nginx_plugin.inc.php 95.6 KB
Newer Older
1
2
<?php

Falko Timme's avatar
Falko Timme committed
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/*
Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

31
32
33
34
35
36
37
38
39
40
41
42
43
class nginx_plugin {

	var $plugin_name = 'nginx_plugin';
	var $class_name = 'nginx_plugin';

	// private variables
	var $action = '';

	//* This function is called during ispconfig installation to determine
	//  if a symlink shall be created for this plugin.
	function onInstall() {
		global $conf;

44
		if($conf['services']['web'] == true && !@is_link('/usr/local/ispconfig/server/plugins-enabled/apache2_plugin.inc.php')) {
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
			return true;
		} else {
			return false;
		}

	}


	/*
	 	This function is called when the plugin is loaded
	*/

	function onLoad() {
		global $app;

		/*
		Register for the events
		*/
		$app->plugins->registerEvent('web_domain_insert',$this->plugin_name,'ssl');
		$app->plugins->registerEvent('web_domain_update',$this->plugin_name,'ssl');
		$app->plugins->registerEvent('web_domain_delete',$this->plugin_name,'ssl');

		$app->plugins->registerEvent('web_domain_insert',$this->plugin_name,'insert');
		$app->plugins->registerEvent('web_domain_update',$this->plugin_name,'update');
		$app->plugins->registerEvent('web_domain_delete',$this->plugin_name,'delete');
Falko Timme's avatar
Falko Timme committed
70
71
72
73
74
75
76
77
78
79

		$app->plugins->registerEvent('server_ip_insert',$this->plugin_name,'server_ip');
		$app->plugins->registerEvent('server_ip_update',$this->plugin_name,'server_ip');
		$app->plugins->registerEvent('server_ip_delete',$this->plugin_name,'server_ip');

		/*
		$app->plugins->registerEvent('webdav_user_insert',$this->plugin_name,'webdav');
		$app->plugins->registerEvent('webdav_user_update',$this->plugin_name,'webdav');
		$app->plugins->registerEvent('webdav_user_delete',$this->plugin_name,'webdav');
		*/
80
		
Falko Timme's avatar
Falko Timme committed
81
		$app->plugins->registerEvent('client_delete',$this->plugin_name,'client_delete');
82
83
84
85
86
87
88
		
		$app->plugins->registerEvent('web_folder_user_insert',$this->plugin_name,'web_folder_user');
		$app->plugins->registerEvent('web_folder_user_update',$this->plugin_name,'web_folder_user');
		$app->plugins->registerEvent('web_folder_user_delete',$this->plugin_name,'web_folder_user');
		
		$app->plugins->registerEvent('web_folder_update',$this->plugin_name,'web_folder_update');
		$app->plugins->registerEvent('web_folder_delete',$this->plugin_name,'web_folder_delete');
Falko Timme's avatar
Falko Timme committed
89
90
91
92
93
	}

	// Handle the creation of SSL certificates
	function ssl($event_name,$data) {
		global $app, $conf;
94
95
		
		$app->uses('system');
Falko Timme's avatar
Falko Timme committed
96
97
98
99
100
101
102
103

		// load the server configuration options
		$app->uses('getconf');
		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
		if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);	
		
		//* Only vhosts can have a ssl cert
104
		if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
Falko Timme's avatar
Falko Timme committed
105

106
107
108
		// if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
		
Falko Timme's avatar
Falko Timme committed
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
		$ssl_dir = $data['new']['document_root'].'/ssl';
		$domain = $data['new']['ssl_domain'];
		$key_file = $ssl_dir.'/'.$domain.'.key.org';
		$key_file2 = $ssl_dir.'/'.$domain.'.key';
		$csr_file = $ssl_dir.'/'.$domain.'.csr';
		$crt_file = $ssl_dir.'/'.$domain.'.crt';

		//* Create a SSL Certificate
		if($data['new']['ssl_action'] == 'create') {
			$rand_file = $ssl_dir.'/random_file';
			$rand_data = md5(uniqid(microtime(),1));
			for($i=0; $i<1000; $i++) {
				$rand_data .= md5(uniqid(microtime(),1));
				$rand_data .= md5(uniqid(microtime(),1));
				$rand_data .= md5(uniqid(microtime(),1));
				$rand_data .= md5(uniqid(microtime(),1));
			}
126
			$app->system->file_put_contents($rand_file, $rand_data);
Falko Timme's avatar
Falko Timme committed
127
128
129
130
131
132
133
134
135
136
137
138
139
140

			$ssl_password = substr(md5(uniqid(microtime(),1)), 0, 15);

			$ssl_cnf = "        RANDFILE               = $rand_file

        [ req ]
        default_bits           = 2048
        default_keyfile        = keyfile.pem
        distinguished_name     = req_distinguished_name
        attributes             = req_attributes
        prompt                 = no
        output_password        = $ssl_password

        [ req_distinguished_name ]
141
142
143
144
145
        C                      = ".trim($data['new']['ssl_country'])."
        ST                     = ".trim($data['new']['ssl_state'])."
        L                      = ".trim($data['new']['ssl_locality'])."
        O                      = ".trim($data['new']['ssl_organisation'])."
        OU                     = ".trim($data['new']['ssl_organisation_unit'])."
Falko Timme's avatar
Falko Timme committed
146
147
148
149
150
151
152
        CN                     = $domain
        emailAddress           = webmaster@".$data['new']['domain']."

        [ req_attributes ]
        challengePassword              = A challenge password";

			$ssl_cnf_file = $ssl_dir.'/openssl.conf';
153
			$app->system->file_put_contents($ssl_cnf_file,$ssl_cnf);
Falko Timme's avatar
Falko Timme committed
154
155
156
157
158
159
160
161
162

			$rand_file = escapeshellcmd($rand_file);
			$key_file = escapeshellcmd($key_file);
			$key_file2 = escapeshellcmd($key_file2);
			$ssl_days = 3650;
			$csr_file = escapeshellcmd($csr_file);
			$config_file = escapeshellcmd($ssl_cnf_file);
			$crt_file = escapeshellcmd($crt_file);

163
			if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {
Falko Timme's avatar
Falko Timme committed
164
165
166
167
168
169
170
171
172
173
174
				
				exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");
				exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");
				exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");

				if(file_exists($web_config['CA_path'].'/openssl.cnf'))
				{
					exec("openssl ca -batch -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file");
					$app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
					if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed.  openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);
				};
175
				if (@filesize($crt_file)==0 || !file_exists($crt_file)){
Falko Timme's avatar
Falko Timme committed
176
177
178
179
180
181
					exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
					$app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
				};
			
			}

182
183
184
185
186
187
			$app->system->chmod($key_file2,0400);
			@$app->system->unlink($config_file);
			@$app->system->unlink($rand_file);
			$ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
			$ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
			$ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
Falko Timme's avatar
Falko Timme committed
188
			/* Update the DB of the (local) Server */
189
			$app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
Falko Timme's avatar
Falko Timme committed
190
191
			$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			/* Update also the master-DB of the Server-Farm */
192
			$app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
Falko Timme's avatar
Falko Timme committed
193
194
195
196
197
198
			$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
		}

		//* Save a SSL certificate to disk
		if($data["new"]["ssl_action"] == 'save') {
			$ssl_dir = $data["new"]["document_root"]."/ssl";
199
			$domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
200
201
			$key_file = $ssl_dir.'/'.$domain.'.key.org';
			$key_file2 = $ssl_dir.'/'.$domain.'.key';
Falko Timme's avatar
Falko Timme committed
202
203
204
205
206
207
			$csr_file = $ssl_dir.'/'.$domain.".csr";
			$crt_file = $ssl_dir.'/'.$domain.".crt";
			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
			if(trim($data["new"]["ssl_request"]) != '') file_put_contents($csr_file,$data["new"]["ssl_request"]);
			if(trim($data["new"]["ssl_cert"]) != '') file_put_contents($crt_file,$data["new"]["ssl_cert"]);
			// for nginx, bundle files have to be appended to the certificate file
208
209
210
211
212
213
214
215
216
217
218
			if(trim($data["new"]["ssl_bundle"]) != ''){				
				if(file_exists($crt_file)){
					$crt_file_contents = trim(file_get_contents($crt_file));
				} else {
					$crt_file_contents = '';
				}
				if($crt_file_contents != '') $crt_file_contents .= "\n";
				$crt_file_contents .= $data["new"]["ssl_bundle"];
				file_put_contents($crt_file,$app->file->unix_nl($crt_file_contents));
				unset($crt_file_contents);
			}
Falko Timme's avatar
Falko Timme committed
219
220
			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
221
			
Falko Timme's avatar
Falko Timme committed
222
223
224
225
226
227
228
229
			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			$app->log('Saving SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
		}

		//* Delete a SSL certificate
		if($data['new']['ssl_action'] == 'del') {
			$ssl_dir = $data['new']['document_root'].'/ssl';
230
			$domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
Falko Timme's avatar
Falko Timme committed
231
232
233
234
235
236
237
238
			$csr_file = $ssl_dir.'/'.$domain.'.csr';
			$crt_file = $ssl_dir.'/'.$domain.'.crt';
			//$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
			if(file_exists($web_config['CA_path'].'/openssl.cnf'))
				{
					exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke $crt_file");
					$app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
				};
239
240
241
			$app->system->unlink($csr_file);
			$app->system->unlink($crt_file);
			//$app->system->unlink($bundle_file);
Falko Timme's avatar
Falko Timme committed
242
243
244
245
246
247
248
249
			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
			$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");
			$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			$app->log('Deleting SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
		}
250
251

	}
Falko Timme's avatar
Falko Timme committed
252
253


254
255
	function insert($event_name,$data) {
		global $app, $conf;
Falko Timme's avatar
Falko Timme committed
256
257

		$this->action = 'insert';
258
259
		// just run the update function
		$this->update($event_name,$data);
Falko Timme's avatar
Falko Timme committed
260
261


262
	}
Falko Timme's avatar
Falko Timme committed
263
264


265
266
	function update($event_name,$data) {
		global $app, $conf;
267
268
269
270
271
272
273
		
		//* Check if the apache plugin is enabled
		if(@is_link('/usr/local/ispconfig/server/plugins-enabled/apache2_plugin.inc.php')) {
			$app->log('The nginx plugin can not be used together with the apache2 plugin..',LOGLEVEL_WARN);
			return 0;
		}
		
274
275
		if($this->action != 'insert') $this->action = 'update';

276
		if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['parent_domain_id'] > 0) {
277
278
279
280

			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
			$new_parent_domain_id = intval($data['new']['parent_domain_id']);

Falko Timme's avatar
Falko Timme committed
281
			// If the parent_domain_id has been changed, we will have to update the old site as well.
282
			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
Falko Timme's avatar
Falko Timme committed
283
				$tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
284
285
286
287
288
289
290
				$data['new'] = $tmp;
				$data['old'] = $tmp;
				$this->action = 'update';
				$this->update($event_name,$data);
			}

			// This is not a vhost, so we need to update the parent record instead.
Falko Timme's avatar
Falko Timme committed
291
			$tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");
292
293
294
295
			$data['new'] = $tmp;
			$data['old'] = $tmp;
			$this->action = 'update';
		}
Falko Timme's avatar
Falko Timme committed
296

297
298
		// load the server configuration options
		$app->uses('getconf');
Falko Timme's avatar
Falko Timme committed
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');

		//* Check if this is a chrooted setup
		if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
			$nginx_chrooted = true;
			$app->log('Info: nginx is chrooted.',LOGLEVEL_DEBUG);
		} else {
			$nginx_chrooted = false;
		}

		if($data['new']['document_root'] == '') {
			$app->log('document_root not set',LOGLEVEL_WARN);
			return 0;
		}
		if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
			$app->log('Websites cannot be owned by the root user or group.',LOGLEVEL_WARN);
			return 0;
		}
317
318
319
320
321
322
323
324
		if(trim($data['new']['domain']) == '') {
			$app->log('domain is empty',LOGLEVEL_WARN);
			return 0;
		}
		
        $web_folder = 'web';
        $log_folder = 'log';
        if($data['new']['type'] == 'vhostsubdomain') {
mcramer's avatar
mcramer committed
325
326
327
            $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['new']['parent_domain_id']));
            $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['new']['domain']);
            if($subdomain_host == '') $subdomain_host = 'web'.$data['new']['domain_id'];
328
            $web_folder = $data['new']['web_folder'];
mcramer's avatar
mcramer committed
329
330
            $log_folder .= '/' . $subdomain_host;
            unset($tmp);
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
        }

		// Create group and user, if not exist
		$app->uses('system');
		
		if($web_config['connect_userid_to_webid'] == 'y') {
			//* Calculate the uid and gid
			$connect_userid_to_webid_start = ($web_config['connect_userid_to_webid_start'] < 1000)?1000:intval($web_config['connect_userid_to_webid_start']);
			$fixed_uid_gid = intval($connect_userid_to_webid_start + $data['new']['domain_id']);
			$fixed_uid_param = '--uid '.$fixed_uid_gid;
			$fixed_gid_param = '--gid '.$fixed_uid_gid;
			
			//* Check if a ispconfigend user and group exists and create them
			if(!$app->system->is_group('ispconfigend')) {
				exec('groupadd --gid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
			}
			if(!$app->system->is_user('ispconfigend')) {
				exec('useradd -g ispconfigend -d /usr/local/ispconfig --uid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
			}
		} else {
			$fixed_uid_param = '';
			$fixed_gid_param = '';
		}

		$groupname = escapeshellcmd($data['new']['system_group']);
		if($data['new']['system_group'] != '' && !$app->system->is_group($data['new']['system_group'])) {
			exec('groupadd '.$fixed_gid_param.' '.$groupname);
			if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' groupadd '.$groupname);
			$app->log('Adding the group: '.$groupname,LOGLEVEL_DEBUG);
		}

		$username = escapeshellcmd($data['new']['system_user']);
		if($data['new']['system_user'] != '' && !$app->system->is_user($data['new']['system_user'])) {
			if($web_config['add_web_users_to_sshusers_group'] == 'y') {
				exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
				if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
			} else {
				exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
				if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
			}
			$app->log('Adding the user: '.$username,LOGLEVEL_DEBUG);
		}
Falko Timme's avatar
Falko Timme committed
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405

		//* If the client of the site has been changed, we have a change of the document root
		if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {

			//* Get the old client ID
			$old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));
			$old_client_id = intval($old_client['client_id']);
			unset($old_client);

			//* Remove the old symlinks
			$tmp_symlinks_array = explode(':',$web_config['website_symlinks']);
			if(is_array($tmp_symlinks_array)) {
				foreach($tmp_symlinks_array as $tmp_symlink) {
					$tmp_symlink = str_replace('[client_id]',$old_client_id,$tmp_symlink);
					$tmp_symlink = str_replace('[website_domain]',$data['old']['domain'],$tmp_symlink);
					// Remove trailing slash
					if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
					// create the symlinks, if not exist
					if(is_link($tmp_symlink)) {
						exec('rm -f '.escapeshellcmd($tmp_symlink));
						$app->log('Removed symlink: rm -f '.$tmp_symlink,LOGLEVEL_DEBUG);
					}
				}
			}

			//* Move the site data
			$tmp_docroot = explode('/',$data['new']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$new_dir = implode('/',$tmp_docroot);

			$tmp_docroot = explode('/',$data['old']['document_root']);
			unset($tmp_docroot[count($tmp_docroot)-1]);
			$old_dir = implode('/',$tmp_docroot);
406

407
408
			//* Check if there is already some data in the new docroot and rename it as we need a clean path to move the existing site to the new path
			if(@is_dir($data['new']['document_root'])) {
409
				$app->system->rename($data['new']['document_root'],$data['new']['document_root'].'_bak_'.date('Y_m_d'));
410
411
412
413
				$app->log('Renaming existing directory in new docroot location. mv '.$data['new']['document_root'].' '.$data['new']['document_root'].'_bak_'.date('Y_m_d'),LOGLEVEL_DEBUG);
			}
			
