From 4ae2a0f7071a793cb0ef54ecad888719ec788d26 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 28 Jul 2010 12:18:26 +0000
Subject: [PATCH] Implemented: FS#931 - Optional SSL for Web Interface

---
 install/dist/lib/fedora.lib.php           |  6 ++++++
 install/dist/lib/gentoo.lib.php           |  6 ++++++
 install/dist/lib/opensuse.lib.php         |  9 ++++++--
 install/install.php                       |  4 ++++
 install/lib/install.lib.php               | 18 ++++++++++++++++
 install/lib/installer_base.lib.php        | 25 +++++++++++++++++++++++
 install/tpl/apache_ispconfig.vhost.master |  4 ++++
 install/update.php                        |  5 +++++
 8 files changed, 75 insertions(+), 2 deletions(-)

diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 4046cc01b..5cb5b74f6 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -824,6 +824,12 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
 		
 		//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 08d3494a2..dce870d89 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -699,6 +699,12 @@ class installer extends installer_base
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
 		$this->write_config_file($vhost_path, $content);
 		
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index ef59709ea..1a7daf0de 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -633,8 +633,7 @@ class installer_dist extends installer_base {
   		unset($iptables_location);
 
 	}
-	
-	
+
 	public function install_ispconfig()
     {
 		global $conf;
@@ -838,6 +837,12 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$content = str_replace('/var/www/', '/srv/www/', $content);
 		
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
diff --git a/install/install.php b/install/install.php
index 88742adce..adf7db276 100644
--- a/install/install.php
+++ b/install/install.php
@@ -450,6 +450,10 @@ if($install_mode == 'standard') {
 		//** Customise the port ISPConfig runs on
 		$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080');
 		
+		if(strtolower($inst->simple_query('Enable SSL for the ISPConfig web interface',array('y','n'),'y')) == 'y') {
+			$inst->make_ispconfig_ssl_cert();
+		}
+		
 		$inst->install_ispconfig_interface = true;
 			
 	} else {
diff --git a/install/lib/install.lib.php b/install/lib/install.lib.php
index f964445bf..8793dba02 100644
--- a/install/lib/install.lib.php
+++ b/install/lib/install.lib.php
@@ -697,6 +697,24 @@ function get_ispconfig_port_number() {
 	}
 }
 
+/*
+* Get the port number of the ISPConfig controlpanel vhost
+*/
+
+function is_ispconfig_ssl_enabled() {
+	global $conf;
+	$ispconfig_vhost_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
+
+	if(is_file($ispconfig_vhost_file)) {
+		$tmp = file_get_contents($ispconfig_vhost_file);
+		if(stristr($tmp,'SSLCertificateFile')) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+
 
 
 ?>
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 0c14b1e90..3d3b60eb0 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1166,6 +1166,25 @@ class installer_base {
 		}
 
 	}
+	
+	public function make_ispconfig_ssl_cert() {
+		global $conf;
+		
+		$ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
+		$ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
+		$ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
+		
+		if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
+		
+		$ssl_pw = substr(md5(mt_rand()),0,6);
+		exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
+		exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+		exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
+		exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
+		exec("mv $ssl_key_file $ssl_key_file.secure");
+		exec("mv $ssl_key_file.insecure $ssl_key_file");
+		
+	}
 
 	public function install_ispconfig() {
 		global $conf;
@@ -1395,6 +1414,12 @@ class installer_base {
 		} else {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
+		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
 
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
 
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index e464ec46f..d3fc9a872 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -43,6 +43,10 @@ NameVirtualHost *:{vhost_port}
     SecRuleEngine Off
   </IfModule>
 
+  # SSL Configuration
+  {ssl_comment}SSLEngine On
+  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
 
 </VirtualHost>
 
diff --git a/install/update.php b/install/update.php
index a0b951451..8246113f5 100644
--- a/install/update.php
+++ b/install/update.php
@@ -308,6 +308,11 @@ swriteln('Updating ISPConfig');
 $ispconfig_port_number = get_ispconfig_port_number();
 $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number);
 
+// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
+if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('y','n'),'n')) == 'y') {
+	$inst->make_ispconfig_ssl_cert();
+}
+
 $inst->install_ispconfig();
 
 //** Configure Crontab
-- 
GitLab