From b31bb1f27f066a2d49f5ab9ee0ca15e985efc788 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 26 Sep 2011 06:50:23 -0400
Subject: [PATCH] Fixed: FS#1619 - Add apache SNI / SAN support for SSL.
---
server/plugins-available/nginx_plugin.inc.php | 203 +++++++++++++++++++++++++++++---------------------
1 files changed, 119 insertions(+), 84 deletions(-)
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 3d536ea..4c9c2ab 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -567,7 +567,7 @@
}
//* add the nginx user to the client group
- $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
@@ -638,12 +638,43 @@
$vhost_data['web_document_root'] = $data['new']['document_root'].'/web';
$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/web';
$vhost_data['web_basedir'] = $web_config['website_basedir'];
- $vhost_data['security_level'] = $web_config['security_level'];
- $vhost_data['allow_override'] = ($data['new']['allow_override'] == '')?'All':$data['new']['allow_override'];
- $vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
- //$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
- //$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
- $vhost_data['fpm_port'] = $web_config['php_fpm_start_port'] + $data['new']['domain_id'];
+
+ // IPv6
+ if($data['new']['ipv6_address'] != '') $tpl->setVar('ipv6_enabled', 1);
+
+ // PHP-FPM
+ $pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
+ $pool_name = 'web'.$data['new']['domain_id'];
+ $socket_dir = escapeshellcmd($web_config['php_fpm_socket_dir']);
+ if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
+
+ if($data['new']['php_fpm_use_socket'] == 'y'){
+ $use_tcp = 0;
+ $use_socket = 1;
+ } else {
+ $use_tcp = 1;
+ $use_socket = 0;
+ }
+ $tpl->setVar('use_tcp', $use_tcp);
+ $tpl->setVar('use_socket', $use_socket);
+ $fpm_socket = $socket_dir.$pool_name.'.sock';
+ $tpl->setVar('fpm_socket', $fpm_socket);
+ $vhost_data['fpm_port'] = $web_config['php_fpm_start_port'] + $data['new']['domain_id'] + 1;
+
+ // Custom nginx directives
+ $final_nginx_directives = array();
+ $nginx_directives = $data['new']['nginx_directives'];
+ // Make sure we only have Unix linebreaks
+ $nginx_directives = str_replace("\r\n", "\n", $nginx_directives);
+ $nginx_directives = str_replace("\r", "\n", $nginx_directives);
+ $nginx_directive_lines = explode("\n", $nginx_directives);
+ if(is_array($nginx_directive_lines) && !empty($nginx_directive_lines)){
+ foreach($nginx_directive_lines as $nginx_directive_line){
+ $final_nginx_directives[] = array('nginx_directive' => $nginx_directive_line);
+ }
+ }
+ $tpl->setLoop('nginx_directives', $final_nginx_directives);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -783,11 +814,8 @@
}
if(count($rewrite_rules) > 0) {
- $tpl->setVar('rewrite_enabled',1);
- } else {
- $tpl->setVar('rewrite_enabled',0);
+ $tpl->setLoop('redirects',$rewrite_rules);
}
- $tpl->setLoop('redirects',$rewrite_rules);
//* Create basic http auth for website statistics
$tpl->setVar('stats_auth_passwd_file', $data['new']['document_root']."/.htpasswd_stats");
@@ -863,7 +891,7 @@
$this->awstats_update($data,$web_config);
}
- $this->php_fpm_pool_update($data,$web_config);
+ $this->php_fpm_pool_update($data,$web_config,$pool_dir,$pool_name,$socket_dir);
if($web_config['check_apache_config'] == 'y') {
//* Test if nginx starts with the new configuration file
@@ -1066,91 +1094,96 @@
}
//* Update the PHP-FPM pool configuration file
- private function php_fpm_pool_update ($data,$web_config) {
+ private function php_fpm_pool_update ($data,$web_config,$pool_dir,$pool_name,$socket_dir) {
global $app, $conf;
-
- $pool_dir = $web_config['php_fpm_pool_dir'];
//$reload = false;
if($data['new']['php'] == 'no'){
- if(@is_file($pool_dir.'/'.$data['old']['domain'].'.conf')){
- unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
- //$reload = true;
- }
- if(@is_file($pool_dir.'/'.$data['new']['domain'].'.conf')){
- unlink($pool_dir.'/'.$data['new']['domain'].'.conf');
+ if(@is_file($pool_dir.$pool_name.'.conf')){
+ unlink($pool_dir.$pool_name.'.conf');
//$reload = true;
}
//if($reload == true) $app->services->restartService('php-fpm','reload');
return;
}
-
- //if(!@is_file($pool_dir.'/'.$data['new']['domain'].'.conf') || ($data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain'])) {
- if ( @is_file($pool_dir.'/'.$data['old']['domain'].'.conf') ) {
- unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
- }
- $app->uses("getconf");
- $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
- $app->load('tpl');
- $tpl = new tpl();
- $tpl->newTemplate('php_fpm_pool.conf.master');
+ $app->load('tpl');
+ $tpl = new tpl();
+ $tpl->newTemplate('php_fpm_pool.conf.master');
- $tpl->setVar('fpm_pool', $data['new']['domain']);
- $tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id']);
