From 6844de8422ad2ffcd1f5c864ea967c8321ac07b7 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 22 Jan 2016 04:57:06 -0500
Subject: [PATCH] - don't delete .well-known dir if it existed prior to run
---
server/plugins-available/nginx_plugin.inc.php | 65 ++++++++++++++++++++++++++------
1 files changed, 53 insertions(+), 12 deletions(-)
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 3437b55..5ffe771 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1231,22 +1231,54 @@
$tpl->setVar('ssl_letsencrypt', "n");
+
//* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ )) {
+
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
$domain = substr($domain, 2);
}
-
+
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
- $lddomain = (string) "$domain";
- if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
- $lddomain .= (string) " --domains www." . $domain;
+ // default values
+ $temp_domains = array();
+ $lddomain = $domain;
+ $subdomains = null;
+
+ //* be sure to have good domain
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $temp_domains[] = "www." . $domain;
}
+
+ //* then, add subdomain if we have
+ $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
+ if(is_array($subdomains)) {
+ foreach($subdomains as $subdomain) {
+ $temp_domains[] = $subdomain['domain'];
+ }
+ }
+
+ // prevent duplicate
+ $temp_domains = array_unique($temp_domains);
+
+ // generate cli format
+ foreach($temp_domains as $temp_domain) {
+ $lddomain .= (string) " --domains " . $temp_domain;
+ }
+
+ // useless data
+ unset($subdomains);
+ unset($temp_domains);
$tpl->setVar('ssl_letsencrypt', "y");
//* TODO: check dns entry is correct
@@ -1254,18 +1286,20 @@
$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
$webroot = $data['new']['document_root']."/web";
+ $wk_dir_existed = false;
+ if(is_dir($webroot . '/.well-known')) $wk_dir_existed = true;
//* check if we have already a Let's Encrypt cert
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
- if(is_dir($webroot . "/.well-known/")) {
+ if(is_dir($webroot . "/.well-known/acme-challenge/")) {
$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
- $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
}
$app->log("Create challenge directory", LOGLEVEL_DEBUG);
$app->system->mkdirpath($webroot . "/.well-known/");
- $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
+ $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
@@ -1275,7 +1309,12 @@
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
}
- };
+ }
+ if($wk_dir_existed == false && is_dir($webroot . '/.well-known')) {
+ $this->_exec("rm -rf " . $webroot . "/.well-known");
+ } elseif(is_dir($webroot . "/.well-known/acme-challenge/")) {
+ $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
+ }
//* check is been correctly created
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
@@ -2985,13 +3024,15 @@
} else {
if($islocation){
- if(strpos($l, '{') !== false){
+ $openingbracketpos = strrpos($l, '{');
+ if($openingbracketpos !== false){
$level += 1;
}
- if(strpos($l, '}') !== false && $level > 0){
+ $closingbracketpos = strrpos($l, '}');
+ if($closingbracketpos !== false && $level > 0 && $closingbracketpos >= intval($openingbracketpos)){
$level -= 1;
$locations[$location]['location'] .= $lines[$i]."\n";
- } elseif(strpos($l, '}') !== false && $level == 0){
+ } elseif($closingbracketpos !== false && $level == 0 && $closingbracketpos >= intval($openingbracketpos)){
$islocation = false;
} else {
$locations[$location]['location'] .= $lines[$i]."\n";
--
Gitblit v1.9.1