ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
mcramer
2013-07-16 2b91b03d06d6d30cc120406cf0e98bbeaaec5717 
 server/plugins-available/apache2_plugin.inc.php


@@ -100,7 +100,7 @@


      $app->uses('getconf');


      $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');


      if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))


         $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);	


         $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);	


      


      //* Only vhosts can have a ssl cert


      if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;


@@ -247,6 +247,7 @@


         //* Write the key file, if field is empty then import the key into the db


         if(trim($data["new"]["ssl_key"]) != '') {


            $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);


            $app->system->chmod($key_file2,0400);


         } else {


            $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));


            /* Update the DB of the (local) Server */


@@ -462,7 +463,7 @@


                exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);




                //* Change the home directory and group of the website user


                $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' && usermod';


                $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' ; usermod';


                $command .= ' --home '.escapeshellcmd($data['new']['document_root']);


                $command .= ' --gid '.escapeshellcmd($data['new']['system_group']);


                $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';


@@ -651,8 +652,8 @@


         exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);


      }  // end copy error docs




      // Set the quota for the user


      if($username != '' && $app->system->is_user($username)) {


      // Set the quota for the user, but only for vhosts, not vhostsubdomains


      if($username != '' && $app->system->is_user($username) && $data['new']['type'] == 'vhost') {


         if($data['new']['hd_quota'] > 0) {


            $blocks_soft = $data['new']['hd_quota'] * 1024;


            $blocks_hard = $blocks_soft + 1024;


@@ -673,6 +674,9 @@


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder);


         }


      }


		


      //* add the Apache user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update


      if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));




      //* If the security level is set to high


      if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {


@@ -716,9 +720,6 @@


               $app->system->server_conf['group_datei'] = $tmp_groupfile;


               unset($tmp_groupfile);


            }




            //* add the Apache user to the client group


            $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));


            


            //* Chown all default directories


            $app->system->chown($data['new']['document_root'],'root');


@@ -823,6 +824,8 @@


         $data['new']['custom_php_ini'] .= "\nopen_basedir = '".$data['new']['php_open_basedir']."'\n";


      }


      


      $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');


		


      if(trim($data['new']['fastcgi_php_version']) != ''){


         list($custom_fastcgi_php_name, $custom_fastcgi_php_executable, $custom_fastcgi_php_ini_dir) = explode(':', trim($data['new']['fastcgi_php_version']));


         if(is_file($custom_fastcgi_php_ini_dir)) $custom_fastcgi_php_ini_dir = dirname($custom_fastcgi_php_ini_dir);


@@ -832,7 +835,7 @@


      //* Create custom php.ini


      if(trim($data['new']['custom_php_ini']) != '') {


         $has_custom_php_ini = true;


         if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);


         if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);


         $php_ini_content = '';


         if($data['new']['php'] == 'mod') {


            $master_php_ini_path = $web_config['php_ini_path_apache'];


@@ -1030,7 +1033,7 @@


               


            // Rewriting


            if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') {


               if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $data['new']['redirect_path'])) $alias['redirect_path'] .= '/';


               if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $alias['redirect_path'])) $alias['redirect_path'] .= '/';


               if(substr($alias['redirect_path'],0,8) == '[scheme]'){


                  $rewrite_target = 'http'.substr($alias['redirect_path'],8);


                  $rewrite_target_ssl = 'https'.substr($alias['redirect_path'],8);


@@ -1114,7 +1117,6 @@


       */




      if ($data['new']['php'] == 'fast-cgi') {


         $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');




         $fastcgi_starter_path = str_replace('[system_user]',$data['new']['system_user'],$fastcgi_config['fastcgi_starter_path']);


         $fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);


@@ -1183,7 +1185,6 @@


      } else {


         //remove the php fastgi starter script if available


         if ($data['old']['php'] == 'fast-cgi') {


                $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');


                $fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$fastcgi_config['fastcgi_starter_path']);


                $fastcgi_starter_path = str_replace('[client_id]',$client_id,$fastcgi_starter_path);


                if($data['old']['type'] == 'vhost') {


@@ -1329,9 +1330,15 @@


      if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {


         $tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');


         if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);


         if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);


         $ipv4_ssl_alias_seo_redirects = $alias_seo_redirects;


         if(is_array($ipv4_ssl_alias_seo_redirects) && !empty($ipv4_ssl_alias_seo_redirects)){


            for($i=0;$i<count($ipv4_ssl_alias_seo_redirects);$i++){


               $ipv4_ssl_alias_seo_redirects[$i]['ssl_enabled'] = 1;


            }


         }


         if(count($ipv4_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv4_ssl_alias_seo_redirects);


         $vhosts[] = $tmp_vhost_arr;


         unset($tmp_vhost_arr);


         unset($tmp_vhost_arr, $ipv4_ssl_alias_seo_redirects);


         $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);



      }



      



@@ -1359,9 +1366,15 @@


         if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {


            $tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443');


            if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);


            if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);


            $ipv6_ssl_alias_seo_redirects = $alias_seo_redirects;


            if(is_array($ipv6_ssl_alias_seo_redirects) && !empty($ipv6_ssl_alias_seo_redirects)){


               for($i=0;$i<count($ipv6_ssl_alias_seo_redirects);$i++){


                  $ipv6_ssl_alias_seo_redirects[$i]['ssl_enabled'] = 1;


               }


            }


            if(count($ipv6_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv6_ssl_alias_seo_redirects);


            $vhosts[] = $tmp_vhost_arr;


            unset($tmp_vhost_arr);


            unset($tmp_vhost_arr, $ipv6_ssl_alias_seo_redirects);


            $app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);


         }


      }


@@ -1463,7 +1476,8 @@


         $apache_online_status_before_restart = $this->_checkTcp('localhost',80);


         $app->log('Apache status is: '.$apache_online_status_before_restart,LOGLEVEL_DEBUG);




         $app->services->restartService('httpd','restart');


         $retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure


         $app->log('Apache restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG);


         


         // wait a few seconds, before we test the apache status again


         $apache_online_status_after_restart = false;


@@ -1475,9 +1489,10 @@


         }


         //* Check if apache restarted successfully if it was online before


         $app->log('Apache online status after restart is: '.$apache_online_status_after_restart,LOGLEVEL_DEBUG);


         if($apache_online_status_before_restart && !$apache_online_status_after_restart) {


            $app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);


         if($apache_online_status_before_restart && !$apache_online_status_after_restart || $retval['retval'] > 0) {


            $app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);


            $app->system->copy($vhost_file,$vhost_file.'.err');


            if(is_array($retval['output']) && !empty($retval['output'])) $app->log('Reason for Apache restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN);


            if(is_file($vhost_file.'~')) {


               //* Copy back the last backup file


               $app->system->copy($vhost_file.'~',$vhost_file);


@@ -1563,6 +1578,7 @@


      $app->uses('getconf');


      $app->uses('system');


      $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');


      $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');


      


      if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain') $app->system->web_folder_protection($data['old']['document_root'],false);




@@ -1625,10 +1641,12 @@


      if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain'){


         if(is_array($log_folders) && !empty($log_folders)){


            foreach($log_folders as $log_folder){


               if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));


               //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));


               exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');


            }


         } else {


            if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));


            //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));


            exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');


         }


      }


      


@@ -1742,13 +1760,13 @@


         


                //remove the php fastgi starter script if available


                if ($data['old']['php'] == 'fast-cgi') {


                    $fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$web_config['fastcgi_starter_path']);


                    $fastcgi_starter_path = str_replace('[system_user]',$data['old']['system_user'],$fastcgi_config['fastcgi_starter_path']);


                    if($data['old']['type'] == 'vhost') {


                        if (is_dir($fastcgi_starter_path)) {


                            exec('rm -rf '.$fastcgi_starter_path);


                        }


                    } else {


                        $fcgi_starter_script = $fastcgi_starter_path.$web_config['fastcgi_starter_script'].'_web'.$data['old']['domain_id'];


                        $fcgi_starter_script = $fastcgi_starter_path.$fastcgi_config['fastcgi_starter_script'].'_web'.$data['old']['domain_id'];


                        if (file_exists($fcgi_starter_script)) {


                            exec('rm -f '.$fcgi_starter_script);


                        }


@@ -1808,7 +1826,7 @@


            


            if($data['old']['type'] == 'vhost') {


                //delete the web user


                $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' && userdel';


                $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' ; userdel';


                $command .= ' '.escapeshellcmd($data['old']['system_user']);


                exec($command);


                if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);


@@ -2751,8 +2769,10 @@


            $app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);


         }


         


         $this->_exec('groupdel client'.$client_id);


         $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);


         if($app->system->is_group('client'.$client_id)){


            $this->_exec('groupdel client'.$client_id);


            $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);


         }


      }


      


   }