
@@ -0,0 +1,113 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Michael Kaufmann <mkaufmann@nutime.de>
|
||||
* @author Froxlor team <team@froxlor.org> (2010-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Cron
|
||||
*
|
||||
* @since 0.9.29
|
||||
*
|
||||
*/
|
||||
|
||||
class DomainSSL {
|
||||
|
||||
/**
|
||||
* internal settings array
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private $_settings = null;
|
||||
|
||||
/**
|
||||
* internal database object
|
||||
*
|
||||
* @var db
|
||||
*/
|
||||
private $_db = null;
|
||||
|
||||
/**
|
||||
* constructor gets the froxlor settings as array
|
||||
* and the initialized database object
|
||||
*/
|
||||
public function __construct(array $settings = null, $db = null) {
|
||||
$this->_settings = $settings;
|
||||
$this->_db = $db;
|
||||
}
|
||||
|
||||
/**
|
||||
* read domain-related (or if empty, parentdomain-related) ssl-certificates from the database
|
||||
* and (if not empty) set the corresponding array-indices (ssl_cert_file, ssl_key_file,
|
||||
* ssl_ca_file and ssl_cert_chainfile). Hence the parameter as reference.
|
||||
*
|
||||
* @param array $domain domain-array as reference so we can set the corresponding array-indices
|
||||
*
|
||||
* @return null
|
||||
*/
|
||||
public function setDomainSSLFilesArray(array &$domain = null) {
|
||||
// check if the domain itself has a certificate defined
|
||||
$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['id']."'");
|
||||
if (!is_array($dom_certs)
|
||||
|| !isset($dom_certs['ssl_cert_file'])
|
||||
|| $dom_certs['ssl_cert_file'] == ''
|
||||
) {
|
||||
// maybe its parent?
|
||||
if ($domain['parentdomainid'] != 0) {
|
||||
$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['parentdomainid']."'");
|
||||
}
|
||||
}
|
||||
|
||||
// check if it's an array and if the most important field is set
|
||||
if (is_array($dom_certs)
|
||||
&& isset($dom_certs['ssl_cert_file'])
|
||||
&& $dom_certs['ssl_cert_file'] != ''
|
||||
) {
|
||||
// get destination path
|
||||
$sslcertpath = makeCorrectDir($this->_settings['system']['customer_ssl_path']);
|
||||
// create path if it does not exist
|
||||
if (!file_exists($sslcertpath)) {
|
||||
safe_exec('mkdir -p '.escapeshellarg($sslcertpath));
|
||||
}
|
||||
// make correct files for the certificates
|
||||
$ssl_files = array(
|
||||
'ssl_cert_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.crt'),
|
||||
'ssl_key_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.key')
|
||||
);
|
||||
// initialize optional files
|
||||
$ssl_files['ssl_ca_file'] = '';
|
||||
$ssl_files['ssl_cert_chainfile'] = '';
|
||||
// set them if they are != empty
|
||||
if ($dom_certs['ssl_ca_file'] != '') {
|
||||
$ssl_files['ssl_ca_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_CA.pem');
|
||||
}
|
||||
if ($dom_certs['ssl_cert_chainfile'] != '') {
|
||||
$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
|
||||
}
|
||||
// create them on the filesystem
|
||||
foreach ($ssl_files as $type => $filename) {
|
||||
if ($filename != '') {
|
||||
touch($filename);
|
||||
$_fh = fopen($filename, 'w');
|
||||
fwrite($_fh, $dom_certs[$type]);
|
||||
fclose($_fh);
|
||||
chmod($filename, 0600);
|
||||
}
|
||||
}
|
||||
// override corresponding array values
|
||||
$domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];
|
||||
$domain['ssl_key_file'] = $ssl_files['ssl_key_file'];
|
||||
$domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];
|
||||
$domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
@@ -603,6 +603,12 @@ class apache
|
||||
// #418
|
||||
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
|
||||
|
||||
// SSL STUFF
|
||||
$dssl = new DomainSSL($this->settings, $this->db);
|
||||
// this sets the ssl-related array-indices in the $domain array
|
||||
// if the domain has customer-defined ssl-certificates
|
||||
$dssl->setDomainSSLFilesArray($domain);
|
||||
|
||||
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
|
||||
} else {
|
||||
|
||||
@@ -397,6 +397,12 @@ class lighttpd
|
||||
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
|
||||
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
|
||||
|
||||
// SSL STUFF
|
||||
$dssl = new DomainSSL($this->settings, $this->db);
|
||||
// this sets the ssl-related array-indices in the $domain array
|
||||
// if the domain has customer-defined ssl-certificates
|
||||
$dssl->setDomainSSLFilesArray($domain);
|
||||
|
||||
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
|
||||
} else {
|
||||
|
||||
@@ -364,6 +364,12 @@ class nginx
|
||||
$domain['port'] = $ipandport['port'];
|
||||
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
|
||||
|
||||
// SSL STUFF
|
||||
$dssl = new DomainSSL($this->settings, $this->db);
|
||||
// this sets the ssl-related array-indices in the $domain array
|
||||
// if the domain has customer-defined ssl-certificates
|
||||
$dssl->setDomainSSLFilesArray($domain);
|
||||
|
||||
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user