Commit 4ae2a0f7 authored by tbrehm's avatar tbrehm

Implemented: FS#931 - Optional SSL for Web Interface

parent 712706d8
...@@ -824,6 +824,12 @@ class installer_dist extends installer_base { ...@@ -824,6 +824,12 @@ class installer_dist extends installer_base {
$content = str_replace('{vhost_port_listen}', '', $content); $content = str_replace('{vhost_port_listen}', '', $content);
} }
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
}
wf("$vhost_conf_dir/ispconfig.vhost", $content); wf("$vhost_conf_dir/ispconfig.vhost", $content);
//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost"); //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
......
...@@ -699,6 +699,12 @@ class installer extends installer_base ...@@ -699,6 +699,12 @@ class installer extends installer_base
$content = str_replace('{vhost_port_listen}', '', $content); $content = str_replace('{vhost_port_listen}', '', $content);
} }
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
}
$vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost'; $vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
$this->write_config_file($vhost_path, $content); $this->write_config_file($vhost_path, $content);
......
...@@ -633,8 +633,7 @@ class installer_dist extends installer_base { ...@@ -633,8 +633,7 @@ class installer_dist extends installer_base {
unset($iptables_location); unset($iptables_location);
} }
public function install_ispconfig() public function install_ispconfig()
{ {
global $conf; global $conf;
...@@ -838,6 +837,12 @@ class installer_dist extends installer_base { ...@@ -838,6 +837,12 @@ class installer_dist extends installer_base {
$content = str_replace('{vhost_port_listen}', '', $content); $content = str_replace('{vhost_port_listen}', '', $content);
} }
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
}
$content = str_replace('/var/www/', '/srv/www/', $content); $content = str_replace('/var/www/', '/srv/www/', $content);
wf("$vhost_conf_dir/ispconfig.vhost", $content); wf("$vhost_conf_dir/ispconfig.vhost", $content);
......
...@@ -450,6 +450,10 @@ if($install_mode == 'standard') { ...@@ -450,6 +450,10 @@ if($install_mode == 'standard') {
//** Customise the port ISPConfig runs on //** Customise the port ISPConfig runs on
$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080'); $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080');
if(strtolower($inst->simple_query('Enable SSL for the ISPConfig web interface',array('y','n'),'y')) == 'y') {
$inst->make_ispconfig_ssl_cert();
}
$inst->install_ispconfig_interface = true; $inst->install_ispconfig_interface = true;
} else { } else {
......
...@@ -697,6 +697,24 @@ function get_ispconfig_port_number() { ...@@ -697,6 +697,24 @@ function get_ispconfig_port_number() {
} }
} }
/*
* Get the port number of the ISPConfig controlpanel vhost
*/
function is_ispconfig_ssl_enabled() {
global $conf;
$ispconfig_vhost_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
if(is_file($ispconfig_vhost_file)) {
$tmp = file_get_contents($ispconfig_vhost_file);
if(stristr($tmp,'SSLCertificateFile')) {
return true;
} else {
return false;
}
}
}
?> ?>
...@@ -1166,6 +1166,25 @@ class installer_base { ...@@ -1166,6 +1166,25 @@ class installer_base {
} }
} }
public function make_ispconfig_ssl_cert() {
global $conf;
$ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
$ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
$ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
$ssl_pw = substr(md5(mt_rand()),0,6);
exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
exec("mv $ssl_key_file $ssl_key_file.secure");
exec("mv $ssl_key_file.insecure $ssl_key_file");
}
public function install_ispconfig() { public function install_ispconfig() {
global $conf; global $conf;
...@@ -1395,6 +1414,12 @@ class installer_base { ...@@ -1395,6 +1414,12 @@ class installer_base {
} else { } else {
$content = str_replace('{vhost_port_listen}', '', $content); $content = str_replace('{vhost_port_listen}', '', $content);
} }
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
}
wf("$vhost_conf_dir/ispconfig.vhost", $content); wf("$vhost_conf_dir/ispconfig.vhost", $content);
......
...@@ -43,6 +43,10 @@ NameVirtualHost *:{vhost_port} ...@@ -43,6 +43,10 @@ NameVirtualHost *:{vhost_port}
SecRuleEngine Off SecRuleEngine Off
</IfModule> </IfModule>
# SSL Configuration
{ssl_comment}SSLEngine On
{ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
{ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
</VirtualHost> </VirtualHost>
......
...@@ -308,6 +308,11 @@ swriteln('Updating ISPConfig'); ...@@ -308,6 +308,11 @@ swriteln('Updating ISPConfig');
$ispconfig_port_number = get_ispconfig_port_number(); $ispconfig_port_number = get_ispconfig_port_number();
$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number); $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number);
// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('y','n'),'n')) == 'y') {
$inst->make_ispconfig_ssl_cert();
}
$inst->install_ispconfig(); $inst->install_ispconfig();
//** Configure Crontab //** Configure Crontab
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment