deleted unused files and added original file from installed version
This commit is contained in:
root
parent
91650f0768
commit
320aed5cac
3 changed files with 4 additions and 356 deletions
29
cli.ini
29
cli.ini
|
|
@ -1,29 +0,0 @@
|
|||
# This is an example of the kind of things you can do in a configuration file.
|
||||
# All flags used by the client can be configured here. Run Let's Encrypt with
|
||||
# "--help" to learn more about the available options.
|
||||
|
||||
# Use a 4096 bit RSA key instead of 2048
|
||||
rsa-key-size = 4096
|
||||
|
||||
# Always use the staging/testing server
|
||||
#server = https://acme-staging.api.letsencrypt.org/directory
|
||||
|
||||
# Uncomment and update to register with the specified e-mail address
|
||||
# email = foo@example.com
|
||||
|
||||
# Uncomment to use a text interface instead of ncurses
|
||||
# text = True
|
||||
|
||||
# Uncomment to use the standalone authenticator on port 443
|
||||
# authenticator = standalone
|
||||
# standalone-supported-challenges = dvsni
|
||||
|
||||
# Uncomment to use the webroot authenticator. Replace webroot-path with the
|
||||
# path to the public_html / webroot folder being served by your web server.
|
||||
# authenticator = webroot
|
||||
# webroot-path = /usr/share/nginx/html
|
||||
|
||||
text = True
|
||||
agree-tos = True
|
||||
authenticator = webroot
|
||||
server = https://acme-v01.api.letsencrypt.org/directory
|
||||
184
install.php
184
install.php
|
|
@ -1,184 +0,0 @@
|
|||
<?php
|
||||
/*
|
||||
Let's Encrypt for ISPConfig
|
||||
Copyright (c) 2015, Alexandre Alouit <alexandre.alouit@gmail.com>
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
$backup_dir = "/var/backup/";
|
||||
$backup_file = date("Ymdhis")."-ISPConfig-letsencrypt.tar.gz";
|
||||
$backup_file2 = date("Ymdhis")."-cronjob.txt";
|
||||
|
||||
if(!file_exists("/usr/local/ispconfig/server/lib/config.inc.php") OR !file_exists("/usr/local/ispconfig/server/lib/mysql_clientdb.conf")) {
|
||||
echo "ERROR: Unable to load the ISPConfig defaut configuration files.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once "/usr/local/ispconfig/server/lib/config.inc.php";
|
||||
require_once "/usr/local/ispconfig/server/lib/mysql_clientdb.conf";
|
||||
|
||||
if($conf["app_version"] != "3.0.5.4p8" && $conf['app_version'] != "3.0.5.4p9") {
|
||||
echo "ERROR: This version is unsupported.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!file_exists($backup_dir)) {
|
||||
echo "Backup directory not found.\n";
|
||||
mkdir($backup_dir, 0700);
|
||||
}
|
||||
|
||||
if(!file_exists($backup_dir)) {
|
||||
echo "ERROR: Create it, and relaunch me!\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
if(getcwd() != realpath(dirname(__FILE__))) {
|
||||
echo "ERROR: Run me in current installer directory!\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
echo "Create backup on " . $backup_dir . " directory\n";
|
||||
|
||||
exec("/bin/tar -czf " . $backup_dir . $backup_file . " /usr/local/ispconfig");
|
||||
|
||||
if(!file_exists($backup_dir . $backup_file )) {
|
||||
echo "ERROR: There was a problem with the backup file.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
echo "Backup finished\n";
|
||||
|
||||
if(!is_dir("/etc/letsencrypt")) {
|
||||
echo "ERROR: Let's Encrypt directory ( /etc/letsencrypt/ ) is missing, install it corecctly!\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!is_file("/root/.local/share/letsencrypt/bin/letsencrypt")) {
|
||||
echo "ERROR: Let's Encrypt ( /root/.local/share/letsencrypt/bin/letsencrypt ) is missing, install it corecctly!\n";
|
||||
exit;
|
||||
}
|
||||
/*
|
||||
if(!is_file("/root/.local/share/letsencrypt/bin/letsencrypt-renewer")) {
|
||||
echo "ERROR: Let's Encrypt ( /root/.local/share/letsencrypt/bin/letsencrypt-renewer ) is missing, install it corecctly!\n";
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
if(is_file("/etc/letsencrypt/cli.ini")) {
|
||||
echo "Let's Encrypt configuration file exist, backup up and remove.\n";
|
||||
exec("cp /etc/letsencrypt/cli.ini " . $backup_dir . date("Ymdhis") . "-letsencrypt.cli.ini");
|
||||
exec("rm /etc/letsencrypt/cli.ini");
|
||||
|
||||
}
|
||||
echo "Copy Let's Encrypt configuration.\n";
|
||||
exec("cp ./cli.ini /etc/letsencrypt/cli.ini");
|
||||
|
||||
if(!$buffer = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password)) {
|
||||
echo "ERROR: There was a problem with the MySQL connection.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
echo "Start MySQL update..\n";
|
||||
mysql_db_query($conf['db_database'], "ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n';", $buffer);
|
||||
|
||||
if(is_file("/etc/apache2/apache2.conf")) {
|
||||
echo "Configure Apache and reload it.\n";
|
||||
if(is_dir("/etc/apache2/conf-available")) {
|
||||
if(is_file("/etc/apache2/conf-available/letsencrypt.conf")) {
|
||||
exec("rm /etc/apache2/conf-available/letsencrypt.conf");
|
||||
}
|
||||
exec("cp ./apache.letsencrypt.conf /etc/apache2/conf-available/letsencrypt.conf");
|
||||
}
|
||||
if(is_dir("/etc/apache2/conf.d")) {
|
||||
if(is_file("/etc/apache2/conf.d/letsencrypt.conf")) {
|
||||
exec("rm /etc/apache2/conf.d/letsencrypt.conf");
|
||||
}
|
||||
exec("cp ./apache.letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf");
|
||||
}
|
||||
exec("a2enmod headers");
|
||||
exec("a2enconf letsencrypt");
|
||||
exec("service apache2 reload");
|
||||
}
|
||||
|
||||
if(is_file("/etc/nginx/nginx.conf")) {
|
||||
echo "Backup Nginx file to " . $backup_dir . ".\n";
|
||||
exec("cp /etc/nginx/nginx.conf " . $backup_dir . date("Ymdhis") . "-nginx.conf");
|
||||
echo "Patch Nginx and reload it.\n";
|
||||
exec("patch /etc/nginx/nginx.conf < ./nginx.conf.patch");
|
||||
exec("service nginx reload");
|
||||
}
|
||||
|
||||
echo "Create backup cronjob on " . $backup_dir . " directory\n";
|
||||
exec("crontab -l >> " . $backup_dir . $backup_file2);
|
||||
if(!file_exists($backup_dir . $backup_file2 )) {
|
||||
echo "ERROR: There was a problem with the cronjob backup file.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
exec("crontab -l", $output);
|
||||
|
||||
if(!in_array("30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/ispconfig/cron.log;", $output)) {
|
||||
echo "Add a cronjob for renewal certs\n";
|
||||
|
||||
$output[] = "30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/ispconfig/cron.log;";
|
||||
|
||||
exec("touch ./crontab.tmp");
|
||||
if(!is_file("./crontab.tmp")) {
|
||||
echo "ERROR: Unable to create temporary crontab file.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
foreach($output as $line) {
|
||||
exec("echo '" . $line . "' >> ./crontab.tmp");
|
||||
}
|
||||
|
||||
/*
|
||||
exec("cat ./crontab.tmp", $crontab);
|
||||
|
||||
$diff = array_diff($output, $crontab);
|
||||
if(empty($diff)) {
|
||||
exec("crontab ./crontab.tmp");
|
||||
exec("rm ./crontab.tmp");
|
||||
} else {
|
||||
echo "ERROR: There was a problem with the cronjob temporary file.\n";
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
exec("crontab ./crontab.tmp");
|
||||
exec("rm ./crontab.tmp");
|
||||
} else {
|
||||
echo "Renewer already present in crontab.\n";
|
||||
}
|
||||
|
||||
echo "And finally, update ISPConfig.\n";
|
||||
|
||||
if(!is_file("/usr/bin/rsync")) {
|
||||
echo "ERROR: Unable to find rsync binary, install it or merge ./src to /usr/local/ispconfig manually.\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
exec("rsync -av ./src/ /usr/local/ispconfig");
|
||||
|
||||
echo "Done my job. Enjoy!\n";
|
||||
exit;
|
||||
?>
|
||||
|
|
@ -935,7 +935,7 @@ class apache2_plugin {
|
|||
|
||||
// Check if a SSL cert exists
|
||||
$ssl_dir = $data['new']['document_root'].'/ssl';
|
||||
$domain = $data['new']['domain'];
|
||||
$domain = $data['new']['ssl_domain'];
|
||||
$key_file = $ssl_dir.'/'.$domain.'.key';
|
||||
$crt_file = $ssl_dir.'/'.$domain.'.crt';
|
||||
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
|
||||
|
|
@ -950,140 +950,6 @@ class apache2_plugin {
|
|||
}
|
||||
*/
|
||||
|
||||
