| | |
|---|
| | | $app->uses('getconf'); |
|---|
| | | $web_config = $app->getconf->get_server_config($conf['server_id'], 'web'); |
|---|
| | | if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf')) |
|---|
| | | $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR); |
|---|
| | | $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR); |
|---|
| | | |
|---|
| | | //* Only vhosts can have a ssl cert |
|---|
| | | if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return; |
|---|
| | |
|---|
| | | if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]); |
|---|
| | | //if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]); |
|---|
| | | if(trim($data["new"]["ssl_key"]) != '') $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]); |
|---|
| | | $app->system->chmod($key_file2,0400); |
|---|
| | | |
|---|
| | | // for nginx, bundle files have to be appended to the certificate file |
|---|
| | | if(trim($data["new"]["ssl_bundle"]) != ''){ |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($data['new']['document_root'] == '') { |
|---|
| | | $app->log('document_root not set',LOGLEVEL_WARN); |
|---|
| | | if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set',LOGLEVEL_WARN); |
|---|
| | | return 0; |
|---|
| | | } |
|---|
| | | if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') { |
|---|
| | |
|---|
| | | exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir); |
|---|
| | | |
|---|
| | | //* Change the home directory and group of the website user |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' && usermod'; |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' ; usermod'; |
|---|
| | | $command .= ' --home '.escapeshellcmd($data['new']['document_root']); |
|---|
| | | $command .= ' --gid '.escapeshellcmd($data['new']['system_group']); |
|---|
| | | $command .= ' '.escapeshellcmd($data['new']['system_user']); |
|---|
| | | $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null'; |
|---|
| | | exec($command); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path); |
|---|
| | | } // end copy error docs |
|---|
| | | |
|---|
| | | // Set the quota for the user |
|---|
| | | if($username != '' && $app->system->is_user($username)) { |
|---|
| | | // Set the quota for the user, but only for vhosts, not vhostsubdomains |
|---|
| | | if($username != '' && $app->system->is_user($username) && $data['new']['type'] == 'vhost') { |
|---|
| | | if($data['new']['hd_quota'] > 0) { |
|---|
| | | $blocks_soft = $data['new']['hd_quota'] * 1024; |
|---|
| | | $blocks_hard = $blocks_soft + 1024; |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* add the nginx user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update |
|---|
| | | if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user'])); |
|---|
| | | |
|---|
| | | //* If the security level is set to high |
|---|
| | | if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) { |
|---|
| | | |
|---|
| | |
|---|
| | | if($web_config['add_web_users_to_sshusers_group'] == 'y') { |
|---|
| | | $command = 'usermod'; |
|---|
| | | $command .= ' --groups sshusers'; |
|---|
| | | $command .= ' '.escapeshellcmd($data['new']['system_user']); |
|---|
| | | $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null'; |
|---|
| | | $this->_exec($command); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | //* add the nginx user to the client group in the chroot environment |
|---|
| | | $tmp_groupfile = $app->system->server_conf['group_datei']; |
|---|
| | | $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group'; |
|---|
| | | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); |
|---|
| | | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user'])); |
|---|
| | | $app->system->server_conf['group_datei'] = $tmp_groupfile; |
|---|
| | | unset($tmp_groupfile); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* add the nginx user to the client group |
|---|
| | | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user'])); |
|---|
| | | |
|---|
| | | //* Chown all default directories |
|---|
| | | $app->system->chown($data['new']['document_root'],'root'); |
|---|
| | |
|---|
| | | if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf'); |
|---|
