Commit 2856951f authored by Hj Ahmad Rasyid Hj Ismail's avatar Hj Ahmad Rasyid Hj Ismail Committed by Till Brehm

Update installer_base.lib.php to get LE SSL certs for the server via certbot...

Update installer_base.lib.php to get LE SSL certs for the server via certbot or acme.sh before openssl self-signed method upon new installation or existing update; and extend it to other available services (postfix, pure-ftpd-mysql), with additional dhparam pem file, if none exists.
parent 2e50dfc1
......@@ -574,6 +574,12 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
$inst->install_ispconfig_interface = false;
}
// Create SSL certs for non-webserver(s)?
if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
$inst->make_ispconfig_ssl_cert();
}
$inst->install_ispconfig();
//* Configure DBServer
......
This diff is collapsed.
......@@ -88,6 +88,9 @@ if($do_uninstall == 'yes') {
exec('rm -rf /usr/local/ispconfig');
// Delete various other files
@unlink("/usr/local/bin/letsencrypt_post_hook.sh");
@unlink("/usr/local/bin/letsencrypt_pre_hook.sh");
@unlink("/usr/local/bin/letsencrypt_renew_hook.sh");
@unlink("/usr/local/bin/ispconfig_update.sh");
@unlink("/usr/local/bin/ispconfig_update_from_svn.sh");
@unlink("/var/spool/mail/ispconfig");
......
......@@ -534,6 +534,12 @@ if ($inst->install_ispconfig_interface) {
}
}
// Create SSL certs for non-webserver(s)?
if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
$inst->make_ispconfig_ssl_cert();
}
$inst->install_ispconfig();
// Cleanup
......
#!/bin/bash
### BEGIN INIT INFO
# Provides: LETSENCRYPT POST HOOK SCRIPT
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LETSENCRYPT POST HOOK SCRIPT
# Description: To force close http port 80 if it is by default closed, to be used by letsencrypt client standlone command
### END INIT INFO
## If you need a custom hook file, create a file with the same name in
## /usr/local/ispconfig/server/conf-custom/scripts/
if [[ -e "/usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_post_hook.sh" ]] ; then
. /usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_post_hook.sh && exit 0 || exit 1;
fi
# You can add support to other firewall
# For RHEL, Centos or derivatives
if which yum &> /dev/null 2>&1 ; then
# Check if web server software is installed, start it if any
if [ rpm -q nginx ]; then service nginx start
elif [ rpm -q httpd ]; then service httpd start
# If using firewalld
elif [ rpm -q firewalld ] && [ `firewall-cmd --state` = running ]; then
firewall-cmd --zone=public --permanent --remove-service=http
firewall-cmd --reload
# If using UFW
else; if [ rpm -q ufw ]; then ufw --force enable && ufw deny http; fi
fi
# For Debian, Ubuntu or derivatives
elif apt-get -v >/dev/null 2>&1 ; then
# Check if web server software is installed, stop it if any
if [ $(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service nginx start
elif [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service apache2 start
# If using UFW
else; if [ $(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed") -eq 1 ]; then ufw --force enable && ufw deny http; fi
fi
# Try iptables as a final attempt
else
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
service iptables save
fi
\ No newline at end of file
#!/bin/bash
### BEGIN INIT INFO
# Provides: LETSENCRYPT PRE HOOK SCRIPT
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LETSENCRYPT PRE HOOK SCRIPT
# Description: To force open http port 80 to be used by letsencrypt client standlone command
### END INIT INFO
## If you need a custom hook file, create a file with the same name in
## /usr/local/ispconfig/server/conf-custom/scripts/
if [[ -e "/usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_pre_hook.sh" ]] ; then
. /usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_pre_hook.sh && exit 0 || exit 1 ;
fi
# You can add support to other firewall
# For RHEL, Centos or derivatives
if which yum &> /dev/null 2>&1 ; then
# Check if web server software is installed, stop it if any
if [ rpm -q nginx ]; then service nginx stop; fi
if [ rpm -q httpd ]; then service httpd stop; fi
# If using firewalld
if [ rpm -q firewalld ] && [ `firewall-cmd --state` = running ]; then
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
fi
# If using UFW
if [ rpm -q ufw ]; then ufw --force enable && ufw allow http; fi
# For Debian, Ubuntu or derivatives
elif apt-get -v >/dev/null 2>&1 ; then
# Check if web server software is installed, stop it if any
if [ $(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service nginx stop; fi
if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service apache2 stop; fi
# If using UFW
if [ $(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed") -eq 1 ]; then ufw --force enable && ufw allow http; fi
# Try iptables as a final attempt
else
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
service iptables save
fi
#!/bin/bash
### BEGIN INIT INFO
# Provides: LETSENCRYPT RENEW HOOK SCRIPT
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LETSENCRYPT RENEW HOOK SCRIPT
# Description: Taken from LE4ISPC code. To be used to update ispserver.pem automatically after ISPConfig LE SSL certs are renewed and to reload / restart important ISPConfig server services
### END INIT INFO
## If you need a custom hook file, create a file with the same name in
## /usr/local/ispconfig/server/conf-custom/scripts/
if [[ -e "/usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_renew_hook.sh" ]] ; then
. /usr/local/ispconfig/server/conf-custom/scripts/letsencrypt_renew_hook.sh && exit 0 || exit 1;
fi
lelive=/etc/letsencrypt/live/$(hostname -f); if [ -d "$lelive" ]; then
cd /usr/local/ispconfig/interface/ssl; ibak=ispserver.*.bak; ipem=ispserver.pem; icrt=ispserver.crt; ikey=ispserver.key
if ls $ibak 1> /dev/null 2>&1; then rm $ibak; fi
if [ -e "$ipem" ]; then mv $ipem $ipem-$(date +"%y%m%d%H%M%S").bak; cat $ikey $icrt > $ipem; chmod 600 $ipem; fi
pureftpdpem=/etc/ssl/private/pure-ftpd.pem; if [ -e "$pureftpdpem" ]; then chmod 600 $pureftpdpem; fi
# For Red Hat, Centos or derivatives
if which yum &> /dev/null 2>&1 ; then
if [ rpm -q pure-ftpd ]; then service pure-ftpd restart; fi
if [ rpm -q monit ]; then service monit restart; fi
if [ rpm -q postfix ]; then service postfix restart; fi
if [ rpm -q dovecot ]; then service dovecot restart; fi
if [ rpm -q mysql-server ]; then service mysqld restart; fi
if [ rpm -q mariadb-server ]; then service mariadb restart; fi
if [ rpm -q MariaDB-server ]; then service mysql restart; fi
if [ rpm -q nginx ]; then service nginx restart; fi
if [ rpm -q httpd ]; then service httpd restart; fi
# For Debian, Ubuntu or derivatives
elif apt-get -v >/dev/null 2>&1 ; then
if [ $(dpkg-query -W -f='${Status}' pure-ftpd-mysql 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service pure-ftpd-mysql restart; fi
if [ $(dpkg-query -W -f='${Status}' monit 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service monit restart; fi
if [ $(dpkg-query -W -f='${Status}' postfix 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service postfix restart; fi
if [ $(dpkg-query -W -f='${Status}' dovecot-imapd 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service dovecot restart; fi
if [ $(dpkg-query -W -f='${Status}' mysql 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service mysql restart; fi
if [ $(dpkg-query -W -f='${Status}' mariadb 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service mysql restart; fi
if [ $(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service nginx restart; fi
if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; then service apache2 restart; fi
else
fi
else echo `/bin/date` "Your Lets Encrypt SSL certs path for your ISPConfig server FQDN is missing.$line" >> /var/log/ispconfig/ispconfig.log; fi
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment