Implemented: FS#931 - Optional SSL for Web Interface

4ae2a0f7 · tbrehm · 712706d8 · 4ae2a0f7 · 4ae2a0f7 · 4ae2a0f7
Commit 4ae2a0f7 authored Jul 28, 2010 by tbrehm
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -824,6 +824,12 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);
 		
 		//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");

--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -699,6 +699,12 @@ class installer extends installer_base
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
 		$this->write_config_file($vhost_path, $content);
 		

--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -633,8 +633,7 @@ class installer_dist extends installer_base {
  		unset($iptables_location);

 	}
-	
-	
+
 	public function install_ispconfig()
    {
 		global $conf;
@@ -838,6 +837,12 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
 		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}
+		
 		$content = str_replace('/var/www/', '/srv/www/', $content);
 		
 		wf("$vhost_conf_dir/ispconfig.vhost", $content);

--- a/install/install.php
+++ b/install/install.php
@@ -450,6 +450,10 @@ if($install_mode == 'standard') {
 		//** Customise the port ISPConfig runs on
 		$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080');
 		
+		if(strtolower($inst->simple_query('Enable SSL for the ISPConfig web interface',array('y','n'),'y')) == 'y') {
+			$inst->make_ispconfig_ssl_cert();
+		}
+		
 		$inst->install_ispconfig_interface = true;
 			
 	} else {

--- a/install/lib/install.lib.php
+++ b/install/lib/install.lib.php
@@ -697,6 +697,24 @@ function get_ispconfig_port_number() {
 	}
 }

+/*
+* Get the port number of the ISPConfig controlpanel vhost
+*/
+
+function is_ispconfig_ssl_enabled() {
+	global $conf;
+	$ispconfig_vhost_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
+
+	if(is_file($ispconfig_vhost_file)) {
+		$tmp = file_get_contents($ispconfig_vhost_file);
+		if(stristr($tmp,'SSLCertificateFile')) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+


 ?>
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1166,6 +1166,25 @@ class installer_base {
 		}

 	}
+	
+	public function make_ispconfig_ssl_cert() {
+		global $conf;
+		
+		$ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
+		$ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
+		$ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
+		
+		if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
+		
+		$ssl_pw = substr(md5(mt_rand()),0,6);
+		exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
+		exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+		exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
+		exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
+		exec("mv $ssl_key_file $ssl_key_file.secure");
+		exec("mv $ssl_key_file.insecure $ssl_key_file");
+		
+	}

 	public function install_ispconfig() {
 		global $conf;
@@ -1395,6 +1414,12 @@ class installer_base {
 		} else {
 			$content = str_replace('{vhost_port_listen}', '', $content);
 		}
+		
+		if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+			$content = str_replace('{ssl_comment}', '', $content);
+		} else {
+			$content = str_replace('{ssl_comment}', '#', $content);
+		}

 		wf("$vhost_conf_dir/ispconfig.vhost", $content);


--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -43,6 +43,10 @@ NameVirtualHost *:{vhost_port}
    SecRuleEngine Off
  </IfModule>

+  # SSL Configuration
+  {ssl_comment}SSLEngine On
+  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

 </VirtualHost>


--- a/install/update.php
+++ b/install/update.php
@@ -308,6 +308,11 @@ swriteln('Updating ISPConfig');
 $ispconfig_port_number = get_ispconfig_port_number();
 $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number);

+// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
+if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('y','n'),'n')) == 'y') {
+	$inst->make_ispconfig_ssl_cert();
+}
+
 $inst->install_ispconfig();

 //** Configure Crontab