From d22277878254cf33fd63ca1bf12b215f4e030a27 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 04 Jan 2016 05:12:49 -0500
Subject: [PATCH] - merged different fixes and updates from foreign branches
---
server/plugins-available/apache2_plugin.inc.php | 131 +++++++++++++++++++++++++++++++++++++++----
1 files changed, 117 insertions(+), 14 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 1b5a4c2..605d17d 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -163,7 +163,7 @@
}
if(intval($web_data['directive_snippets_id']) > 0){
- $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($web_data['directive_snippets_id']));
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($web_data['directive_snippets_id']));
if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
$required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
if(is_array($required_php_snippets) && !empty($required_php_snippets)){
@@ -1038,7 +1038,7 @@
$php_ini_content .= str_replace("\r", '', trim($data['new']['custom_php_ini']));
if(intval($data['new']['directive_snippets_id']) > 0){
- $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
$required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
if(is_array($required_php_snippets) && !empty($required_php_snippets)){
@@ -1091,12 +1091,16 @@
// Make sure we only have Unix linebreaks
$vhost_data['apache_directives'] = str_replace("\r\n", "\n", $vhost_data['apache_directives']);
$vhost_data['apache_directives'] = str_replace("\r", "\n", $vhost_data['apache_directives']);
- $trans = array('{DOCROOT}' => $vhost_data['web_document_root_www']);
+ $trans = array(
+ '{DOCROOT}' => $vhost_data['web_document_root_www'],
+ '{DOCROOT_CLIENT}' => $vhost_data['web_document_root']
+ );
$vhost_data['apache_directives'] = strtr($vhost_data['apache_directives'], $trans);
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
$domain = $data['new']['ssl_domain'];
+ if(!$domain) $domain = $data['new']['domain'];
$key_file = $ssl_dir.'/'.$domain.'.key';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
@@ -1110,6 +1114,100 @@
$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
}
*/
+
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ if(substr($domain, 0, 2) === '*.') {
+ // wildcard domain not yet supported by letsencrypt!
+ $app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
+ $domain = substr($domain, 2);
+ }
+
+ $data['new']['ssl_domain'] = $domain;
+ $vhost_data['ssl_domain'] = $domain;
+
+ //* be sure to have good domain
+ $lddomain = (string) "$domain";
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $lddomain .= (string) " --domains www." . $domain;
+ }
+
+ $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
+ $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+ $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
+ $webroot = $data['new']['document_root']."/web";
+
+ //* check if we have already a Let's Encrypt cert
+ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+ $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+ if(is_dir($webroot . "/.well-known/")) {
+ $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+ $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ }
+
+ $app->log("Create challenge directory", LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webroot . "/.well-known/");
+ $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+ $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+ $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+ $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+ if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+ }
+ };
+
+ //* check is been correctly created
+ if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ $date = date("YmdHis");
+ if(is_file($key_file)) {
+ $app->system->copy($key_file, $key_file.'.old'.$date);
+ $app->system->chmod($key_file.'.old.'.$date, 0400);
+ $app->system->unlink($key_file);
+ }
+
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+ }
+
+ if(is_file($crt_file)) {
+ $app->system->copy($crt_file, $crt_file.'.old.'.$date);
+ $app->system->chmod($crt_file.'.old.'.$date, 0400);
+ $app->system->unlink($crt_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+ }
+
+ if(is_file($bundle_file)) {
+ $app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
+ $app->system->chmod($bundle_file.'.old.'.$date, 0400);
+ $app->system->unlink($bundle_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
+ }
+
+ /* we don't need to store it.
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ }
+ };
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
@@ -1135,6 +1233,7 @@
// Rewrite rules
$rewrite_rules = array();
+ $rewrite_wildcard_rules = array();
if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
if(substr($data['new']['redirect_path'], -1) != '/' && !preg_match('/^(https?|\[scheme\]):\/\//', $data['new']['redirect_path'])) $data['new']['redirect_path'] .= '/';
if(substr($data['new']['redirect_path'], 0, 8) == '[scheme]'){
@@ -1166,7 +1265,7 @@
'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
+ $rewrite_wildcard_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
@@ -1265,7 +1364,7 @@
'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($alias['domain']),
+ $rewrite_wildcard_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
@@ -1302,6 +1401,8 @@
} else {
$tpl->setVar('alias', '');
}
+
+ if (count($rewrite_wildcard_rules) > 0) $rewrite_rules = array_merge($rewrite_rules, $rewrite_wildcard_rules); // Append wildcard rules to the end of rules
if(count($rewrite_rules) > 0 || $vhost_data['seo_redirect_enabled'] > 0 || count($alias_seo_redirects) > 0) {
$tpl->setVar('rewrite_enabled', 1);
@@ -2825,19 +2926,19 @@
$monit_content = file_get_contents($conf['rootpath'] . '/conf/hhvm_monit.master');
}
- if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || $data['new']['custom_php_ini'] != $data['old']['custom_php_ini']) {
+ if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || (isset($data['old']['custom_php_ini']) && $data['new']['custom_php_ini'] != $data['old']['custom_php_ini'])) {
// Custom php.ini settings
$custom_php_ini_settings = trim($data['new']['custom_php_ini']);
if(intval($data['new']['directive_snippets_id']) > 0){
- $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
+ $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));
if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){
$required_php_snippets = explode(',', trim($snippet['required_php_snippets']));
if(is_array($required_php_snippets) && !empty($required_php_snippets)){
foreach($required_php_snippets as $required_php_snippet){
$required_php_snippet = intval($required_php_snippet);
if($required_php_snippet > 0){
- $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE ".($snippet['master_directive_snippets_id'] > 0 ? 'master_' : '')."directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
$php_snippet['snippet'] = trim($php_snippet['snippet']);
if($php_snippet['snippet'] != ''){
$custom_php_ini_settings .= "\n".$php_snippet['snippet'];
@@ -2853,7 +2954,7 @@
$custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);
file_put_contents('/etc/hhvm/'.$data['new']['system_user'].'.ini', $custom_php_ini_settings);
} else {
- if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+ if($data['old']['system_user'] != '' && is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
}
$content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $content);
@@ -2870,10 +2971,12 @@
}
} elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {
- exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');
- exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');
- unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);
- if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+ if($data['old']['system_user'] != ''){
+ exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');
+ exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');
+ unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);
+ if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');
+ }
if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']) || is_file('/etc/monit/conf.d/00-hhvm_' . $data['new']['system_user'])){
if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){
@@ -2988,7 +3091,7 @@
foreach($required_php_snippets as $required_php_snippet){
$required_php_snippet = intval($required_php_snippet);
if($required_php_snippet > 0){
- $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
+ $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE ".($snippet['master_directive_snippets_id'] > 0 ? 'master_' : '')."directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);
$php_snippet['snippet'] = trim($php_snippet['snippet']);
if($php_snippet['snippet'] != ''){
$custom_php_ini_settings .= "\n".$php_snippet['snippet'];
--
Gitblit v1.9.1