ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Cramer
2015-01-05 dee987b263b021b990ea4c62cb15be47c6d61fb5 
 server/plugins-available/nginx_plugin.inc.php


@@ -147,6 +147,7 @@




        [ req ]


        default_bits           = 2048


      default_md             = sha256


        default_keyfile        = keyfile.pem


        distinguished_name     = req_distinguished_name


        attributes             = req_attributes


@@ -170,30 +171,34 @@




         $rand_file = escapeshellcmd($rand_file);


         $key_file = escapeshellcmd($key_file);


         $openssl_cmd_key_file = $key_file;


         if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate


         $key_file2 = escapeshellcmd($key_file2);


         $openssl_cmd_key_file2 = $key_file2;


         if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') !== false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate


         $ssl_days = 3650;


         $csr_file = escapeshellcmd($csr_file);


         $openssl_cmd_csr_file = $csr_file;


         if(substr($domain, 0, 2) == '*.' && strpos($csr_file, '/ssl/\*.') !== false) $csr_file = str_replace('/ssl/\*.', '/ssl/*.', $csr_file); // wildcard certificate


         $config_file = escapeshellcmd($ssl_cnf_file);


         $crt_file = escapeshellcmd($crt_file);


         $openssl_cmd_crt_file = $crt_file;


         if(substr($domain, 0, 2) == '*.' && strpos($crt_file, '/ssl/\*.') !== false) $crt_file = str_replace('/ssl/\*.', '/ssl/*.', $crt_file); // wildcard certificate




         if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {




            exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");


            exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");


            exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");


            exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $openssl_cmd_key_file 2048");


            exec("openssl req -new -sha256 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -out $openssl_cmd_csr_file -days $ssl_days -config $config_file");


            exec("openssl rsa -passin pass:$ssl_password -in $openssl_cmd_key_file -out $openssl_cmd_key_file2");




            if(file_exists($web_config['CA_path'].'/openssl.cnf'))


            {


               exec("openssl ca -batch -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file");


               exec("openssl ca -batch -out $openssl_cmd_crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $openssl_cmd_csr_file");


               $app->log("Creating CA-signed SSL Cert for: $domain", LOGLEVEL_DEBUG);


               if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed.  openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file", LOGLEVEL_ERROR);


               if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed.  openssl ca -out $openssl_cmd_crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $openssl_cmd_csr_file", LOGLEVEL_ERROR);


            };


            if (@filesize($crt_file)==0 || !file_exists($crt_file)){


               exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");


               exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -in $openssl_cmd_csr_file -out $openssl_cmd_crt_file -days $ssl_days -config $config_file ");


               $app->log("Creating self-signed SSL Cert for: $domain", LOGLEVEL_DEBUG);


            };




@@ -274,7 +279,7 @@


         //$bundle_file = $ssl_dir.'/'.$domain.'.bundle';


         if(file_exists($web_config['CA_path'].'/openssl.cnf') && !is_link($web_config['CA_path'].'/openssl.cnf'))


         {


            exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke $crt_file");


            exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke ".escapeshellcmd($crt_file));


            $app->log("Revoking CA-signed SSL Cert for: $domain", LOGLEVEL_DEBUG);


         };


         $app->system->unlink($csr_file);


@@ -351,10 +356,13 @@


         if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') $app->log('document_root not set', LOGLEVEL_WARN);


         return 0;


      }


      if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {


         $app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);




      if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false


         || $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {


         $app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);


         return 0;


      }




      if(trim($data['new']['domain']) == '') {


         $app->log('domain is empty', LOGLEVEL_WARN);


         return 0;


@@ -465,6 +473,9 @@


               $app->system->rename($data['new']['document_root'], $data['new']['document_root'].'_bak_'.date('Y_m_d_H_i_s'));


               $app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d_H_i_s'), LOGLEVEL_DEBUG);


            }


				


            //* Unmount the old log directory bfore we move the log dir


            exec('umount '.escapeshellcmd($old_dir.'/log'));




            //* Create new base directory, if it does not exist yet


            if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);


@@ -490,12 +501,26 @@


         if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);




         //* Change the log mount


         /*


         $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.'    none    bind';


         $app->system->removeLine('/etc/fstab', $fstab_line);


         $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.'    none    bind,nobootwait';


         $app->system->removeLine('/etc/fstab', $fstab_line);


         $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind,nobootwait,_netdev    0 0';


         $app->system->replaceLine('/etc/fstab', $fstab_line, $fstab_line, 1, 1);


         $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.'    none    bind,nobootwait';


         $app->system->removeLine('/etc/fstab', $fstab_line);


         */


			


         $fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.'    none    bind';


			


         if($web_config['network_filesystem'] == 'y') {


            $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind,nobootwait,_netdev    0 0';


            $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);


         } else {


            $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind,nobootwait    0 0';


            $app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);


         }


			


         exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));




      }




@@ -635,9 +660,9 @@


            if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {


               exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


            }


            if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {


               exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


            }


            //if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {


            //   exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


            //}


         }


         else {


            if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {


@@ -647,7 +672,7 @@


               exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');


               if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


               if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


               if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


               //if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


            }


         }


         exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');


@@ -708,13 +733,13 @@


         if($web_config['security_level'] == 20) {




            $app->system->chmod($data['new']['document_root'], 0755);


            $app->system->chmod($data['new']['document_root'].'/web', 0711);


            $app->system->chmod($data['new']['document_root'].'/web', 0751);


            //$app->system->chmod($data['new']['document_root'].'/webdav',0710);


            $app->system->chmod($data['new']['document_root'].'/private', 0710);


            $app->system->chmod($data['new']['document_root'].'/ssl', 0755);




            // make tmp directory writable for nginx and the website users


            $app->system->chmod($data['new']['document_root'].'/tmp', 0777);


            $app->system->chmod($data['new']['document_root'].'/tmp', 0770);




            // Set Log directory to 755 to make the logs accessible by the FTP user


            if(realpath($data['new']['document_root'].'/'.$log_folder . '/error.log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {


@@ -774,7 +799,7 @@


            $app->system->chmod($data['new']['document_root'].'/cgi-bin', 0755);




            // make temp directory writable for nginx and the website users


            $app->system->chmod($data['new']['document_root'].'/tmp', 0777);


            $app->system->chmod($data['new']['document_root'].'/tmp', 0770);




            // Set Log directory to 755 to make the logs accessible by the FTP user


            if(realpath($data['new']['document_root'].'/'.$log_folder . '/error.log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {


@@ -1064,7 +1089,16 @@




      // Custom nginx directives


      $final_nginx_directives = array();


      $nginx_directives = $data['new']['nginx_directives'];


      if(intval($data['new']['directive_snippets_id']) > 0){


         $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


         if(isset($snippet['snippet'])){


            $nginx_directives = $snippet['snippet'];


         } else {


            $nginx_directives = $data['new']['nginx_directives'];


         }


      } else {


         $nginx_directives = $data['new']['nginx_directives'];


      }


      // Make sure we only have Unix linebreaks


      $nginx_directives = str_replace("\r\n", "\n", $nginx_directives);


      $nginx_directives = str_replace("\r", "\n", $nginx_directives);


@@ -2021,6 +2055,28 @@


            $this->awstats_delete($data, $web_config);


         }




         //* Delete the web-backups


         if($data['old']['type'] == 'vhost') {


            $server_config = $app->getconf->get_server_config($conf['server_id'], 'server');


            $backup_dir = $server_config['backup_dir'];


            $mount_backup = true;


            if($server_config['backup_dir'] != '' && $server_config['backup_delete'] == 'y') {


               //* mount backup directory, if necessary


               if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $mount_backup = false;


               if($mount_backup){


                  $web_backup_dir = $backup_dir.'/web'.$data_old['domain_id'];


                  //** do not use rm -rf $web_backup_dir because database(s) may exits


                  exec(escapeshellcmd('rm -f '.$web_backup_dir.'/web'.$data_old['domain_id'].'_').'*');


                  //* cleanup database


                  $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename LIKE ?";


                  $app->db->query($sql, $conf['server_id'], $data_old['domain_id'], "web".$data_old['domain_id']."_%");


                  if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $data_old['domain_id'], "web".$data_old['domain_id']."_%");




                  $app->log('Deleted the web backup files', LOGLEVEL_DEBUG);


               }


            }


         }




         $app->services->restartServiceDelayed('httpd', 'reload');




      }