From 018c55dd71b17a2db9dc2d5cd21cb44a4963dda5 Mon Sep 17 00:00:00 2001 From: Marius Cramer Date: Tue, 8 Dec 2015 16:09:46 +0100 Subject: [PATCH] - Merged https://github.com/alexalouit/ISPConfig-letsencrypt.git --- interface/web/sites/form/web_domain.tform.php | 6 ++ .../web/sites/lib/lang/ar_web_domain.lng | 1 + .../web/sites/lib/lang/bg_web_domain.lng | 1 + .../web/sites/lib/lang/br_web_domain.lng | 1 + .../web/sites/lib/lang/cz_web_domain.lng | 1 + .../web/sites/lib/lang/de_web_domain.lng | 1 + .../web/sites/lib/lang/el_web_domain.lng | 1 + .../web/sites/lib/lang/en_web_domain.lng | 1 + .../web/sites/lib/lang/fi_web_domain.lng | 1 + .../web/sites/lib/lang/fr_web_domain.lng | 1 + .../web/sites/lib/lang/hr_web_domain.lng | 1 + .../web/sites/lib/lang/hu_web_domain.lng | 1 + .../web/sites/lib/lang/id_web_domain.lng | 1 + .../web/sites/lib/lang/it_web_domain.lng | 1 + .../web/sites/lib/lang/ja_web_domain.lng | 1 + .../web/sites/lib/lang/nl_web_domain.lng | 1 + .../web/sites/lib/lang/pl_web_domain.lng | 1 + .../web/sites/lib/lang/pt_web_domain.lng | 1 + .../web/sites/lib/lang/ro_web_domain.lng | 1 + .../web/sites/lib/lang/ru_web_domain.lng | 1 + .../web/sites/lib/lang/se_web_domain.lng | 1 + .../web/sites/lib/lang/sk_web_domain.lng | 1 + .../web/sites/templates/web_domain_edit.htm | 16 +++- .../plugins-available/apache2_plugin.inc.php | 86 +++++++++++++++++++ server/plugins-available/nginx_plugin.inc.php | 77 +++++++++++++++++ 25 files changed, 204 insertions(+), 2 deletions(-) diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php index 16a0c856c..de5164da1 100644 --- a/interface/web/sites/form/web_domain.tform.php +++ b/interface/web/sites/form/web_domain.tform.php @@ -232,6 +232,12 @@ $form["tabs"]['domain'] = array ( 'default' => 'n', 'value' => array(0 => 'n', 1 => 'y') ), + 'ssl_letsencrypt' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'n', + 'value' => array(0 => 'n', 1 => 'y') + ), 'php' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'SELECT', diff --git a/interface/web/sites/lib/lang/ar_web_domain.lng b/interface/web/sites/lib/lang/ar_web_domain.lng index 1714b6417..a8928e2d3 100644 --- a/interface/web/sites/lib/lang/ar_web_domain.lng +++ b/interface/web/sites/lib/lang/ar_web_domain.lng @@ -28,6 +28,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Own Error-Documents'; $wb['subdomain_txt'] = 'Auto-Subdomain'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Client'; diff --git a/interface/web/sites/lib/lang/bg_web_domain.lng b/interface/web/sites/lib/lang/bg_web_domain.lng index 594b6f2c7..5d6d786ed 100644 --- a/interface/web/sites/lib/lang/bg_web_domain.lng +++ b/interface/web/sites/lib/lang/bg_web_domain.lng @@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Собствени страници за грешки'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Клиент'; diff --git a/interface/web/sites/lib/lang/br_web_domain.lng b/interface/web/sites/lib/lang/br_web_domain.lng index 21525c5d9..9c5192e71 100644 --- a/interface/web/sites/lib/lang/br_web_domain.lng +++ b/interface/web/sites/lib/lang/br_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Suas Páginas de Erro'; $wb['subdomain_txt'] = 'Auto-Subdomínio'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Cliente'; diff --git a/interface/web/sites/lib/lang/cz_web_domain.lng b/interface/web/sites/lib/lang/cz_web_domain.lng index 64eccd2dc..7c1e91097 100644 --- a/interface/web/sites/lib/lang/cz_web_domain.lng +++ b/interface/web/sites/lib/lang/cz_web_domain.lng @@ -27,6 +27,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['subdomain_txt'] = 'Automatická subdoména'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klient'; diff --git a/interface/web/sites/lib/lang/de_web_domain.lng b/interface/web/sites/lib/lang/de_web_domain.lng index b90ff9a53..260aef1d1 100644 --- a/interface/web/sites/lib/lang/de_web_domain.lng +++ b/interface/web/sites/lib/lang/de_web_domain.lng @@ -27,6 +27,7 @@ $wb['traffic_quota_txt'] = 'Transfervolumenbeschränkung'; $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Kunde'; diff --git a/interface/web/sites/lib/lang/el_web_domain.lng b/interface/web/sites/lib/lang/el_web_domain.lng index b2792cefb..bb544bdf2 100644 --- a/interface/web/sites/lib/lang/el_web_domain.lng +++ b/interface/web/sites/lib/lang/el_web_domain.lng @@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Προσωπικά έγγραφα σφάλματος'; $wb['subdomain_txt'] = 'Auto-Subdomain'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Πελάτης'; diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng index 14b3d526f..38675dc70 100644 --- a/interface/web/sites/lib/lang/en_web_domain.lng +++ b/interface/web/sites/lib/lang/en_web_domain.lng @@ -33,6 +33,7 @@ $wb["ssi_txt"] = 'SSI'; $wb["errordocs_txt"] = 'Own Error-Documents'; $wb["subdomain_txt"] = 'Auto-Subdomain'; $wb["ssl_txt"] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb["suexec_txt"] = 'SuEXEC'; $wb["php_txt"] = 'PHP'; $wb["client_txt"] = 'Client'; diff --git a/interface/web/sites/lib/lang/fi_web_domain.lng b/interface/web/sites/lib/lang/fi_web_domain.lng index e13fb8f54..3070aa03f 100755 --- a/interface/web/sites/lib/lang/fi_web_domain.lng +++ b/interface/web/sites/lib/lang/fi_web_domain.lng @@ -25,6 +25,7 @@ $wb['traffic_quota_txt'] = 'Liikenneraja'; $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Asiakas'; diff --git a/interface/web/sites/lib/lang/fr_web_domain.lng b/interface/web/sites/lib/lang/fr_web_domain.lng index 7c01ca3f9..7dea74677 100644 --- a/interface/web/sites/lib/lang/fr_web_domain.lng +++ b/interface/web/sites/lib/lang/fr_web_domain.lng @@ -25,6 +25,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Pages derreurs personnalisées'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Client'; diff --git a/interface/web/sites/lib/lang/hr_web_domain.lng b/interface/web/sites/lib/lang/hr_web_domain.lng index ddcbdbc31..c7b0e4a65 100644 --- a/interface/web/sites/lib/lang/hr_web_domain.lng +++ b/interface/web/sites/lib/lang/hr_web_domain.lng @@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Vlastite error stranice'; $wb['subdomain_txt'] = 'Automatska poddomena'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klijent'; diff --git a/interface/web/sites/lib/lang/hu_web_domain.lng b/interface/web/sites/lib/lang/hu_web_domain.lng index 3fc994edc..9b3ff5944 100644 --- a/interface/web/sites/lib/lang/hu_web_domain.lng +++ b/interface/web/sites/lib/lang/hu_web_domain.lng @@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Saját hibaoldal'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['disabled_txt'] = 'Letiltva'; diff --git a/interface/web/sites/lib/lang/id_web_domain.lng b/interface/web/sites/lib/lang/id_web_domain.lng index 8ed9ad9df..3506258fb 100644 --- a/interface/web/sites/lib/lang/id_web_domain.lng +++ b/interface/web/sites/lib/lang/id_web_domain.lng @@ -28,6 +28,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Dokumen-Kesalahan Pribadi'; $wb['subdomain_txt'] = 'Subdomain Otomatis'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klien'; diff --git a/interface/web/sites/lib/lang/it_web_domain.lng b/interface/web/sites/lib/lang/it_web_domain.lng index 5a2bdf544..fcf69b4b0 100644 --- a/interface/web/sites/lib/lang/it_web_domain.lng +++ b/interface/web/sites/lib/lang/it_web_domain.lng @@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Errori personalizzati'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Cliente'; diff --git a/interface/web/sites/lib/lang/ja_web_domain.lng b/interface/web/sites/lib/lang/ja_web_domain.lng index 41ce4717f..2a34ff8fe 100644 --- a/interface/web/sites/lib/lang/ja_web_domain.lng +++ b/interface/web/sites/lib/lang/ja_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = '独自のエラーページを使う'; $wb['subdomain_txt'] = '自動サブドメイン'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'クライアント'; diff --git a/interface/web/sites/lib/lang/nl_web_domain.lng b/interface/web/sites/lib/lang/nl_web_domain.lng index aa3134b92..e1ecbf24e 100644 --- a/interface/web/sites/lib/lang/nl_web_domain.lng +++ b/interface/web/sites/lib/lang/nl_web_domain.lng @@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Own Error-documenten'; $wb['subdomain_txt'] = 'Auto-subdomein'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klant'; diff --git a/interface/web/sites/lib/lang/pl_web_domain.lng b/interface/web/sites/lib/lang/pl_web_domain.lng index 858b35c6f..e3f517130 100644 --- a/interface/web/sites/lib/lang/pl_web_domain.lng +++ b/interface/web/sites/lib/lang/pl_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Własne strony błędów'; $wb['subdomain_txt'] = 'Automatyczna subdomena'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klient'; diff --git a/interface/web/sites/lib/lang/pt_web_domain.lng b/interface/web/sites/lib/lang/pt_web_domain.lng index ac0f7f724..e279f8d82 100644 --- a/interface/web/sites/lib/lang/pt_web_domain.lng +++ b/interface/web/sites/lib/lang/pt_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Páginas de