| | | if(trim($data['new']['custom_php_ini']) != '') { |
|---|
| | | $has_custom_php_ini = true; |
|---|
| | | if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir); |
|---|
| | | if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir); |
|---|
| | | $php_ini_content = ''; |
|---|
| | | if($data['new']['php'] == 'mod') { |
|---|
| | | $master_php_ini_path = $web_config['php_ini_path_apache']; |
|---|
| | |
|---|
| | | |
|---|
| | | // backwards compatibility; since ISPConfig 3.0.5, the PHP mode for nginx is called 'php-fpm' instead of 'fast-cgi'. The following line makes sure that old web sites that have 'fast-cgi' in the database still get PHP-FPM support. |
|---|
| | | if($vhost_data['php'] == 'fast-cgi') $vhost_data['php'] = 'php-fpm'; |
|---|
| | | |
|---|
| | | // Custom rewrite rules |
|---|
| | | $final_rewrite_rules = array(); |
|---|
| | | $custom_rewrite_rules = $data['new']['rewrite_rules']; |
|---|
| | | // Make sure we only have Unix linebreaks |
|---|
| | | $custom_rewrite_rules = str_replace("\r\n", "\n", $custom_rewrite_rules); |
|---|
| | | $custom_rewrite_rules = str_replace("\r", "\n", $custom_rewrite_rules); |
|---|
| | | $custom_rewrite_rule_lines = explode("\n", $custom_rewrite_rules); |
|---|
| | | if(is_array($custom_rewrite_rule_lines) && !empty($custom_rewrite_rule_lines)){ |
|---|
| | | foreach($custom_rewrite_rule_lines as $custom_rewrite_rule_line){ |
|---|
| | | $final_rewrite_rules[] = array('rewrite_rule' => $custom_rewrite_rule_line); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $tpl->setLoop('rewrite_rules', $final_rewrite_rules); |
|---|
| | | |
|---|
| | | // Custom nginx directives |
|---|
| | | $final_nginx_directives = array(); |
|---|
| | |
|---|
| | | $nginx_online_status_before_restart = $this->_checkTcp('localhost',80); |
|---|
| | | $app->log('nginx status is: '.$nginx_online_status_before_restart,LOGLEVEL_DEBUG); |
|---|
| | | |
|---|
| | | $app->services->restartService('httpd','restart'); |
|---|
| | | $retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure |
|---|
| | | $app->log('nginx restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG); |
|---|
| | | |
|---|
| | | // wait a few seconds, before we test the apache status again |
|---|
| | | sleep(2); |
|---|
| | |
|---|
| | | //* Check if nginx restarted successfully if it was online before |
|---|
| | | $nginx_online_status_after_restart = $this->_checkTcp('localhost',80); |
|---|
| | | $app->log('nginx online status after restart is: '.$nginx_online_status_after_restart,LOGLEVEL_DEBUG); |
|---|
| | | if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) { |
|---|
| | | $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN); |
|---|
| | | if($nginx_online_status_before_restart && !$nginx_online_status_after_restart || $retval['retval'] > 0) { |
|---|
| | | $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN); |
|---|
| | | $app->system->copy($vhost_file,$vhost_file.'.err'); |
|---|
| | | if(is_array($retval['output']) && !empty($retval['output'])) $app->log('Reason for nginx restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN); |
|---|
| | | if(is_file($vhost_file.'~')) { |
|---|
| | | //* Copy back the last backup file |
|---|
| | | $app->system->copy($vhost_file.'~',$vhost_file); |
|---|
| | |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | //* We do not check the nginx config after changes (is faster) |
|---|
| | | if($nginx_chrooted) { |
|---|
| | | $app->services->restartServiceDelayed('httpd','reload'); |
|---|
| | | } else { |
|---|
| | | // request a httpd reload when all records have been processed |
|---|
| | | $app->services->restartServiceDelayed('httpd','reload'); |
|---|
| | | } |
|---|
| | | $app->services->restartServiceDelayed('httpd','reload'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* The vhost is written and apache has been restarted, so we |
|---|
| | |
|---|
| | | $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']); |
|---|
| | | } else { |
|---|
| | | // get log folder from /etc/fstab |
|---|
| | | /* |
|---|
| | | $bind_mounts = $app->system->file_get_contents('/etc/fstab'); |
|---|
| | | $bind_mount_lines = explode("\n", $bind_mounts); |
|---|
| | | if(is_array($bind_mount_lines) && !empty($bind_mount_lines)){ |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | */ |
|---|
| | | // we are deleting the parent domain, so we can delete everything in the log directory |
|---|
| | | $subdomain_hosts = array(); |
|---|
| | | $files = array_diff(scandir($data['old']['document_root'].'/'.$log_folder), array('.','..')); |
|---|
| | | if(is_array($files) && !empty($files)){ |
|---|
| | | foreach($files as $file){ |
|---|
| | | if(is_dir($data['old']['document_root'].'/'.$log_folder.'/'.$file)){ |
|---|
| | | $subdomain_hosts[] = $file; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id']; |
|---|
| | | $web_folder = $data['old']['web_folder']; |
|---|
| | | $log_folder .= '/' . $subdomain_host; |
|---|
| | | if(is_array($subdomain_hosts) && !empty($subdomain_hosts)){ |
|---|
| | | $log_folders = array(); |
|---|
| | | foreach($subdomain_hosts as $subdomain_host){ |
|---|
| | | $log_folders[] = $log_folder.'/'.$subdomain_host; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id']; |
|---|
| | | $log_folder .= '/' . $subdomain_host; |
|---|
| | | } |
|---|
| | | $web_folder = $data['old']['web_folder']; |
|---|
| | | unset($tmp); |
|---|
| | | unset($subdomain_hosts); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder)); |
|---|
| | | if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain'){ |
|---|
| | | if(is_array($log_folders) && !empty($log_folders)){ |
|---|
| | | foreach($log_folders as $log_folder){ |
|---|
| | | //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder)); |
|---|
| | | exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null'); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder)); |
|---|
| | | exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null'); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* remove mountpoint from fstab |
|---|
| | | $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind'; |
|---|
| | | $app->system->removeLine('/etc/fstab',$fstab_line); |
|---|
| | | if(is_array($log_folders) && !empty($log_folders)){ |
|---|
| | | foreach($log_folders as $log_folder){ |
|---|
| | | $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind'; |
|---|
| | | $app->system->removeLine('/etc/fstab',$fstab_line); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind'; |
|---|
| | | $app->system->removeLine('/etc/fstab',$fstab_line); |
|---|
| | | } |
|---|
| | | unset($log_folders); |
|---|
| | | |
|---|
| | | if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['parent_domain_id'] > 0) { |
|---|
| | | //* This is a alias domain or subdomain, so we have to update the website instead |
|---|
| | |
|---|
| | | $vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/httpd/'.$data['old']['domain']); |
|---|
| | | if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir,'..')) exec('rm -rf '.$vhost_logfile_dir); |
|---|
| | | $app->log('Removing website logfile directory: '.$vhost_logfile_dir,LOGLEVEL_DEBUG); |
|---|
| | | |
|---|
| | | |
|---|
| | | if($data['old']['type'] == 'vhost') { |
|---|
| | | //delete the web user |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' && userdel'; |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' ; userdel'; |
|---|
| | | $command .= ' '.escapeshellcmd($data['old']['system_user']); |
|---|
| | | exec($command); |
|---|
| | | if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command); |
|---|
| | |
|---|
| | | if(is_array($lines) && !empty($lines)){ |
|---|
| | | $linecount = sizeof($lines); |
|---|
| | | for($h=0;$h<$linecount;$h++){ |
|---|
| | | // remove comments |
|---|
| | | if(substr(trim($lines[$h]),0,1) == '#'){ |
|---|
| | | unset($lines[$h]); |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $lines[$h] = rtrim($lines[$h]); |
|---|
| | | /* |
|---|
| | | if(substr(ltrim($lines[$h]), 0, 8) == 'location' && strpos($lines[$h], '{') !== false && strpos($lines[$h], ';') !== false){ |
|---|
| | |
|---|
| | | $app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->_exec('groupdel client'.$client_id); |
|---|
| | | $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG); |
|---|
| | | if($app->system->is_group('client'.$client_id)){ |
|---|
| | | $this->_exec('groupdel client'.$client_id); |
|---|
| | | $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
