Commit d8a01636 authored by Jorge Muñoz's avatar Jorge Muñoz
Browse files

Merge branch 'develop' into 6202-support-for-borg-archive-in-backups

parents 4cd48685 2b30a072
Pipeline #9568 passed with stage
in 13 seconds
......@@ -17,6 +17,7 @@ syntax:lint:
- schedules
- web
- merge_requests
- /^\d+\.\d+\.\d+$/
script:
- echo "Syntax checking PHP files"
......@@ -32,6 +33,12 @@ syntax_diff:lint:
- pushes
- branches
except:
- schedules
- web
- merge_requests
- /^\d+\.\d+\.\d+$/
script:
- echo "Syntax checking PHP files"
- bash ./.git-scripts/syntax.sh commit
......@@ -52,19 +59,22 @@ syntax_diff:lint:
# - vendor/bin/phplint
test:install:
stage: test
image: jerob/docker-ispconfig
only:
- schedules
- web
script:
- $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
- apt-get update
- apt-get --yes install curl
- curl --insecure https://127.0.0.1:8080/login/
- ps xaf
#test:install:
# stage: test
# image: jerob/docker-ispconfig
# only:
# - schedules
# - web
# - /^\d+\.\d+\.\d+$/
#
# script:
# - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
# - apt-get update
# - apt-get --yes install curl
# - curl --insecure https://127.0.0.1:8080/login/
# - ps xaf
#
# needs: ["syntax:lint"]
build:package:
stage: build
......@@ -72,13 +82,23 @@ build:package:
only:
refs:
- /^\d+\.\d+\.\d+$/
except:
- branches
- merge_requests
- schedules
- pushes
- web
script:
- echo "Building release."
- if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
- if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
- if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
- RET=0
- tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' . || RET=$?
- if [[ $RET > 1 ]] ; then exit $RET ; fi
- echo "Listing tar contents for verification"
- tar -tvf ISPConfig-${VER}.tar.gz
- echo "Uploading file to download server"
- curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
- if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
- rm ISPConfig-${VER}.tar.gz
- echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
when: manual
needs: ["syntax:lint"]
allow_failure: false
\ No newline at end of file
#!/bin/bash
chkdata() {
F=$1
CRT=$2
KEY=$3
if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
if [[ ! -f "$CRT" ]] ; then
echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
else
echo -n "Checking ${CRT}" ;
CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
if [[ $CHK -ne 0 ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
if [[ ! -f "$KEY" ]] ; then
echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
else
echo -n "Checking ${KEY}" ;
CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
if [[ $CHK -ne 0 ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
if [[ -f "$CRT" && -f "$KEY" ]] ; then
echo -n "Checking that key and certificate match";
MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
if [[ "$MDCRT" != "$MDKEY" ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
echo "---" ;
elif [[ "$CRT" != "" || "$KEY" != "" ]] ; then
echo "[WARN] Check SSL config of ${F}";
echo "---" ;
fi
}
if [[ -d /etc/apache2/sites-enabled ]] ; then
echo "Checking enabled apache vhosts" ;
for FIL in /etc/apache2/sites-enabled/* ; do
CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
chkdata "$FIL" "$CRT" "$KEY" ;
done
fi
if [[ -d /etc/nginx/sites-enabled ]] ; then
echo "Checking enabled nginx vhosts" ;
for FIL in /etc/nginx/sites-enabled/* ; do
CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
CRT=${CRT%;}
KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
KEY=${KEY%;}
chkdata "$FIL" "$CRT" "$KEY" ;
done
fi
\ No newline at end of file
<?php
/*
Copyright (c) 2021, Till Brehm, ISPConfig UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
//*** Debian 11 default settings
//* Main
$conf['language'] = 'en';
$conf['distname'] = 'debian110';
$conf['hostname'] = 'server1.domain.tld'; // Full hostname
$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
$conf['ispconfig_log_priority'] = 2; // 0 = Debug, 1 = Warning, 2 = Error
$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
$conf['server_id'] = 1;
$conf['init_scripts'] = '/etc/init.d';
$conf['runlevel'] = '/etc';
$conf['shells'] = '/etc/shells';
$conf['pam'] = '/etc/pam.d';
//* Services provided by this server, this selection will be overridden by the expert mode
$conf['services']['mail'] = true;
$conf['services']['web'] = true;
$conf['services']['dns'] = true;
$conf['services']['file'] = true;
$conf['services']['db'] = true;
$conf['services']['vserver'] = true;
$conf['services']['proxy'] = false;
$conf['services']['firewall'] = false;
//* MySQL
$conf['mysql']['installed'] = false; // will be detected automatically during installation
$conf['mysql']['init_script'] = 'mysql';
$conf['mysql']['host'] = 'localhost';
$conf['mysql']['ip'] = '127.0.0.1';
$conf['mysql']['port'] = '3306';
$conf['mysql']['database'] = 'dbispconfig';
$conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
$conf['apache']['user'] = 'www-data';
$conf['apache']['group'] = 'www-data';
$conf['apache']['init_script'] = 'apache2';
$conf['apache']['version'] = '2.4';
$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
$conf['apache']['vhost_port'] = '8080';
$conf['apache']['php_ini_path_apache'] = '/etc/php/7.4/apache2/php.ini';
$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.4/cgi/php.ini';
//* Website base settings
$conf['web']['website_basedir'] = '/var/www';
$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
//* Apps base settings
$conf['web']['apps_vhost_ip'] = '_default_';
$conf['web']['apps_vhost_port'] = '8081';
$conf['web']['apps_vhost_servername'] = '';
$conf['web']['apps_vhost_user'] = 'ispapps';
$conf['web']['apps_vhost_group'] = 'ispapps';
//* Fastcgi
$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.4/cgi/';
$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
//* Postfix
$conf['postfix']['installed'] = false; // will be detected automatically during installation
$conf['postfix']['config_dir'] = '/etc/postfix';
$conf['postfix']['init_script'] = 'postfix';
$conf['postfix']['user'] = 'postfix';
$conf['postfix']['group'] = 'postfix';
$conf['postfix']['vmail_userid'] = '5000';
$conf['postfix']['vmail_username'] = 'vmail';
$conf['postfix']['vmail_groupid'] = '5000';
$conf['postfix']['vmail_groupname'] = 'vmail';
$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
//* Mailman
$conf['mailman']['installed'] = false; // will be detected automatically during installation
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
$conf['getmail']['program'] = '/usr/bin/getmail';
//* Courier
$conf['courier']['installed'] = false; // will be detected automatically during installation
$conf['courier']['config_dir'] = '/etc/courier';
$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
$conf['courier']['courier-imap'] = 'courier-imap';
$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
$conf['courier']['courier-pop'] = 'courier-pop';
$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
//* Dovecot
$conf['dovecot']['installed'] = false; // will be detected automatically during installation
$conf['dovecot']['config_dir'] = '/etc/dovecot';
$conf['dovecot']['init_script'] = 'dovecot';
//* SASL
$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
$conf['saslauthd']['config'] = '/etc/default/saslauthd';
$conf['saslauthd']['init_script'] = 'saslauthd';
//* Amavisd
$conf['amavis']['installed'] = false; // will be detected automatically during installation
$conf['amavis']['config_dir'] = '/etc/amavis';
$conf['amavis']['init_script'] = 'amavis';
//* Rspamd
$conf['rspamd']['installed'] = false; // will be detected automatically during installation
$conf['rspamd']['config_dir'] = '/etc/rspamd';
$conf['rspamd']['init_script'] = 'rspamd';
//* ClamAV
$conf['clamav']['installed'] = false; // will be detected automatically during installation
$conf['clamav']['init_script'] = 'clamav-daemon';
//* Pureftpd
$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
//* MyDNS
$conf['mydns']['installed'] = false; // will be detected automatically during installation
$conf['mydns']['config_dir'] = '/etc';
$conf['mydns']['init_script'] = 'mydns';
//* PowerDNS
$conf['powerdns']['installed'] = false; // will be detected automatically during installation
$conf['powerdns']['database'] = 'powerdns';
$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
$conf['powerdns']['init_script'] = 'pdns';
//* BIND DNS Server
$conf['bind']['installed'] = false; // will be detected automatically during installation
$conf['bind']['bind_user'] = 'root';
$conf['bind']['bind_group'] = 'bind';
$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
$conf['bind']['init_script'] = 'bind9';
//* Jailkit
$conf['jailkit']['installed'] = false; // will be detected automatically during installation
$conf['jailkit']['config_dir'] = '/etc/jailkit';
$conf['jailkit']['jk_init'] = 'jk_init.ini';
$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch';
$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
//* Squid
$conf['squid']['installed'] = false; // will be detected automatically during installation
$conf['squid']['config_dir'] = '/etc/squid';
$conf['squid']['init_script'] = 'squid';
//* Nginx
$conf['nginx']['installed'] = false; // will be detected automatically during installation
$conf['nginx']['user'] = 'www-data';
$conf['nginx']['group'] = 'www-data';
$conf['nginx']['config_dir'] = '/etc/nginx';
$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
$conf['nginx']['init_script'] = 'nginx';
$conf['nginx']['vhost_port'] = '8080';
$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
$conf['nginx']['php_fpm_init_script'] = 'php7.4-fpm';
$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.4/fpm/php.ini';
$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.4/fpm/pool.d';
$conf['nginx']['php_fpm_start_port'] = 9010;
$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.4-fpm';
//* OpenVZ
$conf['openvz']['installed'] = false;
//*Bastille-Firwall
$conf['bastille']['installed'] = false;
$conf['bastille']['config_dir'] = '/etc/Bastille';
//* vlogger
$conf['vlogger']['config_dir'] = '/etc';
//* cron
$conf['cron']['init_script'] = 'cron';
$conf['cron']['crontab_dir'] = '/etc/cron.d';
$conf['cron']['wget'] = '/usr/bin/wget';
//* Metronome XMPP
$conf['xmpp']['installed'] = false;
$conf['xmpp']['init_script'] = 'metronome';
?>
......@@ -32,7 +32,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//* Main
$conf['language'] = 'en';
$conf['distname'] = 'debian100';
$conf['distname'] = 'debian110';
$conf['hostname'] = 'server1.domain.tld'; // Full hostname
$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
......@@ -83,8 +83,8 @@ $conf['apache']['version'] = '2.4';
$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
$conf['apache']['vhost_port'] = '8080';
$conf['apache']['php_ini_path_apache'] = '/etc/php/7.3/apache2/php.ini';
$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.3/cgi/php.ini';
$conf['apache']['php_ini_path_apache'] = '/etc/php/7.4/apache2/php.ini';
$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.4/cgi/php.ini';
//* Website base settings
$conf['web']['website_basedir'] = '/var/www';
......@@ -99,7 +99,7 @@ $conf['web']['apps_vhost_user'] = 'ispapps';
$conf['web']['apps_vhost_group'] = 'ispapps';
//* Fastcgi
$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.3/cgi/';
$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.4/cgi/';
$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
......@@ -210,11 +210,11 @@ $conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
$conf['nginx']['init_script'] = 'nginx';
$conf['nginx']['vhost_port'] = '8080';
$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
$conf['nginx']['php_fpm_init_script'] = 'php7.3-fpm';
$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.3/fpm/php.ini';
$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.3/fpm/pool.d';
$conf['nginx']['php_fpm_init_script'] = 'php7.4-fpm';
$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.4/fpm/php.ini';
$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.4/fpm/pool.d';
$conf['nginx']['php_fpm_start_port'] = 9010;
$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.3-fpm';
$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.4-fpm';
//* OpenVZ
$conf['openvz']['installed'] = false;
......
......@@ -154,7 +154,7 @@ $conf['rspamd']['init_script'] = 'rspamd';
//* ClamAV
$conf['clamav']['installed'] = false; // will be detected automatically during installation
$conf['clamav']['init_script'] = 'clamd.amavisd';
$conf['clamav']['init_script'] = 'clamd@amavisd';
//* Pureftpd
$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
......
......@@ -51,7 +51,8 @@ use strict;
$sql_select_policy =
'SELECT *,spamfilter_users.id'.
' FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id'.
' WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC';
' WHERE spamfilter_users.email IN (%k) AND spamfilter_users.policy_id != 0'.
' ORDER BY spamfilter_users.priority DESC';
$sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'.
......
......@@ -160,8 +160,13 @@ if(!is_writable(dirname(ISPC_LOG_FILE))){
die("ERROR: Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n");
}
//** Check for ISPConfig 2.x versions
if(is_dir('/root/ispconfig') || is_dir('/home/admispconfig')) {
die('This software cannot be installed on a server wich runs ISPConfig 2.x.');
if(is_dir('/home/admispconfig')) {
die('This software cannot be installed on a server which runs ISPConfig 2.x.');
} else {
die('This software cannot be installed on a server which runs ISPConfig 2.x; the presence of the /root/ispconfig/ directory may indicate an ISPConfig 2.x installation, otherwise you can remove or rename it to continue.');
}
}
if(is_dir('/usr/local/ispconfig')) {
......
......@@ -238,6 +238,13 @@ function get_distname() {
$distid = 'debian60';
$distbaseid = 'debian';
swriteln("Operating System: Debian 10.0 (Buster) or compatible\n");
} elseif(substr(trim(file_get_contents('/etc/debian_version')),0,2) == '11') {
$distname = 'Debian';
$distver = 'Bullseye';
$distconfid = 'debian110';
$distid = 'debian60';
$distbaseid = 'debian';
swriteln("Operating System: Debian 11.0 (Bullseye) or compatible\n");
} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '/sid')) {
$distname = 'Debian';
$distver = 'Testing';
......
......@@ -1861,7 +1861,7 @@ class installer_base {
# local.d templates with template tags
# note: ensure these template files are in server/conf/ and symlinked in install/tpl/
$local_d = array(
'dkim_signing.conf',
'dkim_signing.conf', # dkim_signing.conf no longer uses template tags, could move below
'options.inc',
'redis.conf',
'classifier-bayes.conf',
......@@ -1897,6 +1897,7 @@ class installer_base {
'neural_group.conf',
'users.conf',
'groups.conf',
'arc.conf',
);
foreach ($local_d as $f) {
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
......@@ -2894,8 +2895,13 @@ class installer_base {
$check_acme_file = $acme_cert_dir . '/cert.pem';
}
}
swriteln('Using certificate path ' . $acme_cert_dir);
if(!is_dir($conf['ispconfig_log_dir'])) {
mkdir($conf['ispconfig_log_dir'], 0755, true);
}
$acme_log = $conf['ispconfig_log_dir'] . '/acme.log';
$ip_address_match = false;
if(!(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips)))) {
swriteln('Server\'s public ip(s) (' . $svr_ip4 . ($svr_ip6 ? ', ' . $svr_ip6 : '') . ') not found in A/AAAA records for ' . $hostname . ': ' . implode(', ', $dns_ips));
......@@ -2917,16 +2923,25 @@ class installer_base {
// This script is needed earlier to check and open http port 80 or standalone might fail
// Make executable and temporary symlink latest letsencrypt pre, post and renew hook script before install
if(file_exists(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_pre_hook.sh') && !file_exists('/usr/local/bin/letsencrypt_pre_hook.sh')) {
if(is_link('/usr/local/bin/letsencrypt_pre_hook.sh')) {
unlink('/usr/local/bin/letsencrypt_pre_hook.sh');
}
symlink(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_pre_hook.sh', '/usr/local/bin/letsencrypt_pre_hook.sh');
chown('/usr/local/bin/letsencrypt_pre_hook.sh', 'root');
chmod('/usr/local/bin/letsencrypt_pre_hook.sh', 0700);
}
if(file_exists(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_post_hook.sh') && !file_exists('/usr/local/bin/letsencrypt_post_hook.sh')) {
if(is_link('/usr/local/bin/letsencrypt_post_hook.sh')) {
unlink('/usr/local/bin/letsencrypt_post_hook.sh');
}
symlink(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_post_hook.sh', '/usr/local/bin/letsencrypt_post_hook.sh');
chown('/usr/local/bin/letsencrypt_post_hook.sh', 'root');
chmod('/usr/local/bin/letsencrypt_post_hook.sh', 0700);
}
if(file_exists(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_renew_hook.sh') && !file_exists('/usr/local/bin/letsencrypt_renew_hook.sh')) {
if(is_link('/usr/local/bin/letsencrypt_renew_hook.sh')) {
unlink('/usr/local/bin/letsencrypt_renew_hook.sh');
}
symlink(ISPC_INSTALL_ROOT . '/server/scripts/letsencrypt_renew_hook.sh', '/usr/local/bin/letsencrypt_renew_hook.sh');
chown('/usr/local/bin/letsencrypt_renew_hook.sh', 'root');
chmod('/usr/local/bin/letsencrypt_renew_hook.sh', 0700);
......@@ -3002,13 +3017,13 @@ class installer_base {
// Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
copy($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
}
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
copy($ssl_key_file, $ssl_key_file . '-temporary.bak');
}
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
copy($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
}
// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
......@@ -3020,14 +3035,17 @@ class installer_base {
# acme.sh does not set umask, resulting in incorrect permissions (ispconfig issue #6015)
$old_umask = umask(0022);
// Switch from zerossl to letsencrypt CA
exec("$acme --set-default-ca --server letsencrypt");
$out = null;
$ret = null;
if($conf['nginx']['installed'] == true || $conf['apache']['installed'] == true) {
exec("$acme --issue -w /usr/local/ispconfig/interface/acme -d " . escapeshellarg($hostname) . " $renew_hook", $out, $ret);
exec("$acme --issue --log $acme_log -w /usr/local/ispconfig/interface/acme -d " . escapeshellarg($hostname) . " $renew_hook", $out, $ret);
}
// Else, it is not webserver, so we use standalone
else {
exec("$acme --issue --standalone -d " . escapeshellarg($hostname) . " $hook", $out, $ret);
exec("$acme --issue --log $acme_log --standalone -d " . escapeshellarg($hostname) . " $hook", $out, $ret);
}
if($ret == 0 || ($ret == 2 && file_exists($check_acme_file))) {
......@@ -3039,7 +3057,7 @@ class installer_base {
//$acme_cert = "--cert-file $acme_cert_dir/cert.pem";
$acme_key = "--key-file " . escapeshellarg($ssl_key_file);
$acme_chain = "--fullchain-file " . escapeshellarg($ssl_crt_file);
exec("$acme --install-cert -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
exec("$acme --install-cert --log $acme_log -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
$issued_successfully = true;
umask($old_umask);
......
<?php
if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
class upd_0094 extends installer_patch_update {