ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Burkard
2016-04-20 67d99a763eb9f44d3ef4fd334d1293ae8ccd847e 
 server/plugins-available/nginx_plugin.inc.php


@@ -156,10 +156,10 @@




        [ req_distinguished_name ]


        C                      = ".trim($data['new']['ssl_country'])."


        ST                     = ".trim($data['new']['ssl_state'])."


        L                      = ".trim($data['new']['ssl_locality'])."


        O                      = ".trim($data['new']['ssl_organisation'])."


        OU                     = ".trim($data['new']['ssl_organisation_unit'])."


        " . (trim($data['new']['ssl_state']) == '' ? '' : "ST                     = ".trim($data['new']['ssl_state'])) . "


        " . (trim($data['new']['ssl_locality']) == '' ? '' : "L                      = ".trim($data['new']['ssl_locality']))."


        " . (trim($data['new']['ssl_organisation']) == '' ? '' : "O                      = ".trim($data['new']['ssl_organisation']))."


        " . (trim($data['new']['ssl_organisation_unit']) == '' ? '' : "OU                     = ".trim($data['new']['ssl_organisation_unit']))."


        CN                     = $domain


        emailAddress           = webmaster@".$data['new']['domain']."




@@ -889,42 +889,7 @@


         $app->system->chown('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log', 'root');


         $app->system->chgrp('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log', 'root');


      }




      // Change the ownership of the error log to the owner of the website


      /*


      if(!@is_file($data['new']['document_root'].'/log/error.log')) exec('touch '.escapeshellcmd($data['new']['document_root']).'/log/error.log');


      $app->system->chown($data['new']['document_root'].'/log/error.log',$username);


      $app->system->chgrp($data['new']['document_root'].'/log/error.log',$groupname);


      */






      /*


      //* Write the custom php.ini file, if custom_php_ini filed is not empty


      $custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];


      if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');


      if(trim($data['new']['custom_php_ini']) != '') {


         $has_custom_php_ini = true;


         if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);


         $php_ini_content = '';


         if($data['new']['php'] == 'mod') {


            $master_php_ini_path = $web_config['php_ini_path_apache'];


         } else {


            if($data["new"]['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {


               $master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];


            } else {


               $master_php_ini_path = $web_config['php_ini_path_cgi'];


            }


         }


         if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {


            $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";


         }


         $php_ini_content .= str_replace("\r",'',trim($data['new']['custom_php_ini']));


         $app->system->file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);


      } else {


         $has_custom_php_ini = false;


         if(is_file($custom_php_ini_dir.'/php.ini')) $app->system->unlink($custom_php_ini_dir.'/php.ini');


      }


      */


		




      //* Create the vhost config file


      $app->load('tpl');


@@ -1190,19 +1155,21 @@


      }


      


      // use vLib for template logic


      $nginx_directives_new = '';


      $ngx_conf_tpl = new tpl();


      $ngx_conf_tpl_tmp_file = tempnam($conf['temppath'], "ngx");


      file_put_contents($ngx_conf_tpl_tmp_file, $nginx_directives);


      $ngx_conf_tpl->newTemplate($ngx_conf_tpl_tmp_file);


      $ngx_conf_tpl->setVar('use_tcp', $use_tcp);


      $ngx_conf_tpl->setVar('use_socket', $use_socket);


      $ngx_conf_tpl->setVar('fpm_socket', $fpm_socket);


      $ngx_conf_tpl->setVar($vhost_data);


      $nginx_directives_new = $ngx_conf_tpl->grab();


      if(is_file($ngx_conf_tpl_tmp_file)) unlink($ngx_conf_tpl_tmp_file);


      if($nginx_directives_new != '') $nginx_directives = $nginx_directives_new;


      unset($nginx_directives_new);


      if(trim($nginx_directives) != '') {


         $nginx_directives_new = '';


         $ngx_conf_tpl = new tpl();


         $ngx_conf_tpl_tmp_file = tempnam($conf['temppath'], "ngx");


         file_put_contents($ngx_conf_tpl_tmp_file, $nginx_directives);


         $ngx_conf_tpl->newTemplate($ngx_conf_tpl_tmp_file);


         $ngx_conf_tpl->setVar('use_tcp', $use_tcp);


         $ngx_conf_tpl->setVar('use_socket', $use_socket);


         $ngx_conf_tpl->setVar('fpm_socket', $fpm_socket);


         $ngx_conf_tpl->setVar($vhost_data);


         $nginx_directives_new = $ngx_conf_tpl->grab();


         if(is_file($ngx_conf_tpl_tmp_file)) unlink($ngx_conf_tpl_tmp_file);


         if($nginx_directives_new != '') $nginx_directives = $nginx_directives_new;


         unset($nginx_directives_new);


      }


      


      // Make sure we only have Unix linebreaks


      $nginx_directives = str_replace("\r\n", "\n", $nginx_directives);


@@ -1232,14 +1199,7 @@




      $tpl->setVar('ssl_letsencrypt', "n");


      


      //* Generate Let's Encrypt SSL certificat


      if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active


         ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration


         || ($data['old']['domain'] != $data['new']['domain']) // we have domain update


         || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain


         || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain


      )) {




      if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {


         //* be sure to have good domain


         if(substr($domain, 0, 2) === '*.') {


            // wildcard domain not yet supported by letsencrypt!


@@ -1249,11 +1209,22 @@




         $data['new']['ssl_domain'] = $domain;


         $vhost_data['ssl_domain'] = $domain;


			


      }


		


      //* Generate Let's Encrypt SSL certificat


      if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active


         ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration


         || ($data['old']['domain'] != $data['new']['domain']) // we have domain update


         || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain


         || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain


         || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain


      )) {


         // default values


         $temp_domains = array();


         $lddomain = $domain;


         $subdomains = null;


         $lddomain     = $domain;


         $subdomains   = null;


         $aliasdomains = null;


         $sub_prefixes = array();




          //* be sure to have good domain


          if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {


@@ -1265,9 +1236,25 @@


         if(is_array($subdomains)) {


            foreach($subdomains as $subdomain) {


               $temp_domains[] = $subdomain['domain'];


               $sub_prefixes[] = str_replace($domain, "", $subdomain['domain']);


            }


          }


 




         //* then, add alias domain if we have


         $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'");


         if(is_array($aliasdomains)) {


            foreach($aliasdomains as $aliasdomain) {


               $temp_domains[] = $aliasdomain['domain'];


               if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) {


                  $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain'];


               }


					


               foreach($sub_prefixes as $s) {


                  $temp_domains[] = $s . $aliasdomain['domain'];


               }


            }


         }




         // prevent duplicate


         $temp_domains = array_unique($temp_domains);




@@ -1290,31 +1277,17 @@


         if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {


            $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);




            if(is_dir($webroot . "/.well-known/acme-challenge/")) {


               $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);


               $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");


            }




            $app->log("Create challenge directory", LOGLEVEL_DEBUG);


            $app->system->mkdirpath($webroot . "/.well-known/");


            $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);


            $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);


            $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");


            $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);


            $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);


            $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");


				


            if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {


               $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));


               $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");


            }


         };




         //* check is been correctly created


         if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {


               $date = date("YmdHis");


//* TODO: check if is a symlink, if target same keep it, either remove it


            $date = date("YmdHis");


            //* TODO: check if is a symlink, if target same keep it, either remove it


            if(is_file($key_file)) {


               $app->system->copy($key_file, $key_file.'.old'.$date);


               $app->system->copy($key_file, $key_file.'.old.'.$date);


               $app->system->chmod($key_file.'.old.'.$date, 0400);


               $app->system->unlink($key_file);


            }


@@ -2786,6 +2759,7 @@


         }


      }


      


      $custom_session_save_path = false;


      if($custom_php_ini_settings != ''){


         // Make sure we only have Unix linebreaks


         $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);


@@ -2801,6 +2775,7 @@


               $value = trim($value);


               if($value != ''){


                  $key = trim($key);


                  if($key == 'session.save_path') $custom_session_save_path = true;


                  switch (strtolower($value)) {


                  case '0':


                     // PHP-FPM might complain about invalid boolean value if you use 0


@@ -2822,6 +2797,8 @@


         }


      }




      $tpl->setVar('custom_session_save_path', ($custom_session_save_path ? 'y' : 'n'));




      $tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);




      $app->system->file_put_contents($pool_dir.$pool_name.'.conf', $tpl->grab());