Erro'; $wb['subdomain_txt'] = 'Auto-Subdomínio'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Cliente'; diff --git a/interface/web/sites/lib/lang/ro_web_domain.lng b/interface/web/sites/lib/lang/ro_web_domain.lng index d4667d00c..9dbd4c18a 100644 --- a/interface/web/sites/lib/lang/ro_web_domain.lng +++ b/interface/web/sites/lib/lang/ro_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Own Error-Documents'; $wb['subdomain_txt'] = 'Auto-Subdomain'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Client'; diff --git a/interface/web/sites/lib/lang/ru_web_domain.lng b/interface/web/sites/lib/lang/ru_web_domain.lng index 06d82c1a2..8e9444449 100644 --- a/interface/web/sites/lib/lang/ru_web_domain.lng +++ b/interface/web/sites/lib/lang/ru_web_domain.lng @@ -25,6 +25,7 @@ $wb['traffic_quota_txt'] = 'Квота трафика'; $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Клиент'; diff --git a/interface/web/sites/lib/lang/se_web_domain.lng b/interface/web/sites/lib/lang/se_web_domain.lng index d25c8b152..eb9e7878b 100644 --- a/interface/web/sites/lib/lang/se_web_domain.lng +++ b/interface/web/sites/lib/lang/se_web_domain.lng @@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI'; $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Own Error-Documents'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Client'; diff --git a/interface/web/sites/lib/lang/sk_web_domain.lng b/interface/web/sites/lib/lang/sk_web_domain.lng index e38610de4..affc3f2fb 100644 --- a/interface/web/sites/lib/lang/sk_web_domain.lng +++ b/interface/web/sites/lib/lang/sk_web_domain.lng @@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI'; $wb['errordocs_txt'] = 'Vlastné Error-Dokumenty'; $wb['subdomain_txt'] = 'Auto-Subdomény'; $wb['ssl_txt'] = 'SSL'; +$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt'; $wb['suexec_txt'] = 'SuEXEC'; $wb['php_txt'] = 'PHP'; $wb['client_txt'] = 'Klient'; diff --git a/interface/web/sites/templates/web_domain_edit.htm b/interface/web/sites/templates/web_domain_edit.htm index d12c3a36c..2ac3bcb59 100644 --- a/interface/web/sites/templates/web_domain_edit.htm +++ b/interface/web/sites/templates/web_domain_edit.htm @@ -130,6 +130,12 @@
{tmpl_var name='ssl'}
+ +
+

{tmpl_var name='ssl_letsencrypt_txt'}

+
+ {tmpl_var name='ssl_letsencrypt'} +
@@ -261,5 +267,11 @@ submitForm('pageForm','sites/web_domain_edit.php'); }); - - \ No newline at end of file + + jQuery('input#ssl_letsencrypt').bind('change', function() { + if(jQuery('input#ssl_letsencrypt').is(":checked")) jQuery('input#ssl').prop('checked', true); + }); + jQuery('input#ssl').bind('change', function() { + if(jQuery('input#ssl_letsencrypt').is(":checked")) jQuery('input#ssl_letsencrypt').prop('checked', false); + }); + diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 54a77123d..e6797d719 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -950,6 +950,92 @@ class apache2_plugin { } */ + //* Generate Let's Encrypt SSL certificat + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { + $data['new']['ssl_domain'] = $domain; + $vhost_data['ssl_domain'] = $domain; + + //* be sure to have good domain + $lddomain = (string) "$domain"; + if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { + $lddomain .= (string) " --domains www." . $domain; + } + + $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; + $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; + $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem"; + $webroot = $data['new']['document_root']."/web"; + + //* check if we have already a Let's Encrypt cert + if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { + $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); + + if(is_dir($webroot . "/.well-known/")) { + $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); + $this->_exec("rm -rf " . $webroot . "/.well-known/"); + } + + $app->log("Create challenge directory", LOGLEVEL_DEBUG); + $app->system->mkdirpath($webroot . "/.well-known/"); + $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); + $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); + $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); + $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); + + $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot"); + }; + + //* check is been correctly created + if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) { + $date = date("YmdHis"); + if(is_file($key_file)) { + $app->system->copy($key_file, $key_file.'.old'.