From 6b15d5f4e18578acb46be3babc46b7a9d3a9299c Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 14 Dec 2015 10:14:45 -0500
Subject: [PATCH] - added {DOCROOT_CLIENT} to directive placeholders (non-symlink docroot) - made placeholders visible for apache, too - added event raise at formdef loading (on_before_formdef and on_after_formdef) - added possibility to put plugin files into module/lib/plugin.d/ directory

---
 server/plugins-available/nginx_plugin.inc.php |  104 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 101 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index d3eb706..aaab39b 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -475,7 +475,8 @@
 				}
 				
 				//* Unmount the old log directory bfore we move the log dir
-				exec('umount '.escapeshellcmd($old_dir.'/log'));
+				//exec('fuser -km '.escapeshellcmd($old_dir.'/log'));
+				exec('umount '.escapeshellcmd($data['old']['document_root'].'/log'));
 
 				//* Create new base directory, if it does not exist yet
 				if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
@@ -557,6 +558,7 @@
 			$app->system->removeLine('/etc/fstab', $fstab_line);
 
 			//* Unmount log directory
+			//exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$old_log_folder));
 			exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$old_log_folder));
 		}
 
@@ -570,7 +572,8 @@
 			$app->system->chmod($data['new']['document_root'].'/'.$log_folder, 0755);
 			exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
 			//* add mountpoint to fstab
-			$fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind,nobootwait,_netdev    0 0';
+			$fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind,nobootwait';
+			$fstab_line .= @($web_config['network_filesystem'] == 'y')?',_netdev    0 0':'    0 0';
 			$app->system->replaceLine('/etc/fstab', $fstab_line, $fstab_line, 1, 1);
 		}
 
@@ -1130,7 +1133,11 @@
 		$nginx_directives = str_replace("\r", "\n", $nginx_directives);
 		$nginx_directive_lines = explode("\n", $nginx_directives);
 		if(is_array($nginx_directive_lines) && !empty($nginx_directive_lines)){
-			$trans = array('{DOCROOT}' => $vhost_data['web_document_root_www'], '{FASTCGIPASS}' => 'fastcgi_pass '.($data['new']['php_fpm_use_socket'] == 'y'? 'unix:'.$fpm_socket : '127.0.0.1:'.$vhost_data['fpm_port']).';');
+			$trans = array(
+				'{DOCROOT}' => $vhost_data['web_document_root_www'],
+				'{DOCROOT_CLIENT}' => $vhost_data['web_document_root'],
+				'{FASTCGIPASS}' => 'fastcgi_pass '.($data['new']['php_fpm_use_socket'] == 'y'? 'unix:'.$fpm_socket : '127.0.0.1:'.$vhost_data['fpm_port']).';'
+			);
 			foreach($nginx_directive_lines as $nginx_directive_line){
 				$final_nginx_directives[] = array('nginx_directive' => strtr($nginx_directive_line, $trans));
 			}
@@ -1139,9 +1146,98 @@
 
 		// Check if a SSL cert exists
 		$ssl_dir = $data['new']['document_root'].'/ssl';
+		if(!isset($data['new']['ssl_domain']) OR empty($data['new']['ssl_domain'])) { $data['new']['ssl_domain'] = $data['new']['domain']; }
 		$domain = $data['new']['ssl_domain'];
+		if(!$domain) $domain = $data['new']['domain'];
+		$tpl->setVar('ssl_domain', $domain);
 		$key_file = $ssl_dir.'/'.$domain.'.key';
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+
+		$tpl->setVar('ssl_letsencrypt', "n");
+		//* Generate Let's Encrypt SSL certificat
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+			//* be sure to have good domain
+			if(substr($domain, 0, 2) === '*.') {
+				// wildcard domain not yet supported by letsencrypt!
+				$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
+				$domain = substr($domain, 2);
+			}
+			
+			$data['new']['ssl_domain'] = $domain;
+			$vhost_data['ssl_domain'] = $domain;
+			
+			$lddomain = (string) "$domain";
+			if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+				$lddomain .= (string) " --domains www." . $domain;
+			}
+
+			$tpl->setVar('ssl_letsencrypt', "y");
+			//* TODO: check dns entry is correct
+			$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem";
+			$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+			$webroot = $data['new']['document_root']."/web";
+
+			//* check if we have already a Let's Encrypt cert
+			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+				if(is_dir($webroot . "/.well-known/")) {
+					$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+					$this->_exec("rm -rf " . $webroot . "/.well-known/");
+				}
+
+				$app->log("Create challenge directory", LOGLEVEL_DEBUG);
+				$app->system->mkdirpath($webroot . "/.well-known/");
+				$app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
+				$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+				$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+				$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+				$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+				$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+				
+				if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
+					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+				}
+			};
+
+			//* check is been correctly created
+			if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+					$date = date("YmdHis");
+//* TODO: check if is a symlink, if target same keep it, either remove it
+				if(is_file($key_file)) {
+					$app->system->copy($key_file, $key_file.'.old'.$date);
+					$app->system->chmod($key_file.'.old.'.$date, 0400);
+					$app->system->unlink($key_file);
+				}
+
+				if ($web_config["website_symlinks_rel"] == 'y') {
+					$this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+				} else {
+					exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+				}
+
+				if(is_file($crt_file)) {
+					$app->system->copy($crt_file, $crt_file.'.old.'.$date);
+					$app->system->chmod($crt_file.'.old.'.$date, 0400);
+					$app->system->unlink($crt_file);
+				}
+
+				if($web_config["website_symlinks_rel"] == 'y') {
+					$this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+				} else {
+					exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+				}
+
+				/* we don't need to store it.
+				/* Update the DB of the (local) Server */
+				$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+				$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+				/* Update also the master-DB of the Server-Farm */
+				$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+				$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+			}
+		};
 
 		if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
 			$vhost_data['ssl_enabled'] = 1;
@@ -1880,10 +1976,12 @@
 			if(is_array($log_folders) && !empty($log_folders)){
 				foreach($log_folders as $log_folder){
 					//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+					//exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
 					exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
 				}
 			} else {
 				//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+				//exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
 				exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
 			}
 		}

--
Gitblit v1.9.1