- $tpl->setVar('fpm_user', $data['new']['system_user']);
- $tpl->setVar('fpm_group', $data['new']['system_group']);
- $php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
- $tpl->setVar('php_open_basedir', $php_open_basedir);
- if($php_open_basedir != ''){
- $tpl->setVar('enable_php_open_basedir', '');
- } else {
- $tpl->setVar('enable_php_open_basedir', ';');
- }
+ if($data['new']['php_fpm_use_socket'] == 'y'){
+ $use_tcp = 0;
+ $use_socket = 1;
+ if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
+ } else {
+ $use_tcp = 1;
+ $use_socket = 0;
+ }
+ $tpl->setVar('use_tcp', $use_tcp);
+ $tpl->setVar('use_socket', $use_socket);
- // Custom php.ini settings
- $final_php_ini_settings = array();
- $custom_php_ini_settings = trim($data['new']['custom_php_ini']);
- if($custom_php_ini_settings != ''){
- // Make sure we only have Unix linebreaks
- $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
- $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
- $ini_settings = explode("\n", $custom_php_ini_settings);
- if(is_array($ini_settings) && !empty($ini_settings)){
- foreach($ini_settings as $ini_setting){
- list($key, $value) = explode('=', $ini_setting);
- if($value){
- $value = trim($value);
- $key = trim($key);
- switch (strtolower($value)) {
- case 'on':
- case 'off':
- case '1':
- case '0':
- // PHP-FPM might complain about invalid boolean value if you use 0
- $value = 'off';
- case 'true':
- case 'false':
- case 'yes':
- case 'no':
- $final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
- break;
- default:
- $final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
- }
+ $fpm_socket = $socket_dir.$pool_name.'.sock';
+ $tpl->setVar('fpm_socket', $fpm_socket);
+
+ $tpl->setVar('fpm_pool', $pool_name);
+ $tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id'] + 1);
+ $tpl->setVar('fpm_user', $data['new']['system_user']);
+ $tpl->setVar('fpm_group', $data['new']['system_group']);
+ $tpl->setVar('document_root', $data['new']['document_root']);
+ $tpl->setVar('security_level',$web_config['security_level']);
+ $php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
+ $tpl->setVar('php_open_basedir', $php_open_basedir);
+ if($php_open_basedir != ''){
+ $tpl->setVar('enable_php_open_basedir', '');
+ } else {
+ $tpl->setVar('enable_php_open_basedir', ';');
+ }
+
+ // Custom php.ini settings
+ $final_php_ini_settings = array();
+ $custom_php_ini_settings = trim($data['new']['custom_php_ini']);
+ if($custom_php_ini_settings != ''){
+ // Make sure we only have Unix linebreaks
+ $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
+ $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
+ $ini_settings = explode("\n", $custom_php_ini_settings);
+ if(is_array($ini_settings) && !empty($ini_settings)){
+ foreach($ini_settings as $ini_setting){
+ list($key, $value) = explode('=', $ini_setting);
+ if($value){
+ $value = escapeshellcmd(trim($value));
+ $key = escapeshellcmd(trim($key));
+ switch (strtolower($value)) {
+ case 'on':
+ case 'off':
+ case '1':
+ case '0':
+ // PHP-FPM might complain about invalid boolean value if you use 0
+ $value = 'off';
+ case 'true':
+ case 'false':
+ case 'yes':
+ case 'no':
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_flag['.$key.'] = '.$value);
+ break;
+ default:
+ $final_php_ini_settings[] = array('ini_setting' => 'php_admin_value['.$key.'] = '.$value);
}
- }
+ }
}
}
+ }
- $tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
+ $tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
- file_put_contents($pool_dir.'/'.$data['new']['domain'].'.conf',$tpl->grab());
- $app->log('Writing the PHP-FPM config file: '.$pool_dir.'/'.$data['new']['domain'].'.conf',LOGLEVEL_DEBUG);
- unset($tpl);
- //$reload = true;
- //}
+ file_put_contents($pool_dir.$pool_name.'.conf',$tpl->grab());
+ $app->log('Writing the PHP-FPM config file: '.$pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+ unset($tpl);
+ //$reload = true;
+
//if($reload == true) $app->services->restartService('php-fpm','reload');
}
@@ -1158,12 +1191,14 @@
private function php_fpm_pool_delete ($data,$web_config) {
global $app;
- $pool_dir = $web_config['php_fpm_pool_dir'];
+ $pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
+ if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
+ $pool_name = 'web'.$data['new']['domain_id'];
- if ( @is_file($pool_dir.'/'.$data['old']['domain'].'.conf') ) {
- unlink($pool_dir.'/'.$data['old']['domain'].'.conf');
- $app->log('Removed PHP-FPM config file: '.$pool_dir.'/'.$data['old']['domain'].'.conf',LOGLEVEL_DEBUG);
- $app->services->restartService('php-fpm','reload');
+ if ( @is_file($pool_dir.$pool_name.'.conf') ) {
+ unlink($pool_dir.$pool_name.'.conf');
+ $app->log('Removed PHP-FPM config file: '.$pool_dir.$pool_name.'.conf',LOGLEVEL_DEBUG);
+ //$app->services->restartService('php-fpm','reload');
}
}
--
Gitblit v1.9.1