| | |
|---|
| | | |
|---|
| | | $app->plugins->registerEvent('ftp_user_delete',$this->plugin_name,'ftp_user_delete'); |
|---|
| | | |
|---|
| | | $app->plugins->registerAction('php_ini_changed', $this->plugin_name, 'php_ini_changed'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check for php.ini changes |
|---|
| | | |
|---|
| | | |
|---|
| | | // Handle php.ini changes |
|---|
| | | function php_ini_changed($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('getconf'); |
|---|
| | | $web_config = $app->getconf->get_server_config($conf['server_id'], 'web'); |
|---|
| | | $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi'); |
|---|
| | | |
|---|
| | | /* $data contains an array with these keys: |
|---|
| | | * file -> full path of changed php_ini |
|---|
| | | * mode -> web_domain php modes to change (mod, fast-cgi, php-fpm or '' for all except 'mod') |
|---|
| | | * php_version -> php ini path that changed (additional php versions) |
|---|
| | | */ |
|---|
| | | |
|---|
| | | $qrystr = "SELECT * FROM web_domain WHERE custom_php_ini != ''"; |
|---|
| | | if($data['mode'] == 'mod') { |
|---|
| | | $qrystr .= " AND php = 'mod'"; |
|---|
| | | } elseif($data['mode'] == 'fast-cgi') { |
|---|
| | | $qrystr .= " AND php = 'fast-cgi'"; |
|---|
| | | if($data['php_version']) { |
|---|
| | | $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . "'"; |
|---|
| | | } |
|---|
| | | } elseif($data['mode'] == 'php-fpm') { |
|---|
| | | $qrystr .= " AND php = 'php-fpm'"; |
|---|
| | | if($data['php_version']) { |
|---|
| | | $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'"; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $qrystr .= " AND php != 'mod' AND php != 'fast-cgi'"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //** Get all the webs |
|---|
| | | $web_domains = $app->db->queryAllRecords($qrystr); |
|---|
| | | foreach($web_domains as $web_data) { |
|---|
| | | $custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$web_data['system_user']; |
|---|
| | | $web_folder = 'web'; |
|---|
| | | if($web_data['type'] == 'vhostsubdomain') { |
|---|
| | | $web_folder = $web_data['web_folder']; |
|---|
| | | $custom_php_ini_dir .= '_' . $web_folder; |
|---|
| | | } |
|---|
| | | if(!is_dir($web_config['website_basedir'].'/conf')) $app->system->mkdir($web_config['website_basedir'].'/conf'); |
|---|
| | | |
|---|
| | | |
|---|
| | | if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir); |
|---|
| | | $php_ini_content = ''; |
|---|
| | | if($web_data['php'] == 'mod') { |
|---|
| | | $master_php_ini_path = $web_config['php_ini_path_apache']; |
|---|
| | | } else { |
|---|
| | | if($web_data['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) { |
|---|
| | | $master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"]; |
|---|
| | | } else { |
|---|
| | | $master_php_ini_path = $web_config['php_ini_path_cgi']; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) { |
|---|
| | | $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n"; |
|---|
| | | } |
|---|
| | | $php_ini_content .= str_replace("\r",'',trim($web_data['custom_php_ini'])); |
|---|
| | | $app->system->file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content); |
|---|
| | | $app->log('Info: rewrote custom php.ini for web ' . $web_data['domain_id'] . ' (' . $web_data['domain'] . ').',LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(count($web_domains) > 0) { |
|---|
| | | //* We do not check the apache config here - we only changed the php.ini |
|---|
| | | //* Check if this is a chrooted setup |
|---|
| | | if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) { |
|---|
| | | $apache_chrooted = true; |
|---|
| | | $app->log('Info: Apache is chrooted.',LOGLEVEL_DEBUG); |
|---|
| | | } else { |
|---|
| | | $apache_chrooted = false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->log('Info: rewrote all php.ini and reloading apache now.',LOGLEVEL_DEBUG); |
|---|
| | | if($apache_chrooted) { |
|---|
| | | $app->services->restartServiceDelayed('httpd','restart'); |
|---|
| | | } else { |
|---|
| | | // request a httpd reload when all records have been processed |
|---|
| | | $app->services->restartServiceDelayed('httpd','reload'); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $app->log('Info: No webs affected by php.ini change.',LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Handle the creation of SSL certificates |
|---|
| | | function ssl($event_name,$data) { |
|---|
| | | global $app, $conf; |
|---|
| | |
|---|
| | | $app->uses('getconf'); |
|---|
| | | $web_config = $app->getconf->get_server_config($conf['server_id'], 'web'); |
|---|
| | | if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf')) |
|---|
| | | $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR); |
|---|
| | | $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR); |
|---|
| | | |
|---|
| | | //* Only vhosts can have a ssl cert |
|---|
| | | if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return; |
|---|
| | |
|---|
| | | |
|---|
| | | $rand_file = escapeshellcmd($rand_file); |
|---|
| | | $key_file = escapeshellcmd($key_file); |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') != false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate |
|---|
| | | $key_file2 = escapeshellcmd($key_file2); |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') != false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') !== false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate |
|---|
| | | $ssl_days = 3650; |
|---|
| | | $csr_file = escapeshellcmd($csr_file); |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($csr_file, '/ssl/\*.') != false) $csr_file = str_replace('/ssl/\*.', '/ssl/*.', $csr_file); // wildcard certificate |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($csr_file, '/ssl/\*.') !== false) $csr_file = str_replace('/ssl/\*.', '/ssl/*.', $csr_file); // wildcard certificate |
|---|
| | | $config_file = escapeshellcmd($ssl_cnf_file); |
|---|
| | | $crt_file = escapeshellcmd($crt_file); |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($crt_file, '/ssl/\*.') != false) $crt_file = str_replace('/ssl/\*.', '/ssl/*.', $crt_file); // wildcard certificate |
|---|
| | | if(substr($domain, 0, 2) == '*.' && strpos($crt_file, '/ssl/\*.') !== false) $crt_file = str_replace('/ssl/\*.', '/ssl/*.', $crt_file); // wildcard certificate |
|---|
| | | |
|---|
| | | if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) { |
|---|
| | | |
|---|
| | |
|---|
| | | //* Write the key file, if field is empty then import the key into the db |
|---|
| | | if(trim($data["new"]["ssl_key"]) != '') { |
|---|
| | | $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]); |
|---|
| | | $app->system->chmod($key_file2,0400); |
|---|
| | | } else { |
|---|
| | | $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2)); |
|---|
| | | /* Update the DB of the (local) Server */ |
|---|
| | |
|---|
| | | $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* add the Apache user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update |
|---|
| | | if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); |
|---|
| | | |
|---|
| | | //* If the security level is set to high |
|---|
| | | if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) { |
|---|
| | |
|---|
| | | $app->system->server_conf['group_datei'] = $tmp_groupfile; |
|---|
| | | unset($tmp_groupfile); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* add the Apache user to the client group |
|---|
| | | $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); |
|---|
| | | |
|---|
| | | //* Chown all default directories |
|---|
| | | $app->system->chown($data['new']['document_root'],'root'); |
|---|
| | |
|---|
| | | //* Create custom php.ini |
|---|
| | | if(trim($data['new']['custom_php_ini']) != '') { |
|---|
| | | $has_custom_php_ini = true; |
|---|
| | | if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir); |