			//* Create new base directory, if it does not exist yet
414
415
416
			if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
			//exec('mv '.$data['old']['document_root'].' '.$new_dir);
			$app->system->rename($data['old']['document_root'],$new_dir);
Falko Timme's avatar
Falko Timme committed
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
			$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);

			// Handle the change in php_open_basedir
			$data['new']['php_open_basedir'] = str_replace($data['old']['document_root'],$data['new']['document_root'],$data['old']['php_open_basedir']);

			//* Change the owner of the website files to the new website owner
			exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);

			//* Change the home directory and group of the website user
			$command = 'usermod';
			$command .= ' --home '.escapeshellcmd($data['new']['document_root']);
			$command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
			$command .= ' '.escapeshellcmd($data['new']['system_user']);
			exec($command);

			if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);


		}

		//print_r($data);

		// Check if the directories are there and create them if necessary.
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
		if(!is_dir($data['new']['document_root'].'/' . $web_folder)) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder);
		if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/' . $web_folder . '/error');
		//if(!is_dir($data['new']['document_root'].'/'.$log_folder)) exec('mkdir -p '.$data['new']['document_root'].'/'.$log_folder);
		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp');
		
		//* Create the new private directory
		if(!is_dir($data['new']['document_root'].'/private')) {
			$app->system->mkdirpath($data['new']['document_root'].'/private');
			$app->system->chmod($data['new']['document_root'].'/private',0710);
			$app->system->chown($data['new']['document_root'].'/private',$username);
			$app->system->chgrp($data['new']['document_root'].'/private',$groupname);
		}
		
		
Falko Timme's avatar
Falko Timme committed
456
457
458
		// Remove the symlink for the site, if site is renamed
		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
			if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
459
			if(is_link($data['old']['document_root'].'/'.$log_folder)) $app->system->unlink($data['old']['document_root'].'/'.$log_folder);
Falko Timme's avatar
Falko Timme committed
460
461
		}
		
462
463
464
465
		//* Create the log dir if nescessary and mount it
        if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
		if(!is_dir($data['new']['document_root'].'/'.$log_folder) || is_link($data['new']['document_root'].'/'.$log_folder)) {
			if(is_link($data['new']['document_root'].'/'.$log_folder)) unlink($data['new']['document_root'].'/'.$log_folder);
mcramer's avatar
mcramer committed
466
			$app->system->mkdirpath($data['new']['document_root'].'/'.$log_folder);
467
468
469
470
471
472
473
			$app->system->chown($data['new']['document_root'].'/'.$log_folder,'root');
			$app->system->chgrp($data['new']['document_root'].'/'.$log_folder,'root');
			$app->system->chmod($data['new']['document_root'].'/'.$log_folder,0755);
			exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
			//* add mountpoint to fstab
			$fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.'    none    bind    0 0';
			$app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
Falko Timme's avatar
Falko Timme committed
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
		}

		// Get the client ID
		$client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));
		$client_id = intval($client['client_id']);
		unset($client);

		// Remove old symlinks, if site is renamed
		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
			$tmp_symlinks_array = explode(':',$web_config['website_symlinks']);
			if(is_array($tmp_symlinks_array)) {
				foreach($tmp_symlinks_array as $tmp_symlink) {
					$tmp_symlink = str_replace('[client_id]',$client_id,$tmp_symlink);
					$tmp_symlink = str_replace('[website_domain]',$data['old']['domain'],$tmp_symlink);
					// Remove trailing slash
					if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
					// remove the symlinks, if not exist
					if(is_link($tmp_symlink)) {
						exec('rm -f '.escapeshellcmd($tmp_symlink));
						$app->log('Removed symlink: rm -f '.$tmp_symlink,LOGLEVEL_DEBUG);
					}
				}
			}
		}

		// Create the symlinks for the sites
		$tmp_symlinks_array = explode(':',$web_config['website_symlinks']);
		if(is_array($tmp_symlinks_array)) {
			foreach($tmp_symlinks_array as $tmp_symlink) {
				$tmp_symlink = str_replace('[client_id]',$client_id,$tmp_symlink);
				$tmp_symlink = str_replace('[website_domain]',$data['new']['domain'],$tmp_symlink);
				// Remove trailing slash
				if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
				//* Remove symlink if target folder has been changed.
				if($data['old']['document_root'] != '' && $data['old']['document_root'] != $data['new']['document_root'] && is_link($tmp_symlink)) {
509
					$app->system->unlink($tmp_symlink);
Falko Timme's avatar
Falko Timme committed
510
511
512
				}
				// create the symlinks, if not exist
				if(!is_link($tmp_symlink)) {
513
514
515
516
517
518
519
//					exec("ln -s ".escapeshellcmd($data["new"]["document_root"])."/ ".escapeshellcmd($tmp_symlink));
					if ($web_config["website_symlinks_rel"] == 'y') {
						$this->create_relative_link(escapeshellcmd($data["new"]["document_root"]), escapeshellcmd($tmp_symlink));
					} else {
						exec("ln -s ".escapeshellcmd($data["new"]["document_root"])."/ ".escapeshellcmd($tmp_symlink));
					}

