diff options
| author | root <root@fucktheforce.de> | 2016-11-10 21:25:14 +0100 |
|---|---|---|
| committer | root <root@fucktheforce.de> | 2016-11-10 21:25:14 +0100 |
| commit | 320aed5cacf69b9ac8360797b42e910fc60b1ced (patch) | |
| tree | ac662a66f903f497c2d5eaa42a39f0a25785838c | |
| parent | 91650f0768aa18717bf9b79836bed2af8898366f (diff) | |
deleted unused files and added original file from installed version
| -rw-r--r-- | cli.ini | 29 | ||||
| -rw-r--r-- | install.php | 184 | ||||
| -rwxr-xr-x | src/server/plugins-available/apache2_plugin.inc.php | 147 |
3 files changed, 4 insertions, 356 deletions
diff --git a/cli.ini b/cli.ini deleted file mode 100644 index aaacee0..0000000 --- a/cli.ini +++ /dev/null @@ -1,29 +0,0 @@ -# This is an example of the kind of things you can do in a configuration file. -# All flags used by the client can be configured here. Run Let's Encrypt with -# "--help" to learn more about the available options. - -# Use a 4096 bit RSA key instead of 2048 -rsa-key-size = 4096 - -# Always use the staging/testing server -#server = https://acme-staging.api.letsencrypt.org/directory - -# Uncomment and update to register with the specified e-mail address -# email = foo@example.com - -# Uncomment to use a text interface instead of ncurses -# text = True - -# Uncomment to use the standalone authenticator on port 443 -# authenticator = standalone -# standalone-supported-challenges = dvsni - -# Uncomment to use the webroot authenticator. Replace webroot-path with the -# path to the public_html / webroot folder being served by your web server. -# authenticator = webroot -# webroot-path = /usr/share/nginx/html - -text = True -agree-tos = True -authenticator = webroot -server = https://acme-v01.api.letsencrypt.org/directory diff --git a/install.php b/install.php deleted file mode 100644 index c4f3035..0000000 --- a/install.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php -/* -Let's Encrypt for ISPConfig -Copyright (c) 2015, Alexandre Alouit <alexandre.alouit@gmail.com> -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -$backup_dir = "/var/backup/"; -$backup_file = date("Ymdhis")."-ISPConfig-letsencrypt.tar.gz"; -$backup_file2 = date("Ymdhis")."-cronjob.txt"; - -if(!file_exists("/usr/local/ispconfig/server/lib/config.inc.php") OR !file_exists("/usr/local/ispconfig/server/lib/mysql_clientdb.conf")) { - echo "ERROR: Unable to load the ISPConfig defaut configuration files.\n"; - exit; -} - -require_once "/usr/local/ispconfig/server/lib/config.inc.php"; -require_once "/usr/local/ispconfig/server/lib/mysql_clientdb.conf"; - -if($conf["app_version"] != "3.0.5.4p8" && $conf['app_version'] != "3.0.5.4p9") { - echo "ERROR: This version is unsupported.\n"; - exit; -} - -if(!file_exists($backup_dir)) { - echo "Backup directory not found.\n"; - mkdir($backup_dir, 0700); -} - -if(!file_exists($backup_dir)) { - echo "ERROR: Create it, and relaunch me!\n"; - exit; -} - -if(getcwd() != realpath(dirname(__FILE__))) { - echo "ERROR: Run me in current installer directory!\n"; - exit; -} - -echo "Create backup on " . $backup_dir . " directory\n"; - -exec("/bin/tar -czf " . $backup_dir . $backup_file . " /usr/local/ispconfig"); - -if(!file_exists($backup_dir . $backup_file )) { - echo "ERROR: There was a problem with the backup file.\n"; - exit; -} - -echo "Backup finished\n"; - -if(!is_dir("/etc/letsencrypt")) { - echo "ERROR: Let's Encrypt directory ( /etc/letsencrypt/ ) is missing, install it corecctly!\n"; - exit; -} - -if(!is_file("/root/.local/share/letsencrypt/bin/letsencrypt")) { - echo "ERROR: Let's Encrypt ( /root/.local/share/letsencrypt/bin/letsencrypt ) is missing, install it corecctly!\n"; - exit; -} -/* -if(!is_file("/root/.local/share/letsencrypt/bin/letsencrypt-renewer")) { - echo "ERROR: Let's Encrypt ( /root/.local/share/letsencrypt/bin/letsencrypt-renewer ) is missing, install it corecctly!\n"; - exit; -} -*/ -if(is_file("/etc/letsencrypt/cli.ini")) { - echo "Let's Encrypt configuration file exist, backup up and remove.\n"; - exec("cp /etc/letsencrypt/cli.ini " . $backup_dir . date("Ymdhis") . "-letsencrypt.cli.ini"); - exec("rm /etc/letsencrypt/cli.ini"); - -} -echo "Copy Let's Encrypt configuration.\n"; -exec("cp ./cli.ini /etc/letsencrypt/cli.ini"); - -if(!$buffer = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password)) { - echo "ERROR: There was a problem with the MySQL connection.\n"; - exit; -} - -echo "Start MySQL update..\n"; -mysql_db_query($conf['db_database'], "ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n';", $buffer); - -if(is_file("/etc/apache2/apache2.conf")) { - echo "Configure Apache and reload it.\n"; - if(is_dir("/etc/apache2/conf-available")) { - if(is_file("/etc/apache2/conf-available/letsencrypt.conf")) { - exec("rm /etc/apache2/conf-available/letsencrypt.conf"); - } - exec("cp ./apache.letsencrypt.conf /etc/apache2/conf-available/letsencrypt.conf"); - } - if(is_dir("/etc/apache2/conf.d")) { - if(is_file("/etc/apache2/conf.d/letsencrypt.conf")) { - exec("rm /etc/apache2/conf.d/letsencrypt.conf"); - } - exec("cp ./apache.letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf"); - } - exec("a2enmod headers"); - exec("a2enconf letsencrypt"); - exec("service apache2 reload"); -} - -if(is_file("/etc/nginx/nginx.conf")) { - echo "Backup Nginx file to " . $backup_dir . ".\n"; - exec("cp /etc/nginx/nginx.conf " . $backup_dir . date("Ymdhis") . "-nginx.conf"); - echo "Patch Nginx and reload it.\n"; - exec("patch /etc/nginx/nginx.conf < ./nginx.conf.patch"); - exec("service nginx reload"); -} - -echo "Create backup cronjob on " . $backup_dir . " directory\n"; -exec("crontab -l >> " . $backup_dir . $backup_file2); -if(!file_exists($backup_dir . $backup_file2 )) { - echo "ERROR: There was a problem with the cronjob backup file.\n"; - exit; -} - -exec("crontab -l", $output); - -if(!in_array("30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/ispconfig/cron.log;", $output)) { - echo "Add a cronjob for renewal certs\n"; - - $output[] = "30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/ispconfig/cron.log;"; - - exec("touch ./crontab.tmp"); - if(!is_file("./crontab.tmp")) { - echo "ERROR: Unable to create temporary crontab file.\n"; - exit; - } - - foreach($output as $line) { - exec("echo '" . $line . "' >> ./crontab.tmp"); - } - -/* - exec("cat ./crontab.tmp", $crontab); - - $diff = array_diff($output, $crontab); - if(empty($diff)) { - exec("crontab ./crontab.tmp"); - exec("rm ./crontab.tmp"); - } else { - echo "ERROR: There was a problem with the cronjob temporary file.\n"; - exit; - } -*/ -exec("crontab ./crontab.tmp"); -exec("rm ./crontab.tmp"); -} else { - echo "Renewer already present in crontab.\n"; -} - -echo "And finally, update ISPConfig.\n"; - -if(!is_file("/usr/bin/rsync")) { - echo "ERROR: Unable to find rsync binary, install it or merge ./src to /usr/local/ispconfig manually.\n"; - exit; -} - -exec("rsync -av ./src/ /usr/local/ispconfig"); - -echo "Done my job. Enjoy!\n"; -exit; -?> diff --git a/src/server/plugins-available/apache2_plugin.inc.php b/src/server/plugins-available/apache2_plugin.inc.php index 935b970..7c1903a 100755 --- a/src/server/plugins-available/apache2_plugin.inc.php +++ b/src/server/plugins-available/apache2_plugin.inc.php @@ -935,7 +935,7 @@ class apache2_plugin { // Check if a SSL cert exists $ssl_dir = $data['new']['document_root'].'/ssl'; - $domain = $data['new']['domain']; + $domain = $data['new']['ssl_domain']; $key_file = $ssl_dir.'/'.$domain.'.key'; $crt_file = $ssl_dir.'/'.$domain.'.crt'; $bundle_file = $ssl_dir.'/'.$domain.'.bundle'; @@ -950,140 +950,6 @@ class apache2_plugin { } */ - //* Generate Let's Encrypt SSL certificat - if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active - ($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration - OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update - OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain - OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain - OR ($data['old']['type'] == 'alias' OR $data['new']['type'] == 'alias') // we have new or update on alias domain - )) { - $data['new']['ssl_domain'] = $domain; - $vhost_data['ssl_domain'] = $domain; - - // default values - $temp_domains = array(); - $lddomain = $domain; - $subdomains = null; - $aliasdomains = null; - $sub_prefixes = array(); - - //* be sure to have good domain - if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { - $temp_domains[] = "www." . $domain; - } - - //* then, add subdomain if we have - $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'"); - if(is_array($subdomains)) { - foreach($subdomains as $subdomain) { - $temp_domains[] = $subdomain['domain']; - $sub_prefixes[] = str_replace($domain, "", $subdomain['domain']); - } - } - - //* then, add alias domain if we have - $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'"); - if(is_array($aliasdomains)) { - foreach($aliasdomains as $aliasdomain) { - $temp_domains[] = $aliasdomain['domain']; - if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) { - $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain']; - } - - foreach($sub_prefixes as $s) { - $temp_domains[] = $s . $aliasdomain['domain']; - } - } - } - - // prevent duplicate - $temp_domains = array_unique($temp_domains); - - // generate cli format - foreach($temp_domains as $temp_domain) { - $lddomain .