|---|
| | | if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir); |
|---|
| | | $php_ini_content = ''; |
|---|
| | | if($data['new']['php'] == 'mod') { |
|---|
| | | $master_php_ini_path = $web_config['php_ini_path_apache']; |
|---|
| | |
|---|
| | | |
|---|
| | | // Rewriting |
|---|
| | | if($alias['redirect_type'] != '' && $alias['redirect_path'] != '') { |
|---|
| | | if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $data['new']['redirect_path'])) $alias['redirect_path'] .= '/'; |
|---|
| | | if(substr($alias['redirect_path'],-1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $alias['redirect_path'])) $alias['redirect_path'] .= '/'; |
|---|
| | | if(substr($alias['redirect_path'],0,8) == '[scheme]'){ |
|---|
| | | $rewrite_target = 'http'.substr($alias['redirect_path'],8); |
|---|
| | | $rewrite_target_ssl = 'https'.substr($alias['redirect_path'],8); |
|---|
| | |
|---|
| | | |
|---|
| | | if (!is_dir($cgi_starter_path)) { |
|---|
| | | $app->system->mkdirpath($cgi_starter_path); |
|---|
| | | $app->system->chmod($cgi_starter_script,0755); |
|---|
| | | $app->system->chown($cgi_starter_script,$data['new']['system_user']); |
|---|
| | | $app->system->chgrp($cgi_starter_script,$data['new']['system_group']); |
|---|
| | | $app->system->chown($cgi_starter_path,$data['new']['system_user']); |
|---|
| | | $app->system->chgrp($cgi_starter_path,$data['new']['system_group']); |
|---|
| | | $app->system->chmod($cgi_starter_path,0755); |
|---|
| | | |
|---|
| | | $app->log('Creating cgi starter script directory: '.$cgi_starter_path,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | |
|---|
| | | if(count($ipv4_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv4_ssl_alias_seo_redirects); |
|---|
| | | $vhosts[] = $tmp_vhost_arr; |
|---|
| | | unset($tmp_vhost_arr, $ipv4_ssl_alias_seo_redirects); |
|---|
| | | $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Add vhost for IPv6 IP |
|---|
| | | if($data['new']['ipv6_address'] != '') { |
|---|
| | | if ($conf['serverconfig']['web']['vhost_rewrite_v6'] == 'y') { |
|---|
| | | if (isset($conf['serverconfig']['server']['v6_prefix']) && $conf['serverconfig']['server']['v6_prefix'] <> '') { |
|---|
| | | $explode_v6prefix=explode(':',$conf['serverconfig']['server']['v6_prefix']); |
|---|
| | | $explode_v6=explode(':',$data['new']['ipv6_address']); |
|---|
| | | |
|---|
| | | for ( $i = 0; $i <= count($explode_v6prefix)-3; $i++ ) { |
|---|
| | | $explode_v6[$i] = $explode_v6prefix[$i]; |
|---|
| | | } |
|---|
| | | $data['new']['ipv6_address'] = implode(':',$explode_v6); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | //* Add vhost for IPv6 IP
|
|---|
| | | if($data['new']['ipv6_address'] != '') {
|
|---|
| | | if ($conf['serverconfig']['web']['vhost_rewrite_v6'] == 'y') {
|
|---|
| | | if (isset($conf['serverconfig']['server']['v6_prefix']) && $conf['serverconfig']['server']['v6_prefix'] <> '') {
|
|---|
| | | $explode_v6prefix=explode(':',$conf['serverconfig']['server']['v6_prefix']);
|
|---|
| | | $explode_v6=explode(':',$data['new']['ipv6_address']);
|
|---|
| | |
|
|---|
| | | for ( $i = 0; $i <= count($explode_v6prefix)-3; $i++ ) {
|
|---|
| | | $explode_v6[$i] = $explode_v6prefix[$i];
|
|---|
| | | }
|
|---|
| | | $data['new']['ipv6_address'] = implode(':',$explode_v6);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | $tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80); |
|---|
| | | if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules); |
|---|
| | | if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects); |
|---|
| | |
|---|
| | | if($web_config['check_apache_config'] == 'y') { |
|---|
| | | //* Test if apache starts with the new configuration file |
|---|
| | | $apache_online_status_before_restart = $this->_checkTcp('localhost',80); |
|---|
| | | $app->log('Apache status is: '.$apache_online_status_before_restart,LOGLEVEL_DEBUG); |
|---|
