From 1c711c8e544d7d0f62d73c0d8367fa709b59cfce Mon Sep 17 00:00:00 2001
From: latham <latham@ispconfig3>
Date: Thu, 19 May 2011 10:57:54 -0400
Subject: [PATCH] Syncing from our internal branch. This adds safe default favicon.ico which is blank, a simple .htaccess, and a simple robots.txt. This will also reduce 404s on the whole server
---
server/plugins-available/apache2_plugin.inc.php | 35 ++++++++++++++++++++++++-----------
1 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 466a12c..4868e28 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -82,6 +82,12 @@
// Handle the creation of SSL certificates
function ssl($event_name,$data) {
global $app, $conf;
+
+ // load the server configuration options
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+ if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
+ $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);
//* Only vhosts can have a ssl cert
if($data["new"]["type"] != "vhost") return;
@@ -142,18 +148,22 @@
$crt_file = escapeshellcmd($crt_file);
if(is_file($ssl_cnf_file)) {
-
+
exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");
exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");
- if(isset($conf['CA-path']) && isset($conf['CA-pass']) )
+ exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
+
+ if(file_exists($web_config['CA_path'].'/openssl.cnf'))
{
- exec("openssl ca -batch -out $crt_file -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -in $csr_file");
+ exec("openssl ca -batch -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file");
$app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
- } else{
+ if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed. openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);
+ };
+ if (filesize($crt_file)==0 || !file_exists($crt_file)){
exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
$app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
};
- exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
+
}
exec('chmod 400 '.$key_file2);
@@ -193,9 +203,9 @@
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
- if(isset($conf['CA-path']) && isset($conf['CA-pass']) )
+ if(file_exists($web_config['CA_path'].'/openssl.cnf'))
{
- exec("openssl ca -batch -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -revoke $crt_file");
+ exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke $crt_file");
$app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
};
unlink($csr_file);
@@ -431,6 +441,9 @@
// copy the standard index page
if (file_exists('/usr/local/ispconfig/server/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2))) {
exec('cp /usr/local/ispconfig/server/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/web/index.html');
+ if(is_file('/usr/local/ispconfig/server/conf-custom/index/favicon.ico')) exec('cp /usr/local/ispconfig/server/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/web/');
+ if(is_file('/usr/local/ispconfig/server/conf-custom/index/robots.txt')) exec('cp /usr/local/ispconfig/server/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/web/');
+ if(is_file('/usr/local/ispconfig/server/conf-custom/index/.htaccess')) exec('cp /usr/local/ispconfig/server/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/web/');
}
else {
if (file_exists('/usr/local/ispconfig/server/conf-custom/index/standard_index.html')) {
@@ -620,12 +633,12 @@
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
- if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
} else {
$vhost_data['ssl_enabled'] = 0;
- $app->log('Disable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ $app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
}
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
@@ -856,7 +869,7 @@
$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost');
//* Make a backup copy of vhost file
- copy($vhost_file,$vhost_file.'~');
+ if(file_exists($vhost_file)) copy($vhost_file,$vhost_file.'~');
//* Write vhost file
file_put_contents($vhost_file,$tpl->grab());
@@ -1408,4 +1421,4 @@
} // end class
-?>
+?>
\ No newline at end of file
--
Gitblit v1.9.1