Falko Timme's avatar
Falko Timme committed
520
521
522
523
524
525
526
527
528
529
530
531
532
					$app->log('Creating symlink: ln -s '.$data['new']['document_root'].'/ '.$tmp_symlink,LOGLEVEL_DEBUG);
				}
			}
		}



        // Install the Standard or Custom Error, Index and other related files
        // /usr/local/ispconfig/server/conf is for the standard files
        // /usr/local/ispconfig/server/conf-custom is for the custom files
        // setting a local var here
           
        // normally $conf['templates'] = "/usr/local/ispconfig/server/conf";
533
534
535
		if($this->action == 'insert' && ($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain')) {
            
            // Copy the error pages
Falko Timme's avatar
Falko Timme committed
536
			if($data['new']['errordocs']) {
537
538
539
				$error_page_path = escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/error/';
				if (file_exists($conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
					exec('cp ' . $conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
540
541
				}
				else {
542
543
					if (file_exists($conf['rootpath'] . '/conf-custom/error/400.html')) {
						exec('cp '. $conf['rootpath'] . '/conf-custom/error/*.html '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
544
545
					}
					else {
546
						exec('cp ' . $conf['rootpath'] . '/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
547
548
549
550
551
					}
				}
				exec('chmod -R a+r '.$error_page_path);
			}

552
			if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2))) {
553
				exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
Falko Timme's avatar
Falko Timme committed
554
            
555
			if(is_file($conf['rootpath'] . '/conf-custom/index/favicon.ico')) {
556
                exec('cp ' . $conf['rootpath'] . '/conf-custom/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
Falko Timme's avatar
Falko Timme committed
557
            }
558
			if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) {
559
                exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
Falko Timme's avatar
Falko Timme committed
560
                }
561
                if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) {
562
                    exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
Falko Timme's avatar
Falko Timme committed
563
564
565
                }
            }
			else {
566
				if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) {
567
					exec('cp ' . $conf['rootpath'] . '/conf-custom/index/standard_index.html '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
Falko Timme's avatar
Falko Timme committed
568
569
				}
				else {
570
571
572
573
					exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']),0,2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html');
					if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
					if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
					if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
Falko Timme's avatar
Falko Timme committed
574
575
				}
			}
576
			exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/');
Falko Timme's avatar
Falko Timme committed
577
578

			//** Copy the error documents on update when the error document checkbox has been activated and was deactivated before
579
580
581
		} elseif ($this->action == 'update' && ($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') && $data['old']['errordocs'] == 0 && $data['new']['errordocs'] == 1) {
            
			$error_page_path = escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/error/';
582
583
			if (file_exists($conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2))) {
				exec('cp ' . $conf['rootpath'] . '/conf-custom/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
584
585
			}
			else {
586
587
				if (file_exists($conf['rootpath'] . '/conf-custom/error/400.html')) {
					exec('cp ' . $conf['rootpath'] . '/conf-custom/error/*.html '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
588
589
				}
				else {
590
					exec('cp ' . $conf['rootpath'] . '/conf/error/'.substr(escapeshellcmd($conf['language']),0,2).'/* '.$error_page_path);
Falko Timme's avatar
Falko Timme committed
591
592
593
594
595
				}
			}
			exec('chmod -R a+r '.$error_page_path);
			exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);
		}  // end copy error docs
596

Falko Timme's avatar
Falko Timme committed
597
598
599
600
601
602
603
604
605
606
607
608
609
610
		// Set the quota for the user
		if($username != '' && $app->system->is_user($username)) {
			if($data['new']['hd_quota'] > 0) {
				$blocks_soft = $data['new']['hd_quota'] * 1024;
				$blocks_hard = $blocks_soft + 1024;
			} else {
				$blocks_soft = $blocks_hard = 0;
			}
			exec("setquota -u $username $blocks_soft $blocks_hard 0 0 -a &> /dev/null");
			exec('setquota -T -u '.$username.' 604800 604800 -a &> /dev/null');
		}

		if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
			// Chown and chmod the directories below the document root
611
			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder);
Falko Timme's avatar
Falko Timme committed
612
613
			// The document root itself has to be owned by root in normal level and by the web owner in security level 20
			if($web_config['security_level'] == 20) {
614
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder);
Falko Timme's avatar
Falko Timme committed
615
			} else {
616
				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder);
Falko Timme's avatar
Falko Timme committed
617
618
			}
		}
619

Falko Timme's avatar
Falko Timme committed
620
		//* If the security level is set to high
621
		if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
622
623
624
			//* Check if we have the new private folder and create it if nescessary
			if(!is_dir($data['new']['document_root'].'/private')) $app->system->mkdir($data['new']['document_root'].'/private');
			
625
			if($web_config['security_level'] == 20) {
626
627
628
629
630
631
				
				$app->system->chmod($data['new']['document_root'],0755);
				$app->system->chmod($data['new']['document_root'].'/web',0710);
				$app->system->chmod($data['new']['document_root'].'/webdav',0710);
				$app->system->chmod($data['new']['document_root'].'/private',0710);
				$app->system->chmod($data['new']['document_root'].'/ssl',0755);
Falko Timme's avatar
Falko Timme committed
632

633
				// make tmp directory writable for nginx and the website users
634
				$app->system->chmod($data['new']['document_root'].'/tmp',0777);
Falko Timme's avatar
Falko Timme committed
635
			
636
				// Set Log directory to 755 to make the logs accessible by the FTP user
637
				if(realpath($data['new']['document_root'].'/'.$log_folder . '/error.log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
638
639
640
					$app->system->chmod($data['new']['document_root'].'/'.$log_folder,0755);
				}
				
641
642
643
644
645
646
				if($web_config['add_web_users_to_sshusers_group'] == 'y') {
					$command = 'usermod';
					$command .= ' --groups sshusers';
					$command .= ' '.escapeshellcmd($data['new']['system_user']);
					$this->_exec($command);
				}
Falko Timme's avatar
Falko Timme committed
647

648
649
650
				//* if we have a chrooted nginx environment
				if($nginx_chrooted) {
					$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
Falko Timme's avatar
Falko Timme committed
651

652
653
654
655
656
657
658
					//* add the nginx user to the client group in the chroot environment
					$tmp_groupfile = $app->system->server_conf['group_datei'];
					$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
					$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
					$app->system->server_conf['group_datei'] = $tmp_groupfile;
					unset($tmp_groupfile);
				}
Falko Timme's avatar
Falko Timme committed
659

660
661
662
663
664
				//* add the nginx user to the client group
				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
				
				//* Chown all default directories
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
665
666
				$app->system->chown($data['new']['document_root'].'/cgi-bin',$username);
				$app->system->chgrp($data['new']['document_root'].'/cgi-bin',$groupname);
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
				$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));

				/*
				* Workaround for jailkit: If jailkit is enabled for the site, the 
				* website root has to be owned by the root user and we have to chmod it to 755 then
				*/

				//* Check if there is a jailkit user for this site
				$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
				if($tmp['number'] > 0) {
					$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
					$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
				}
				unset($tmp);
Falko Timme's avatar
Falko Timme committed
684

685
686
				// If the security Level is set to medium
			} else {
Falko Timme's avatar
Falko Timme committed
687
688

				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
689
690
691
692
693
694
695
696
				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));
				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));
				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));
				
				// make temp directory writable for nginx and the website users
				$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
				
Falko Timme's avatar
Falko Timme committed
697
				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
698
699
700
701
702
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
Falko Timme's avatar
Falko Timme committed
703
			}
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
		} elseif(($this->action == 'insert' && $data['new']['type'] == 'vhostsubdomain') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhostsubdomain')) {
			if($web_config['security_level'] == 20) {
				$app->system->chmod($data['new']['document_root'].'/' . $web_folder,0710);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder,$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder,$groupname);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder . '/error',$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder . '/error',$groupname);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder . '/stats',$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder . '/stats',$groupname);
            } else {
				$app->system->chmod($data['new']['document_root'].'/' . $web_folder,0755);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder,$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder,$groupname);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder . '/error',$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder . '/error',$groupname);
				$app->system->chown($data['new']['document_root'].'/' . $web_folder . '/stats',$username);
				$app->system->chgrp($data['new']['document_root'].'/' . $web_folder . '/stats',$groupname);
            }
        }
Falko Timme's avatar
Falko Timme committed
723
724
725
726
727
728
729
730
731
732
733
734

		// Change the ownership of the error log to the owner of the website
		if(!@is_file($data['new']['document_root'].'/log/error.log')) exec('touch '.escapeshellcmd($data['new']['document_root']).'/log/error.log');
		$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/log/error.log');


		/*
		//* Write the custom php.ini file, if custom_php_ini filed is not empty
		$custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$data['new']['system_user'];
		if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
		if(trim($data['new']['custom_php_ini']) != '') {
			$has_custom_php_ini = true;
735
			if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
Falko Timme's avatar
Falko Timme committed
736
737
738
739
740
741
742
743
744
745
746
			$php_ini_content = '';
			if($data['new']['php'] == 'mod') {
				$master_php_ini_path = $web_config['php_ini_path_apache'];
			} else {
				if($data["new"]['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
					$master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
				} else {
					$master_php_ini_path = $web_config['php_ini_path_cgi'];
				}
			}
			if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {
747
				$php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
Falko Timme's avatar
Falko Timme committed
748
			}
749
750
			$php_ini_content .= str_replace("\r",'',trim($data['new']['custom_php_ini']));
			$app->system->file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);
Falko Timme's avatar
Falko Timme committed
751
752
		} else {
			$has_custom_php_ini = false;
753
			if(is_file($custom_php_ini_dir.'/php.ini')) $app->system->unlink($custom_php_ini_dir.'/php.ini');
Falko Timme's avatar
Falko Timme committed
754
755
756
		}
		*/

757
758
759
760
761
762
763
		//* Create the vhost config file
		$app->load('tpl');

		$tpl = new tpl();
		$tpl->newTemplate('nginx_vhost.conf.master');

		$vhost_data = $data['new'];
764
765
766
		//unset($vhost_data['ip_address']);
		$vhost_data['web_document_root'] = $data['new']['document_root'].'/' . $web_folder;
		$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/' . $web_folder;
Falko Timme's avatar
Falko Timme committed
767
		$vhost_data['web_basedir'] = $web_config['website_basedir'];
Falko Timme's avatar
Falko Timme committed
768
769
770
		
		// IPv6
		if($data['new']['ipv6_address'] != '') $tpl->setVar('ipv6_enabled', 1);
771
772
		
		// PHP-FPM
773
		// Support for multiple PHP versions
774
		/*
775
776
777
778
779
780
781
		if(trim($data['new']['fastcgi_php_version']) != ''){
			$default_php_fpm = false;
			list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
			if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
		} else {
			$default_php_fpm = true;
		}
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
		*/
		if($data['new']['php'] != 'no'){
			if(trim($data['new']['fastcgi_php_version']) != ''){
				$default_php_fpm = false;
				list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['new']['fastcgi_php_version']));
				if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
			} else {
				$default_php_fpm = true;
			}
		} else {
			if(trim($data['old']['fastcgi_php_version']) != '' && $data['old']['php'] != 'no'){
				$default_php_fpm = false;
				list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($data['old']['fastcgi_php_version']));
				if(substr($custom_php_fpm_ini_dir,-1) != '/') $custom_php_fpm_ini_dir .= '/';
			} else {
				$default_php_fpm = true;
			}
		}
800
801
802
803
804
805
		
		if($default_php_fpm){
			$pool_dir = escapeshellcmd($web_config['php_fpm_pool_dir']);
		} else {
			$pool_dir = $custom_php_fpm_pool_dir;
		}
806
807
808
809
810
811
		if(substr($pool_dir,-1) != '/') $pool_dir .= '/';
		$pool_name = 'web'.$data['new']['domain_id'];
		$socket_dir = escapeshellcmd($web_config['php_fpm_socket_dir']);
		if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
		
		if($data['new']['php_fpm_use_socket'] == 'y'){
Falko Timme's avatar
Falko Timme committed
812
813
			$use_tcp = 0;
			$use_socket = 1;
814
		} else {
Falko Timme's avatar
Falko Timme committed
815
816
			$use_tcp = 1;
			$use_socket = 0;
817
818
819
820
821
		}
		$tpl->setVar('use_tcp', $use_tcp);
		$tpl->setVar('use_socket', $use_socket);
		$fpm_socket = $socket_dir.$pool_name.'.sock';
		$tpl->setVar('fpm_socket', $fpm_socket);
822
		$tpl->setVar('rnd_php_dummy_file', '/'.md5(uniqid(microtime(),1)).'.htm');
823
		$vhost_data['fpm_port'] = $web_config['php_fpm_start_port'] + $data['new']['domain_id'] - 1;
824
		
825
826
827
		// backwards compatibility; since ISPConfig 3.0.5, the PHP mode for nginx is called 'php-fpm' instead of 'fast-cgi'. The following line makes sure that old web sites that have 'fast-cgi' in the database still get PHP-FPM support.
		if($vhost_data['php'] == 'fast-cgi') $vhost_data['php'] = 'php-fpm';
		
828
829
830
831
832
833
834
835
836
837
838
839
840
		// Custom nginx directives
		$final_nginx_directives = array();
		$nginx_directives = $data['new']['nginx_directives'];
		// Make sure we only have Unix linebreaks
		$nginx_directives = str_replace("\r\n", "\n", $nginx_directives);
		$nginx_directives = str_replace("\r", "\n", $nginx_directives);
		$nginx_directive_lines = explode("\n", $nginx_directives);
		if(is_array($nginx_directive_lines) && !empty($nginx_directive_lines)){
			foreach($nginx_directive_lines as $nginx_directive_line){
				$final_nginx_directives[] = array('nginx_directive' => $nginx_directive_line);
			}
		}
		$tpl->setLoop('nginx_directives', $final_nginx_directives);
Falko Timme's avatar
Falko Timme committed
841

842
		// Check if a SSL cert exists
Falko Timme's avatar
Falko Timme committed
843
		$ssl_dir = $data['new']['document_root'].'/ssl';
844
845
846
847
		$domain = $data['new']['ssl_domain'];
		$key_file = $ssl_dir.'/'.$domain.'.key';
		$crt_file = $ssl_dir.'/'.$domain.'.crt';

Falko Timme's avatar
Falko Timme committed
848
		if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
849
850
851
852
			$vhost_data['ssl_enabled'] = 1;
			$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
		} else {
			$vhost_data['ssl_enabled'] = 0;
Falko Timme's avatar
Falko Timme committed
853
			$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
854
855
		}

Falko Timme's avatar
Falko Timme committed
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
		// Set SEO Redirect
		if($data['new']['seo_redirect'] != '' && ($data['new']['subdomain'] == 'www' || $data['new']['subdomain'] == '*')){
			$vhost_data['seo_redirect_enabled'] = 1;
			if($data['new']['seo_redirect'] == 'non_www_to_www'){
				$vhost_data['seo_redirect_origin_domain'] = $data['new']['domain'];
				$vhost_data['seo_redirect_target_domain'] = 'www.'.$data['new']['domain'];
			}
			if($data['new']['seo_redirect'] == 'www_to_non_www'){
				$vhost_data['seo_redirect_origin_domain'] = 'www.'.$data['new']['domain'];
				$vhost_data['seo_redirect_target_domain'] = $data['new']['domain'];
			}
		} else {
			$vhost_data['seo_redirect_enabled'] = 0;
		}
		
871
872
		$tpl->setVar($vhost_data);

Falko Timme's avatar
Falko Timme committed
873
874
		// Rewrite rules
		$rewrite_rules = array();
875
		if($data['new']['redirect_type'] != '' && $data['new']['redirect_path'] != '') {
Falko Timme's avatar
Falko Timme committed
876
			if(substr($data['new']['redirect_path'],-1) != '/') $data['new']['redirect_path'] .= '/';
877
			if(substr($data['new']['redirect_path'],0,8) == '[scheme]') $data['new']['redirect_path'] = '$scheme'.substr($data['new']['redirect_path'],8);
Falko Timme's avatar
Falko Timme committed
878
			
Falko Timme's avatar
Falko Timme committed
879
880
881
882
883
884
885
886
			/* Disabled path extension
			if($data['new']['redirect_type'] == 'no' && substr($data['new']['redirect_path'],0,4) != 'http') {
				$data['new']['redirect_path'] = $data['new']['document_root'].'/web'.realpath($data['new']['redirect_path']).'/';
			}
			*/

			switch($data['new']['subdomain']) {
				case 'www':
Falko Timme's avatar
Falko Timme committed
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
					if(substr($data['new']['redirect_path'],0,1) == '/'){ // relative path
						$rewrite_exclude = '(?!'.substr($data['new']['redirect_path'],0,-1).')';
					} else { // URL - check if URL is local
						$tmp_redirect_path = $data['new']['redirect_path'];
						if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if($tmp_redirect_path_parts['host'] == $data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
903
904
					$rewrite_rules[] = array(	'rewrite_domain' 	=> '^'.$data['new']['domain'],
					'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
					'rewrite_target' 	=> $data['new']['redirect_path'],
					'rewrite_exclude'	=> $rewrite_exclude);
					
					if(substr($data['new']['redirect_path'],0,1) == '/'){ // relative path
						$rewrite_exclude = '(?!'.substr($data['new']['redirect_path'],0,-1).')';
					} else { // URL - check if URL is local
						$tmp_redirect_path = $data['new']['redirect_path'];
						if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if($tmp_redirect_path_parts['host'] == 'www.'.$data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
924
925
					$rewrite_rules[] = array(	'rewrite_domain' 	=> '^www.'.$data['new']['domain'],
							'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
926
927
							'rewrite_target' 	=> $data['new']['redirect_path'],
							'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
928
929
					break;
				case '*':
Falko Timme's avatar
Falko Timme committed
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
					if(substr($data['new']['redirect_path'],0,1) == '/'){ // relative path
						$rewrite_exclude = '(?!'.substr($data['new']['redirect_path'],0,-1).')';
					} else { // URL - check if URL is local
						$tmp_redirect_path = $data['new']['redirect_path'];
						if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if(substr($tmp_redirect_path_parts['host'],-strlen($data['new']['domain'])) == $data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
946
947
					$rewrite_rules[] = array(	'rewrite_domain' 	=> $data['new']['domain'],
						'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
948
949
						'rewrite_target' 	=> $data['new']['redirect_path'],
						'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
950
					break;
951
				default:
Falko Timme's avatar
Falko Timme committed
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
					if(substr($data['new']['redirect_path'],0,1) == '/'){ // relative path
						$rewrite_exclude = '(?!'.substr($data['new']['redirect_path'],0,-1).')';
					} else { // URL - check if URL is local
						$tmp_redirect_path = $data['new']['redirect_path'];
						if(substr($tmp_redirect_path,0,7) == '$scheme') $tmp_redirect_path = 'http'.substr($tmp_redirect_path,7);
						$tmp_redirect_path_parts = parse_url($tmp_redirect_path);
						if($tmp_redirect_path_parts['host'] == $data['new']['domain'] && ($tmp_redirect_path_parts['port'] == '80' || $tmp_redirect_path_parts['port'] == '443' || !isset($tmp_redirect_path_parts['port']))){
							if(substr($tmp_redirect_path_parts['path'],-1) == '/') $tmp_redirect_path_parts['path'] = substr($tmp_redirect_path_parts['path'],0,-1);
							if(substr($tmp_redirect_path_parts['path'],0,1) != '/') $tmp_redirect_path_parts['path'] = '/'.$tmp_redirect_path_parts['path'];
							$rewrite_exclude = '(?!'.$tmp_redirect_path_parts['path'].')';
						} else {
							$rewrite_exclude = '(.?)';
						}
						unset($tmp_redirect_path);
						unset($tmp_redirect_path_parts);
					}
968
969
					$rewrite_rules[] = array(	'rewrite_domain' 	=> '^'.$data['new']['domain'],
					'rewrite_type' 		=> ($data['new']['redirect_type'] == 'no')?'':$data['new']['redirect_type'],
Falko Timme's avatar
Falko Timme committed
970
971
					'rewrite_target' 	=> $data['new']['redirect_path'],
					'rewrite_exclude'	=> $rewrite_exclude);
Falko Timme's avatar
Falko Timme committed
972
973
			}
		}
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
		
		$server_alias = array();
		
		// get autoalias
		$auto_alias = $web_config['website_autoalias'];
		if($auto_alias != '') {
			// get the client username
			$client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");
			$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
			$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
			$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
			unset($client);
			unset($aa_search);
			unset($aa_replace);
			$server_alias[] .= $auto_alias;
		}
		
991
		// get alias domains (co-domains and subdomains)
992
		$aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND type != 'vhostsubdomain'");
993
994
		switch($data['new']['subdomain']) {
			case 'www':
Falko Timme's avatar
Falko Timme committed
995
				$server_alias[] = 'www.'.$data['new']['domain'].' ';
996
997
				break;
			case '*':
Falko Timme's avatar
Falko Timme committed
998
				$server_alias[] = '*.'.$data['new']['domain'].' ';
999
1000
				break;
		}