Commit a20ec4ca authored by Marius Burkard's avatar Marius Burkard

- ported patches for letsencrypt

parent 6cc90d34
......@@ -1116,7 +1116,12 @@ class apache2_plugin {
*/
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
)) {
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
......@@ -1126,88 +1131,112 @@ class apache2_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
// default values
$temp_domains = array();
$lddomain = $domain;
$subdomains = null;
//* be sure to have good domain
$lddomain = (string) "$domain";
if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
$lddomain .= (string) " --domains www." . $domain;
$temp_domains[] = "www." . $domain;
}
$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
$bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
$webroot = $data['new']['document_root']."/web";
//* then, add subdomain if we have
$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
if(is_array($subdomains)) {
foreach($subdomains as $subdomain) {
$temp_domains[] = $subdomain['domain'];
}
}
//* check if we have already a Let's Encrypt cert
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
// prevent duplicate
$temp_domains = array_unique($temp_domains);
if(is_dir($webroot . "/.well-known/")) {
$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
$this->_exec("rm -rf " . $webroot . "/.well-known/");
}
// generate cli format
foreach($temp_domains as $temp_domain) {
$lddomain .= (string) " --domains " . $temp_domain;
}
$app->log("Create challenge directory", LOGLEVEL_DEBUG);
$app->system->mkdirpath($webroot . "/.well-known/");
$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
}
};
// useless data
unset($subdomains);
unset($temp_domains);
//* check is been correctly created
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
$date = date("YmdHis");
if(is_file($key_file)) {
$app->system->copy($key_file, $key_file.'.old'.$date);
$app->system->chmod($key_file.'.old.'.$date, 0400);
$app->system->unlink($key_file);
}
$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
$bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
$webroot = $data['new']['document_root']."/web";
if ($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
} else {
exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
}
//* check if we have already a Let's Encrypt cert
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
if(is_file($crt_file)) {
$app->system->copy($crt_file, $crt_file.'.old.'.$date);
$app->system->chmod($crt_file.'.old.'.$date, 0400);
$app->system->unlink($crt_file);
}
if(is_dir($webroot . "/.well-known/")) {
$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
$this->_exec("rm -rf " . $webroot . "/.well-known/");
}
if($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
} else {
exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
}
$app->log("Create challenge directory", LOGLEVEL_DEBUG);
$app->system->mkdirpath($webroot . "/.well-known/");
$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
}
};
if(is_file($bundle_file)) {
$app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
$app->system->chmod($bundle_file.'.old.'.$date, 0400);
$app->system->unlink($bundle_file);
}
//* check is been correctly created
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
$date = date("YmdHis");
if(is_file($key_file)) {
$app->system->copy($key_file, $key_file.'.old'.$date);
$app->system->chmod($key_file.'.old.'.$date, 0400);
$app->system->unlink($key_file);
}
if($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
} else {
exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
}
if ($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
} else {
exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
}
/* we don't need to store it.
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
if(is_file($crt_file)) {
$app->system->copy($crt_file, $crt_file.'.old.'.$date);
$app->system->chmod($crt_file.'.old.'.$date, 0400);
$app->system->unlink($crt_file);
}
};
if($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
} else {
exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
}
if(is_file($bundle_file)) {
$app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
$app->system->chmod($bundle_file.'.old.'.$date, 0400);
$app->system->unlink($bundle_file);
}
if($web_config["website_symlinks_rel"] == 'y') {
$this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
} else {
exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
}
/* we don't need to store it.
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
}
}
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
......
......@@ -1231,23 +1231,55 @@ class nginx_plugin {
$tpl->setVar('ssl_letsencrypt', "n");
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
)) {
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
$domain = substr($domain, 2);
}
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
$lddomain = (string) "$domain";
if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
$lddomain .= (string) " --domains www." . $domain;
// default values
$temp_domains = array();
$lddomain = $domain;
$subdomains = null;
//* be sure to have good domain
if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
$temp_domains[] = "www." . $domain;
}
//* then, add subdomain if we have
$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
if(is_array($subdomains)) {
foreach($subdomains as $subdomain) {
$temp_domains[] = $subdomain['domain'];
}
}
// prevent duplicate
$temp_domains = array_unique($temp_domains);
// generate cli format
foreach($temp_domains as $temp_domain) {
$lddomain .= (string) " --domains " . $temp_domain;
}
// useless data
unset($subdomains);
unset($temp_domains);
$tpl->setVar('ssl_letsencrypt', "y");
//* TODO: check dns entry is correct
$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem";
......@@ -1265,7 +1297,7 @@ class nginx_plugin {
$app->log("Create challenge directory", LOGLEVEL_DEBUG);
$app->system->mkdirpath($webroot . "/.well-known/");
$app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment