maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity
3,269 Commits 6 Branches 188 Tags
547140bafb4e936cfc469858e4b11e9ef93c207b
Commit Graph

135 Commits

Author SHA1 Message Date
Michael Kaufmann (d00p)
d6b56262ce fix unnecessary idn encoding 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-11-04 18:28:32 +01:00
Michael Kaufmann (d00p)
76c200a56c disable tlsv1.1 for ssl settings 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-10-31 11:17:56 +01:00
Michael Kaufmann (d00p)
fc2ae594cb enable custom redirect codes also for nginx 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-10-13 09:51:57 +02:00
Michael Kaufmann (d00p)
91c2d4efbe do not redirect when requesting let's encrypt certificates in nginx (same as we do in apache) 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-10-11 07:49:52 +02:00
Florian Aders
75d8d0b397 Fix sslsettings in hsts for nginx 2016-10-07 19:08:32 +02:00
Michael Kaufmann (d00p)
4a3e02c1f0 add HSTS for domains (admin-side) and froxlor-vhost; fixes #1660 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-10-07 11:01:45 +02:00
Michael Kaufmann (d00p)
9799e05ce4 idna convert the whole URI for uri's in docroot as redirect, fixes #1654 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-22 07:46:50 +02:00
Michael Kaufmann (d00p)
58835ef81f Warning: Non-standard capitalization of includeSubDomains 
Header contains the token . The recommended capitalization is .

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-19 10:03:44 +02:00
Daniel Reichelt
ec474e2b4c fix "Could not find class 'System'" exceptions 2016-09-16 18:53:29 +02:00
Daniel Reichelt
41e769d681 cron/nginx: remove ssl_client_certificate 
Adding the CA certificate to an nginx vhost via ssl_client_certificate is
outright wrong. Moreover, the CA certificate data is already written to
the certificate file itself (class.DomainSSL.php:83-85).

fixes #1650
 2016-09-16 07:51:18 +02:00
Daniel Reichelt
d8b6d87ade cron/nginx: remove echo'ed messages 
they already get logged
 2016-09-16 07:51:17 +02:00
Michael Kaufmann (d00p)
4229d8dda4 make path to acme.conf global alias file customizable 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-12 11:49:07 +02:00
Michael Kaufmann (d00p)
b8c2047379 try to implement ssl-redirect for froxlor-vhost; combine various settings that are froxlor-vhost related into its own category, fixes #1480 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-11 17:48:08 +02:00
Daniel Reichelt
d56afda274 fix "undefined index" warnings 
PHP Notice:  Undefined index: parentdomainid in
[…]/froxlor/lib/classes/webserver/class.DomainSSL.php on line 49
 2016-09-11 02:27:43 +02:00
Michael Kaufmann (d00p)
e4887362ec added let's encrypt for froxlor vhost - untested for now, testers are welcome 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-05 17:01:10 +02:00
Dominic
e31c828f35 Fixed formatting 
Nothing added, just a formatting fix
 2016-08-06 06:31:15 +02:00
Michael Kaufmann (d00p)
7ec777c9dd put index back in location-context; try_files not really necessary if not using PHP, also eases use of proxy_pass users; thx to karstenk 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-06-20 09:55:27 +02:00
Michael Kaufmann (d00p)
88ccf5b869 don't generate unnecessary php-related vhost-entries when php is disabled, thx to karstenk 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-06-14 07:29:38 +02:00
Michael Kaufmann (d00p)
0e79e8d670 fix default_server parameter for listen-statement in nginx since this changed since ngninx-0.8.21; fixes #1621 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-05-09 08:08:59 +02:00
Michael Kaufmann (d00p)
28f0c3eac4 only include acme.conf to vhosts if system has ssl and LE enabled (might not exist if not) 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-04-15 15:09:11 +02:00
Michael Kaufmann (d00p)
f9d949f90c Revert "Merge pull request #318 from Churro/froxlorMerge_33ab67a" 
This reverts commit 4f2ee129fd, reversing
changes made to f284d67843.
 2016-03-03 23:38:02 +01:00
Michael Kaufmann (d00p)
f6e519d779 Revert "Merge pull request #326 from Churro/froxlorMerge_vhostTemplates" 
This reverts commit 319668d384, reversing
changes made to aa592c7369.