$date); + $app->system->chmod($key_file.'.old.'.$date, 0400); + $app->system->unlink($key_file); + } + + if ($web_config["website_symlinks_rel"] == 'y') { + $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file)); + } else { + exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file)); + } + + if(is_file($crt_file)) { + $app->system->copy($crt_file, $crt_file.'.old.'.$date); + $app->system->chmod($crt_file.'.old.'.$date, 0400); + $app->system->unlink($crt_file); + } + + if($web_config["website_symlinks_rel"] == 'y') { + $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file)); + } else { + exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file)); + } + + if(is_file($bundle_file)) { + $app->system->copy($bundle_file, $bundle_file.'.old.'.$date); + $app->system->chmod($bundle_file.'.old.'.$date, 0400); + $app->system->unlink($bundle_file); + } + + if($web_config["website_symlinks_rel"] == 'y') { + $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file)); + } else { + exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file)); + } + + /* we don't need to store it. + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + } + }; + if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1; //$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder; diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 02fb427fe..fb2329aed 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -1102,10 +1102,87 @@ class nginx_plugin { // Check if a SSL cert exists $ssl_dir = $data['new']['document_root'].'/ssl'; + if(!isset($data['new']['ssl_domain']) OR empty($data['new']['ssl_domain'])) { $data['new']['ssl_domain'] = $data['new']['domain']; } $domain = $data['new']['ssl_domain']; + $tpl->setVar('ssl_domain', $domain); $key_file = $ssl_dir.'/'.$domain.'.key'; $crt_file = $ssl_dir.'/'.$domain.'.crt'; + + $tpl->setVar('ssl_letsencrypt', "n"); + //* Generate Let's Encrypt SSL certificat + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { + //* be sure to have good domain + $lddomain = (string) "$domain"; + if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { + $lddomain .= (string) " --domains www." . $domain; + } + + $tpl->setVar('ssl_letsencrypt', "y"); + //* TODO: check dns entry is correct + $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem"; + $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; + $webroot = $data['new']['document_root']."/web"; + + //* check if we have already a Let's Encrypt cert + if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { + $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); + + if(is_dir($webroot . "/.well-known/")) { + $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); + $this->_exec("rm -rf " . $webroot . "/.well-known/"); + } + + $app->log("Create challenge directory", LOGLEVEL_DEBUG); + $app->system->mkdirpath($webroot . "/.well-known/"); + $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); + $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); + $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); + $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); + + $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot"); + }; + + //* check is been correctly created + if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) { + $date = date("YmdHis"); +//* TODO: check if is a symlink, if target same keep it, either remove it + if(is_file($key_file)) { + $app->system->copy($key_file, $key_file.'.old'.$date); + $app->system->chmod($key_file.'.old.'.$date, 0400); + $app->system->unlink($key_file); + } + + if ($web_config["website_symlinks_rel"] == 'y') { + $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file)); + } else { + exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file)); + } + + if(is_file($crt_file)) { + $app->system->copy($crt_file, $crt_file.'.old.'.$date); + $app->system->chmod($crt_file.'.old.'.$date, 0400); + $app->system->unlink($crt_file); + } + + if($web_config["website_symlinks_rel"] == 'y') { + $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file)); + } else { + exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file)); + } + + /* we don't need to store it. + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'"); + $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'"); + $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + } + }; + if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) { $vhost_data['ssl_enabled'] = 1; $app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG); -- GitLab