| | | $app->log('Apache status is: '.($apache_online_status_before_restart === true? 'running' : 'down'),LOGLEVEL_DEBUG); |
|---|
| | | |
|---|
| | | $app->services->restartService('httpd','restart'); |
|---|
| | | $retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure |
|---|
| | | $app->log('Apache restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG); |
|---|
| | | |
|---|
| | | // wait a few seconds, before we test the apache status again |
|---|
| | | $apache_online_status_after_restart = false; |
|---|
| | |
|---|
| | | sleep(1); |
|---|
| | | } |
|---|
| | | //* Check if apache restarted successfully if it was online before |
|---|
| | | $app->log('Apache online status after restart is: '.$apache_online_status_after_restart,LOGLEVEL_DEBUG); |
|---|
| | | if($apache_online_status_before_restart && !$apache_online_status_after_restart) { |
|---|
| | | $app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN); |
|---|
| | | $app->log('Apache online status after restart is: '.($apache_online_status_after_restart === true? 'running' : 'down'),LOGLEVEL_DEBUG); |
|---|
| | | if($apache_online_status_before_restart && !$apache_online_status_after_restart || $retval['retval'] > 0) { |
|---|
| | | $app->log('Apache did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN); |
|---|
| | | if(is_array($retval['output']) && !empty($retval['output'])){ |
|---|
| | | $app->log('Reason for Apache restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN); |
|---|
| | | $app->dbmaster->datalogError(implode("\n", $retval['output'])); |
|---|
| | | } else { |
|---|
| | | // if no output is given, check again |
|---|
| | | $webserver_binary = ''; |
|---|
| | | exec('which apache2ctl', $webserver_check_output, $webserver_check_retval); |
|---|
| | | if($webserver_check_retval == 0){ |
|---|
| | | $webserver_binary = 'apache2ctl'; |
|---|
| | | } else { |
|---|
| | | unset($webserver_check_output, $webserver_check_retval); |
|---|
| | | exec('which apache2', $webserver_check_output, $webserver_check_retval); |
|---|
| | | if($webserver_check_retval == 0){ |
|---|
| | | $webserver_binary = 'apache2'; |
|---|
| | | } else { |
|---|
| | | unset($webserver_check_output, $webserver_check_retval); |
|---|
| | | exec('which httpd2', $webserver_check_output, $webserver_check_retval); |
|---|
| | | if($webserver_check_retval == 0){ |
|---|
| | | $webserver_binary = 'httpd2'; |
|---|
| | | } else { |
|---|
| | | unset($webserver_check_output, $webserver_check_retval); |
|---|
| | | exec('which httpd', $webserver_check_output, $webserver_check_retval); |
|---|
| | | if($webserver_check_retval == 0){ |
|---|
| | | $webserver_binary = 'httpd'; |
|---|
| | | } else { |
|---|
| | | unset($webserver_check_output, $webserver_check_retval); |
|---|
| | | exec('which apache', $webserver_check_output, $webserver_check_retval); |
|---|
| | | if($webserver_check_retval == 0){ |
|---|
| | | $webserver_binary = 'apache'; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($webserver_binary != ''){ |
|---|
| | | exec($webserver_binary.' -t 2>&1', $tmp_output, $tmp_retval); |
|---|
| | | if($tmp_retval > 0 && is_array($tmp_output) && !empty($tmp_output)){ |
|---|
| | | $app->log('Reason for Apache restart failure: '.implode("\n", $tmp_output),LOGLEVEL_WARN); |
|---|
| | | $app->dbmaster->datalogError(implode("\n", $tmp_output)); |
|---|
| | | } |
|---|
| | | unset($tmp_output, $tmp_retval); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $app->system->copy($vhost_file,$vhost_file.'.err'); |
|---|
| | | if(is_file($vhost_file.'~')) { |
|---|
| | | //* Copy back the last backup file |
|---|
| | |
|---|
| | | $app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->_exec('groupdel client'.$client_id); |
|---|
| | | $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG); |
|---|
| | | if($app->system->is_group('client'.$client_id)){ |
|---|
| | | $this->_exec('groupdel client'.$client_id); |
|---|
| | | $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
