From 6b15d5f4e18578acb46be3babc46b7a9d3a9299c Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 14 Dec 2015 10:14:45 -0500
Subject: [PATCH] - added {DOCROOT_CLIENT} to directive placeholders (non-symlink docroot) - made placeholders visible for apache, too - added event raise at formdef loading (on_before_formdef and on_after_formdef) - added possibility to put plugin files into module/lib/plugin.d/ directory
---
server/plugins-available/apache2_plugin.inc.php | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 103 insertions(+), 4 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 98a5378..818cfd8 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -283,7 +283,7 @@
emailAddress = webmaster@".$data['new']['domain']."
[ req_attributes ]
- challengePassword = A challenge password";
+ ";//challengePassword = A challenge password";
$ssl_cnf_file = $ssl_dir.'/openssl.conf';
$app->system->file_put_contents($ssl_cnf_file, $ssl_cnf);
@@ -595,7 +595,7 @@
//* Unmount the old log directory bfore we move the log dir
//exec('fuser -km '.escapeshellcmd($old_dir.'/log'));
- exec('umount '.escapeshellcmd($old_dir.'/log'));
+ exec('umount '.escapeshellcmd($data['old']['document_root'].'/log'));
//* Create new base directory, if it does not exist yet
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
@@ -691,7 +691,8 @@
$app->system->chmod($data['new']['document_root'].'/'.$log_folder, 0755);
exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
//* add mountpoint to fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait';
+ $fstab_line .= @($web_config['network_filesystem'] == 'y')?',_netdev 0 0':' 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line, $fstab_line, 1, 1);
}
@@ -1090,12 +1091,16 @@
// Make sure we only have Unix linebreaks
$vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
$vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
- $trans = array('{DOCROOT}' => $vhost_data['web_document_root_www']);
+ $trans = array(
+ '{DOCROOT}' => $vhost_data['web_document_root_www'],
+ '{DOCROOT_CLIENT}' => $vhost_data['web_document_root']
+ );
$vhost_data['apache_directives'] = strtr($vhost_data['apache_directives'], $trans);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
$domain = $data['new']['ssl_domain'];
+ if(!$domain) $domain = $data['new']['domain'];
$key_file = $ssl_dir.'/'.$domain.'.key';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
@@ -1110,6 +1115,100 @@
}
*/
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ if(substr($domain, 0, 2) === '*.') {
+ // wildcard domain not yet supported by letsencrypt!
+ $app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
+ $domain = substr($domain, 2);
+ }
+
+ $data['new']['ssl_domain'] = $domain;
+ $vhost_data['ssl_domain'] = $domain;
+
+ //* be sure to have good domain
+ $lddomain = (string) "$domain";
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $lddomain .= (string) " --domains www." . $domain;
+ }
+
+ $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
+ $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+ $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
+ $webroot = $data['new']['document_root']."/web";
+
+ //* check if we have already a Let's Encrypt cert
+ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+ $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+ if(is_dir($webroot . "/.well-known/")) {
+ $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+ $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ }
+
+ $app->log("Create challenge directory", LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webroot . "/.well-known/");
+ $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+ $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+ $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+ $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+ if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+ }
+ };
+
+ //* check is been correctly created
+ if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ $date = date("YmdHis");
+ if(is_file($key_file)) {
+ $app->system->copy($key_file, $key_file.'.old'.$date);
+ $app->system->chmod($key_file.'.old.'.$date, 0400);
+ $app->system->unlink($key_file);
+ }
+
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+ }
+
+ if(is_file($crt_file)) {
+ $app->system->copy($crt_file, $crt_file.'.old.'.$date);
+ $app->system->chmod($crt_file.'.old.'.$date, 0400);
+ $app->system->unlink($crt_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+ }
+
+ if(is_file($bundle_file)) {
+ $app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
+ $app->system->chmod($bundle_file.'.old.'.$date, 0400);
+ $app->system->unlink($bundle_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
+ }
+
+ /* we don't need to store it.
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ }
+ };
+
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
//$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder;
--
Gitblit v1.9.1