Conflicts:
	install/froxlor.sql
	install/updates/froxlor/0.9/update_0.9.inc.php
	lib/version.inc.php
 2016-03-03 23:31:19 +01:00
Johannes Feichtner
101e791add Vhost templates: Extended the cron scripts to check for the designated webserver and referential integrity 2016-02-27 20:19:50 +01:00
Michael Kaufmann
4f2ee129fd Merge pull request #318 from Churro/froxlorMerge_33ab67a 
Feature: vHost templates (version 2)
 2016-02-26 19:16:49 +01:00
Evi Vanoost
83fd1ab0ca class.lescript.php: OpenSSL requires integer for key size. DB returns string. Cast string to integer 
trusty.xml: All files in conf.d get automatically included causing the location to be out of place and nginx fails to start
cron_tasks.inc.http.30.nginx.php: Location directives should be included in a host, nginx doesn't have the concept of global location directives in the way apache does
 2016-02-21 18:55:02 -05:00
Johannes Feichtner
abe253bc31 Feature: Vhost templates 
Reworked the initial implementation by hpmewes (https://github.com/Froxlor/Froxlor/pull/233) with
- bugfixes all over
- added support for apache and lighttpd also
- added an update sequence (instead of only modifying froxlor.sql)
- added english language variables
- added missing parts in admin_vhostsettings.php
- added parameter replacements as available since PR 244
 2016-02-21 14:53:24 +01:00
Michael Kaufmann
d7ca3a0f1c Merge pull request #303 from Churro/froxlorMerge 
Nginx: Fix for redundantly inserted auth blocks
 2016-02-21 13:09:29 +01:00
Michael Kaufmann
5c90c3aa97 Merge pull request #315 from Churro/froxlorMerge_d02a076 
Nginx: Set default curve to secp384r1
 2016-02-21 08:09:06 +01:00
Michael Kaufmann
b5e739620d Merge pull request #310 from Churro/froxlorMerge_fe8093f 
Nginx: Avoid multiple index directives (common pitfall)
 2016-02-21 08:07:58 +01:00
Johannes Feichtner
a328a95c01 Set default curve to secp384r1 2016-02-21 01:23:18 +01:00
Johannes Feichtner
c27589e8c2 Set correct error log levels (LOG_ERR instead of LOG_ERROR) 2016-02-20 20:57:31 +01:00
Johannes Feichtner
1ace011ad2 Nginx: Avoid multiple index directives (common pitfall) 2016-02-20 20:40:38 +01:00
Johannes Feichtner
a641dfbfc8 Security-critical fix: Nginx directory protection did not prevent access to 
PHP scripts

Although the implemented direction protection posed a prompt when
accessing the http://...com/protectedir/
it was still possible to call http://...com/protectedir/script.php

This vulnerability emerges from the precedence order of "location"
statements. The RegEx matching the PHP script is triggered before the
directory protection is evaluated. As a result, the PHP script is
interpreted and path parsing stops due to the circumflex (see
http://nginx.org/en/docs/http/ngx_http_core_module.html#location).

The fix involves adding a PHP parsing snippet to every protected
block. In order to prevent PHP-related config params repeatedly, the
required section is referenced using a prefix.
 2016-02-20 19:25:49 +01:00
Johannes Feichtner
4692d7ef2a Nginx: Changed inefficient RegEx redirect to equivalent 301 2016-02-20 17:30:26 +01:00
Johannes Feichtner
3b9201fb91 Nginx: Fix for redundantly inserted auth blocks 
The problem occurs if a Vhost is assigned multiple different auth names
in Froxlor. Each block is then added repeatedly, leading to an
unparseable configuration
 2016-02-20 17:21:54 +01:00
Florian Aders
e621e02f92 Allow selecting new keysize, fixes #1594 
Prepare database and cron for HSTS, refs #1593
Added option to re-use key and CSR for Let's Encrypt

Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 17:35:44 +01:00
Daniel Reichelt
e306425428 remove now superfluous $debugHandler fields 2016-02-16 16:24:07 +01:00
Daniel Reichelt
f86a115c6a cron scripts: replace fwrite'ing to lockfile by logging 2016-02-16 16:24:06 +01:00
root
0fbbd8dae7 Fixes nginx error due to duplicate fastcgi parameters 2016-02-10 13:28:25 -05:00
Stefan Weil
ddd4c2ad3d Fix typo in comment 
Signed-off-by: Stefan Weil <sw@weilnetz.de>
 2016-01-25 17:15:17 +01:00
Michael Kaufmann (d00p)
efdb3623e1 fix return value usage in write-context 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-01-18 10:51:39 +01:00
Christian Becker
6996f6516c fix ssl setttings for rewrite vhosts on nginx, fixes #1568 
- previously the ssl settings were missing in rewrite vhosts
- this caused ssl errors for these hosts as the default certificate has been used instead of the vhost specific cert.
- this seem to only apply for nginx, not apache
 2015-11-14 14:10:23 +01:00
Michael Kaufmann (d00p)
0939d032a5 fix wrong vhost creation with nginx when customer is deactivated and no docroot for deactivated users was given, fixes #1565 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2015-11-12 08:42:32 +01:00
Frank Gehann
7cf321b24a Fixed composeSslSettings which used variables not available in the function scope. 2015-08-16 15:45:48 +02:00
Chris Vigelius
19d94471d9 Merge branch 'master' into vhost_config_variables, and replace IS_SSL with SCHEME 
Conflicts (resolved):
	lng/english.lng.php
	lng/german.lng.php
 2015-07-30 11:35:26 +02:00
Michael Kaufmann (d00p)
26a41a0672 check for existence of ssl-related files for ip/port vhost in order to avoid the webserver to be unable to restart when the cronjob runs; fixes #1485 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2015-07-28 15:41:31 +02:00
Michael Kaufmann (d00p)
222841f09b solve sub-sub-domain-problem by dynamically assigning vhost-number in vhost-filename (the deeper the lower the number thus being included earlier), fixes #1535 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2015-07-28 15:11:55 +02:00
Chris Vigelius
89c4b969d1 make sure we fill all context parameters in any case 2015-07-06 21:21:07 +02:00
Chris Vigelius
9dbc04678c correct path for nginx 2015-07-06 17:16:49 +02:00
Chris Vigelius
ed9e524e03 use absolute path and require_once, instead of relative include 2015-07-06 17:09:49 +02:00