Commit f5bd972f authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch '6017-ssl-for-nginx-apps-vhost' into 'develop'

Resolve "SSL for nginx apps vhost"

Closes #6017 and #6007

See merge request !1422
parents d0d54151 08bd30a2
......@@ -2553,7 +2553,7 @@ class installer_base {
$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
$tpl->setVar('ssl_comment','');
} else {
$tpl->setVar('ssl_comment','#');
......@@ -2636,6 +2636,15 @@ class installer_base {
// Dont just copy over the virtualhost template but add some custom settings
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_apps.vhost.master', 'tpl/nginx_apps.vhost.master');
// Enable SSL if a cert is in place.
if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_on}', 'ssl', $content);
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_on}', '', $content);
$content = str_replace('{ssl_comment}', '#', $content);
}
if($conf['web']['apps_vhost_ip'] == '_default_'){
$apps_vhost_ip = '';
} else {
......@@ -2678,10 +2687,6 @@ class installer_base {
$content = str_replace('{use_tcp}', $use_tcp, $content);
$content = str_replace('{use_socket}', $use_socket, $content);
// SSL in apps vhost is off by default. Might change later.
$content = str_replace('{ssl_on}', '', $content);
$content = str_replace('{ssl_comment}', '#', $content);
// Fix socket path on PHP 7 systems
if(file_exists('/var/run/php/php7.0-fpm.sock')) $content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
if(file_exists('/var/run/php/php7.1-fpm.sock')) $content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.1-fpm.sock', $content);
......
......@@ -7,7 +7,7 @@ server {
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
# redirect to https if accessed with http
{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
{ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
server_name {apps_vhost_servername};
......
......@@ -7,7 +7,7 @@ server {
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
# redirect to https if accessed with http
{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
{ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
server_name {apps_vhost_servername};
......
......@@ -206,16 +206,14 @@ class apps_vhost_plugin {
$use_socket = '#';
}
/* Check if SSL should be enabled: */
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
/* Check if SSL should be enabled: */
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
$content = str_replace('{ssl_on}', 'ssl', $content);
$content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
} else {
} else {
$content = str_replace('{ssl_comment}', '#', $content);
$content = preg_replace('/(\s)\{ssl_on\}/', '', $content);
$content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
}
}
$content = str_replace('{use_tcp}', $use_tcp, $content);
$content = str_replace('{use_socket}', $use_socket, $content);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment