From a7b97c4310d88cb7a7b736e465d07ad4526f609e Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 08 Dec 2015 10:58:01 -0500
Subject: [PATCH] - Fixed letsencrypt call
---
server/plugins-available/apache2_plugin.inc.php | 121 +++++++++++++++++++++++++++++++++++++---
1 files changed, 111 insertions(+), 10 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 4bacf07..41e9a6f 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -283,7 +283,7 @@
emailAddress = webmaster@".$data['new']['domain']."
[ req_attributes ]
- challengePassword = A challenge password";
+ ";//challengePassword = A challenge password";
$ssl_cnf_file = $ssl_dir.'/openssl.conf';
$app->system->file_put_contents($ssl_cnf_file, $ssl_cnf);
@@ -594,7 +594,8 @@
}
//* Unmount the old log directory bfore we move the log dir
- exec('umount '.escapeshellcmd($old_dir.'/log'));
+ //exec('fuser -km '.escapeshellcmd($old_dir.'/log'));
+ exec('umount '.escapeshellcmd($data['old']['document_root'].'/log'));
//* Create new base directory, if it does not exist yet
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
@@ -676,6 +677,7 @@
$app->system->removeLine('/etc/fstab', $fstab_line);
//* Unmount log directory
+ //exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$old_log_folder));
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$old_log_folder));
}
@@ -689,7 +691,8 @@
$app->system->chmod($data['new']['document_root'].'/'.$log_folder, 0755);
exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
//* add mountpoint to fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait';
+ $fstab_line .= @($web_config['network_filesystem'] == 'y')?',_netdev 0 0':' 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line, $fstab_line, 1, 1);
}
@@ -1108,6 +1111,94 @@
}
*/
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ $data['new']['ssl_domain'] = $domain;
+ $vhost_data['ssl_domain'] = $domain;
+
+ //* be sure to have good domain
+ $lddomain = (string) "$domain";
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $lddomain .= (string) " --domains www." . $domain;
+ }
+
+ $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
+ $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+ $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
+ $webroot = $data['new']['document_root']."/web";
+
+ //* check if we have already a Let's Encrypt cert
+ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+ $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+ if(is_dir($webroot . "/.well-known/")) {
+ $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+ $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ }
+
+ $app->log("Create challenge directory", LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webroot . "/.well-known/");
+ $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+ $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+ $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+ $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+ if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator=webroot --server=https://acme-v01.api.letsencrypt.org/directory --rsa-key-size=4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+ }
+ };
+
+ //* check is been correctly created
+ if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ $date = date("YmdHis");
+ if(is_file($key_file)) {
+ $app->system->copy($key_file, $key_file.'.old'.$date);
+ $app->system->chmod($key_file.'.old.'.$date, 0400);
+ $app->system->unlink($key_file);
+ }
+
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+ }
+
+ if(is_file($crt_file)) {
+ $app->system->copy($crt_file, $crt_file.'.old.'.$date);
+ $app->system->chmod($crt_file.'.old.'.$date, 0400);
+ $app->system->unlink($crt_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+ }
+
+ if(is_file($bundle_file)) {
+ $app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
+ $app->system->chmod($bundle_file.'.old.'.$date, 0400);
+ $app->system->unlink($bundle_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
+ }
+
+ /* we don't need to store it.
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ }
+ };
+
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
//$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder;
@@ -1405,7 +1496,7 @@
* PHP-FPM
*/
// Support for multiple PHP versions
- if($data['new']['php'] == 'php-fpm' || $data['new']['php'] == 'hhvm'){
+ if($data['new']['php'] == 'php-fpm'){
if(trim($data['new']['fastcgi_php_version']) != ''){
$default_php_fpm = false;
list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
@@ -1900,10 +1991,12 @@
if(is_array($log_folders) && !empty($log_folders)){
foreach($log_folders as $log_folder){
//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ //exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
}
} else {
//if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ //exec('fuser -km '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
}
}
@@ -2855,11 +2948,14 @@
file_put_contents('/etc/init.d/hhvm_' . $data['new']['system_user'], $content);
exec('chmod +x /etc/init.d/hhvm_' . $data['new']['system_user'] . ' >/dev/null 2>&1');
exec('/usr/sbin/update-rc.d hhvm_' . $data['new']['system_user'] . ' defaults >/dev/null 2>&1');
- exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' start >/dev/null 2>&1');
+ exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' restart >/dev/null 2>&1');
- $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);
- file_put_contents('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'], $monit_content);
- exec('/etc/init.d/monit restart >/dev/null 2>&1');
+ if(is_dir('/etc/monit/conf.d')){
+ $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);
+ file_put_contents('/etc/monit/conf.d/00-hhvm_' . $data['new']['system_user'], $monit_content);
+ if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])) unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);
+ exec('/etc/init.d/monit restart >/dev/null 2>&1');
+ }
} elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {
exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');
@@ -2867,8 +2963,13 @@
unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);
if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
- if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){
- unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);
+ if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']) || is_file('/etc/monit/conf.d/00-hhvm_' . $data['new']['system_user'])){
+ if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){
+ unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);
+ }
+ if(is_file('/etc/monit/conf.d/00-hhvm_' . $data['new']['system_user'])){
+ unlink('/etc/monit/conf.d/00-hhvm_' . $data['new']['system_user']);
+ }
exec('/etc/init.d/monit restart >/dev/null 2>&1');
}
}
--
Gitblit v1.9.1