= (string) " --domains " . $temp_domain; - } - - // useless data - unset($subdomains); - unset($temp_domains); - - $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; - $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; - $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem"; - $webroot = $data['new']['document_root']."/web"; - - //* check if we have already a Let's Encrypt cert - if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { - $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); - - if(is_dir($webroot . "/.well-known/")) { - $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); - $this->_exec("rm -rf " . $webroot . "/.well-known/"); - } - - $app->log("Create challenge directory", LOGLEVEL_DEBUG); - $app->system->mkdirpath($webroot . "/.well-known/"); - $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); - $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); - $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); - $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); - $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); - $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); - - $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot"); - }; - - //* check is been correctly created - if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) { - $date = date("YmdHis"); - if(is_file($key_file)) { - $app->system->copy($key_file, $key_file.'.old'.$date); - $app->system->chmod($key_file.'.old.'.$date, 0400); - $app->system->unlink($key_file); - } - - if ($web_config["website_symlinks_rel"] == 'y') { - $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file)); - } else { - exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file)); - } - - if(is_file($crt_file)) { - $app->system->copy($crt_file, $crt_file.'.old.'.$date); - $app->system->chmod($crt_file.'.old.'.$date, 0400); - $app->system->unlink($crt_file); - } - - if($web_config["website_symlinks_rel"] == 'y') { - $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file)); - } else { - exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file)); - } - - if(is_file($bundle_file)) { - $app->system->copy($bundle_file, $bundle_file.'.old.'.$date); - $app->system->chmod($bundle_file.'.old.'.$date, 0400); - $app->system->unlink($bundle_file); - } - - if($web_config["website_symlinks_rel"] == 'y') { - $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file)); - } else { - exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file)); - } - - /* we don't need to store it. - /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); - $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); - /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); - $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); - } - }; - if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1; //$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder; @@ -1409,10 +1275,8 @@ class apache2_plugin { $socket_dir = escapeshellcmd($web_config['php_fpm_socket_dir']); if(substr($socket_dir, -1) != '/') $socket_dir .= '/'; - $apache_modules = $app->system->getapachemodules(); - - // Use sockets, but not with apache 2.4 on centos (mod_proxy_fcgi) as socket support is buggy in that version - if($data['new']['php_fpm_use_socket'] == 'y' && in_array('fastcgi_module',$apache_modules)){ + // User sockets, but not with apache 2.4 as socket support is buggy in that version + if($data['new']['php_fpm_use_socket'] == 'y' && $app->system->getapacheversion() < 2.4){ $use_tcp = 0; $use_socket = 1; } else { @@ -2798,10 +2662,7 @@ class apache2_plugin { $tpl->newTemplate('php_fpm_pool.conf.master'); $tpl->setVar('apache_version', $app->system->getapacheversion()); - $apache_modules = $app->system->getapachemodules(); - - // Use sockets, but not with apache 2.4 on centos (mod_proxy_fcgi) as socket support is buggy in that version - if($data['new']['php_fpm_use_socket'] == 'y' && in_array('fastcgi_module',$apache_modules)){ + if($data['new']['php_fpm_use_socket'] == 'y'){ $use_tcp = 0; $use_socket = 1; if(!is_dir($socket_dir)) $app->system->mkdirpath($socket_dir); |