From 7889e5d07eba36cf169a4c371bb8c21ccb02d851 Mon Sep 17 00:00:00 2001
From: Thom <thom@amsterdamtech.nl>
Date: Sat, 20 Feb 2021 18:50:31 +0100
Subject: [PATCH 1/3] Enable SSL if a cert is present for the Apps vhost when
 installing/updating (#6007)

---
 install/lib/installer_base.lib.php                 | 11 ++++++++++-
 install/tpl/nginx_apps.vhost.master                |  2 +-
 server/conf/nginx_apps.vhost.master                |  2 +-
 server/plugins-available/apps_vhost_plugin.inc.php | 10 ++++------
 4 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 1666b4c40d..cb253947e2 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2553,7 +2553,7 @@ class installer_base {
 			$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
 			$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
 			$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
-			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
+			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
 				$tpl->setVar('ssl_comment','');
 			} else {
 				$tpl->setVar('ssl_comment','#');
@@ -2636,6 +2636,15 @@ class installer_base {
 			// Dont just copy over the virtualhost template but add some custom settings
 			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_apps.vhost.master', 'tpl/nginx_apps.vhost.master');
 
+			// Enable SSL if a cert is in place.
+			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
+				$content = str_replace('{ssl_on}', 'ssl', $content);
+				$content = str_replace('{ssl_comment}', '', $content);
+			} else {
+				$content = str_replace('{ssl_on}', '', $content);
+				$content = str_replace('{ssl_comment}', '#', $content);
+			}
+
 			if($conf['web']['apps_vhost_ip'] == '_default_'){
 				$apps_vhost_ip = '';
 			} else {
diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master
index b91d1a16c5..181f4c807e 100644
--- a/install/tpl/nginx_apps.vhost.master
+++ b/install/tpl/nginx_apps.vhost.master
@@ -7,7 +7,7 @@ server {
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 
         # redirect to https if accessed with http
-        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
+        {ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
 
         server_name {apps_vhost_servername};
 
diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master
index b91d1a16c5..181f4c807e 100644
--- a/server/conf/nginx_apps.vhost.master
+++ b/server/conf/nginx_apps.vhost.master
@@ -7,7 +7,7 @@ server {
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 
         # redirect to https if accessed with http
-        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
+        {ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
 
         server_name {apps_vhost_servername};
 
diff --git a/server/plugins-available/apps_vhost_plugin.inc.php b/server/plugins-available/apps_vhost_plugin.inc.php
index b64adfde6e..2195b607cd 100644
--- a/server/plugins-available/apps_vhost_plugin.inc.php
+++ b/server/plugins-available/apps_vhost_plugin.inc.php
@@ -206,16 +206,14 @@ class apps_vhost_plugin {
 				$use_socket = '#';
 			}
 
-                        /* Check if SSL should be enabled: */
-                        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+            /* Check if SSL should be enabled: */
+            if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{ssl_on}', 'ssl', $content);
-                                $content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
-                        } else {
+            } else {
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = preg_replace('/(\s)\{ssl_on\}/', '', $content);
-				$content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
-                        }
+			}
 	 
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
-- 
GitLab


From b74093a0278511e7aab14cb0860b43991a72f9e0 Mon Sep 17 00:00:00 2001
From: Thom <thom@amsterdamtech.nl>
Date: Sat, 20 Feb 2021 19:27:15 +0100
Subject: [PATCH 2/3] Don't disable SSL for Apps vhost (nginx) by default
 (#6017)

---
 install/lib/installer_base.lib.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index cb253947e2..956782543b 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2687,10 +2687,6 @@ class installer_base {
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
 
-			// SSL in apps vhost is off by default. Might change later.
-			$content = str_replace('{ssl_on}', '', $content);
-			$content = str_replace('{ssl_comment}', '#', $content);
-
 			// Fix socket path on PHP 7 systems
 			if(file_exists('/var/run/php/php7.0-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
 			if(file_exists('/var/run/php/php7.1-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.1-fpm.sock', $content);
-- 
GitLab


From 08bd30a238bc3f25627aa48e17e38b1c2793063c Mon Sep 17 00:00:00 2001
From: Thom <thom@amsterdamtech.nl>
Date: Sat, 20 Feb 2021 19:29:33 +0100
Subject: [PATCH 3/3] Replace incorrect variable (#6017)

---
 install/lib/installer_base.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 956782543b..3a0f87af1e 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2637,7 +2637,7 @@ class installer_base {
 			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_apps.vhost.master', 'tpl/nginx_apps.vhost.master');
 
 			// Enable SSL if a cert is in place.
-			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
+			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
 				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 			} else {
-- 
GitLab