From f0dfa9f4bb885178de0dde42eebc4e5e5321bef2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Fri, 5 Jun 2015 10:50:05 +0200
Subject: [PATCH] - added http -> https rewriting - backported patches

---
 .../sql/incremental/upd_dev_collection.sql    |  3 +-
 install/sql/ispconfig3.sql                    |  3 +-
 .../web/sites/form/web_vhost_domain.tform.php |  9 ++++++
 .../templates/web_vhost_domain_redirect.htm   |  6 ++++
 server/conf/nginx_vhost.conf.master           |  7 +++++
 server/conf/vhost.conf.master                 |  6 ++++
 server/lib/classes/cron.d/150-awstats.inc.php |  5 +++
 .../lib/classes/cron.d/150-webalizer.inc.php  |  8 ++++-
 .../plugins-available/apache2_plugin.inc.php  | 31 +++++++++++--------
 server/plugins-available/nginx_plugin.inc.php | 25 ++++++++-------
 10 files changed, 76 insertions(+), 27 deletions(-)

diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index b9c0562383..919f8d4801 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -144,7 +144,7 @@ ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NU
 ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
 ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';
 ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';
-ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n' AFTER `directive_snippets_id`;
+ALTER TABLE `web_domain` ADD COLUMN `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `directive_snippets_id`;
 
 ALTER TABLE openvz_template ADD COLUMN `features` varchar(255) DEFAULT NULL AFTER `capability`;
 ALTER TABLE openvz_vm ADD COLUMN `features` TEXT DEFAULT NULL AFTER `capability`;
@@ -165,3 +165,4 @@ CREATE TABLE `server_ip_map` (
   PRIMARY KEY (`server_ip_map_id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
+ALTER TABLE `web_domain` ADD COLUMN `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n' AFTER `seo_redirect`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index a55ff21c64..df45246e64 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1884,6 +1884,7 @@ CREATE TABLE `web_domain` (
   `redirect_type` varchar(255) default NULL,
   `redirect_path` varchar(255) default NULL,
   `seo_redirect` varchar(255) default NULL,
+  `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
   `ssl` enum('n','y') NOT NULL default 'n',
   `ssl_state` varchar(255) NULL,
   `ssl_locality` varchar(255) NULL,
@@ -1924,7 +1925,7 @@ CREATE TABLE `web_domain` (
   `added_date` date NOT NULL DEFAULT '0000-00-00',
   `added_by` varchar(255) DEFAULT NULL,
   `directive_snippets_id` int(11) unsigned NOT NULL default '0',
-  `enable_pagespeed` ENUM('y','n') NULL DEFAULT 'n',
+  `enable_pagespeed` ENUM('y','n') NOT NULL DEFAULT 'n',
   `http_port` int(11) unsigned NOT NULL DEFAULT '80',
   `https_port` int(11) unsigned NOT NULL DEFAULT '443',
   PRIMARY KEY  (`domain_id`),
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index b457be7bdd..d232f12557 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -400,6 +400,15 @@ $form["tabs"]['redirect'] = array (
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'rewrite_to_https' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default'  => 'n',
+			'value' => array (
+				0 => 'n',
+				1 => 'y'
+			)
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################
diff --git a/interface/web/sites/templates/web_vhost_domain_redirect.htm b/interface/web/sites/templates/web_vhost_domain_redirect.htm
index 1bdcf006e5..06cc8a136e 100644
--- a/interface/web/sites/templates/web_vhost_domain_redirect.htm
+++ b/interface/web/sites/templates/web_vhost_domain_redirect.htm
@@ -33,6 +33,12 @@
                 <label for="rewrite_rules" class="col-sm-3 control-label">{tmpl_var name='rewrite_rules_txt'}</label>
                 <div class="col-sm-9"><textarea class="form-control" name="rewrite_rules" id="rewrite_rules" rows='10' cols='50'>{tmpl_var name='rewrite_rules'}</textarea></div>&nbsp;<b>{tmpl_var name="allowed_rewrite_rule_directives_txt"}</b><br><br>&nbsp;break<br>&nbsp;if<br>&nbsp;return<br>&nbsp;rewrite<br>&nbsp;set<br><br>&nbsp;<a href="http://wiki.nginx.org/HttpRewriteModule" target="_blank">http://wiki.nginx.org/HttpRewriteModule</a>
             </div>
+			<div class="form-group">
+				<label class="col-sm-3 control-label">{tmpl_var name='rewrite_to_https_txt'}</label>
+				<div class="col-sm-9">
+					{tmpl_var name="rewrite_to_https"}
+				</div>
+			</div>
         
 
         <input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 040af2151e..4a775cec25 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -33,6 +33,13 @@ server {
             rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
         }
 </tmpl_loop>
+<tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+        if ($scheme != "https") {
+            rewrite ^ https://$http_host$request_uri? permanent;
+        }
+</tmpl_if>
+</tmpl_if>
 
 <tmpl_loop name="own_redirects">
 <tmpl_if name='use_rewrite'>
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 279cbc52f1..bdfc761fda 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -412,6 +412,12 @@
 		RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
 	
 </tmpl_loop>
+<tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+        RewriteCond %{HTTPS} off
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+</tmpl_if>
+</tmpl_if>
 </tmpl_if>
 
 		# add support for apache mpm_itk
diff --git a/server/lib/classes/cron.d/150-awstats.inc.php b/server/lib/classes/cron.d/150-awstats.inc.php
index ea0c64f67a..2d281c7d39 100644
--- a/server/lib/classes/cron.d/150-awstats.inc.php
+++ b/server/lib/classes/cron.d/150-awstats.inc.php
@@ -117,6 +117,10 @@ class cronjob_awstats extends cronjob {
 			}
 
 			if(!@is_dir($statsdir)) mkdir($statsdir);
+			$username = escapeshellcmd($rec['system_user']);
+			$groupname = escapeshellcmd($rec['system_group']);
+			chown($statsdir, $username);
+			chgrp($statsdir, $groupname);
 			if(is_link('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log')) unlink('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log');
 			symlink($logfile, '/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log');
 
@@ -174,6 +178,7 @@ class cronjob_awstats extends cronjob {
 				chgrp($rec['document_root']."/".$web_folder."/stats/index.php", $rec['system_group']);
 			}
 
+			exec('chown -R '.$username.':'.$groupname.' '.$statsdir);
 		}
 
 
diff --git a/server/lib/classes/cron.d/150-webalizer.inc.php b/server/lib/classes/cron.d/150-webalizer.inc.php
index b850003200..0ae05dd682 100644
--- a/server/lib/classes/cron.d/150-webalizer.inc.php
+++ b/server/lib/classes/cron.d/150-webalizer.inc.php
@@ -79,7 +79,7 @@ class cronjob_webalizer extends cronjob {
 		}
 
 
-		$sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
+		$sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id, system_user, system_group FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";
 		$records = $app->db->queryAllRecords($sql, $conf['server_id']);
 
 		foreach($records as $rec) {
@@ -122,7 +122,13 @@ class cronjob_webalizer extends cronjob {
 
 
 			if(!@is_dir($statsdir)) mkdir($statsdir);
+			$username = escapeshellcmd($rec['system_user']);
+			$groupname = escapeshellcmd($rec['system_group']);
+			chown($statsdir, $username);
+			chgrp($statsdir, $groupname);
 			exec("$webalizer -c $webalizer_conf -n $domain -s $domain -r $domain -q -T -p -o $statsdir $logfile");
+			
+			exec('chown -R '.$username.':'.$groupname.' '.$statsdir);
 		}
 
 
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index b2f211570e..4bacf07e76 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -650,6 +650,7 @@ class apache2_plugin {
 
 		if(!is_dir($data['new']['document_root'].'/' . $web_folder)) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder);
 		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/error');
+		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/stats');
 		//if(!is_dir($data['new']['document_root'].'/'.$log_folder)) exec('mkdir -p '.$data['new']['document_root'].'/'.$log_folder);
 		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
@@ -771,27 +772,31 @@ class apache2_plugin {
 			}
 
 			if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2))) {
-				exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+				if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
 
 				if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
 				if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
 				if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
-			}
-			else {
+			} else {
 				if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
-				}
-				else {
-					exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
-					if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
-					if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
-					if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+				} else {
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+					if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')){
+						if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					}
+					if(is_file($conf['rootpath'] . '/conf/index/robots.txt')){
+						if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					}
+					if(is_file($conf['rootpath'] . '/conf/index/.htaccess')){
+						if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					}
 				}
 			}
 			exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 24c46baeb6..9ce9de83f0 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -531,6 +531,7 @@ class nginx_plugin {
 
 		if(!is_dir($data['new']['document_root'].'/' . $web_folder)) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder);
 		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/error');
+		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/stats');
 		//if(!is_dir($data['new']['document_root'].'/'.$log_folder)) exec('mkdir -p '.$data['new']['document_root'].'/'.$log_folder);
 		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
@@ -652,26 +653,28 @@ class nginx_plugin {
 			}
 
 			if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2))) {
-				exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+				if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
 
 				if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
 				if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
 				//if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
 				//	exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				//}
-			}
-			else {
+			} else {
 				if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
-					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
-				}
-				else {
-					exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
-					if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
-					if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+				} else {
+					if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html')) exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
+					if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')){
+						if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					}
+					if(is_file($conf['rootpath'] . '/conf/index/robots.txt')){
+						if(!file_exists(escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
+					}
 					//if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
 				}
 			}
-- 
GitLab