//* Generate Let's Encrypt SSL certificat
|
||||
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
|
||||
($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|
||||
OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|
||||
OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|
||||
OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
|
||||
OR ($data['old']['type'] == 'alias' OR $data['new']['type'] == 'alias') // we have new or update on alias domain
|
||||
)) {
|
||||
$data['new']['ssl_domain'] = $domain;
|
||||
$vhost_data['ssl_domain'] = $domain;
|
||||
|
||||
// default values
|
||||
$temp_domains = array();
|
||||
$lddomain = $domain;
|
||||
$subdomains = null;
|
||||
$aliasdomains = null;
|
||||
$sub_prefixes = array();
|
||||
|
||||
//* be sure to have good domain
|
||||
if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
|
||||
$temp_domains[] = "www." . $domain;
|
||||
}
|
||||
|
||||
//* then, add subdomain if we have
|
||||
$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
|
||||
if(is_array($subdomains)) {
|
||||
foreach($subdomains as $subdomain) {
|
||||
$temp_domains[] = $subdomain['domain'];
|
||||
$sub_prefixes[] = str_replace($domain, "", $subdomain['domain']);
|
||||
}
|
||||
}
|
||||
|
||||
//* then, add alias domain if we have
|
||||
$aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'");
|
||||
if(is_array($aliasdomains)) {
|
||||
foreach($aliasdomains as $aliasdomain) {
|
||||
$temp_domains[] = $aliasdomain['domain'];
|
||||
if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) {
|
||||
$temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain'];
|
||||
}
|
||||
|
||||
foreach($sub_prefixes as $s) {
|
||||
$temp_domains[] = $s . $aliasdomain['domain'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// prevent duplicate
|
||||
$temp_domains = array_unique($temp_domains);
|
||||
|
||||
// generate cli format
|
||||
foreach($temp_domains as $temp_domain) {
|
||||
$lddomain .= (string) " --domains " . $temp_domain;
|
||||
}
|
||||
|
||||
// useless data
|
||||
unset($subdomains);
|
||||
unset($temp_domains);
|
||||
|
||||
$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
|
||||
$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
|
||||
$bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
|
||||
$webroot = $data['new']['document_root']."/web";
|
||||
|
||||
//* check if we have already a Let's Encrypt cert
|
||||
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
|
||||
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
|
||||
|
||||
if(is_dir($webroot . "/.well-known/")) {
|
||||
$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
|
||||
$this->_exec("rm -rf " . $webroot . "/.well-known/");
|
||||
}
|
||||
|
||||
$app->log("Create challenge directory", LOGLEVEL_DEBUG);
|
||||
$app->system->mkdirpath($webroot . "/.well-known/");
|
||||
$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
|
||||
$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
|
||||
$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
|
||||
$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
|
||||
$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
|
||||
$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
|
||||
|
||||
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot");
|
||||
};
|
||||
|
||||
//* check is been correctly created
|
||||
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
|
||||
$date = date("YmdHis");
|
||||
if(is_file($key_file)) {
|
||||
$app->system->copy($key_file, $key_file.'.old'.$date);
|
||||
$app->system->chmod($key_file.'.old.'.$date, 0400);
|
||||
$app->system->unlink($key_file);
|
||||
}
|
||||
|
||||
if ($web_config["website_symlinks_rel"] == 'y') {
|
||||
$this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
|
||||
} else {
|
||||
exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
|
||||
}
|
||||
|
||||
if(is_file($crt_file)) {
|
||||
$app->system->copy($crt_file, $crt_file.'.old.'.$date);
|
||||
$app->system->chmod($crt_file.'.old.'.$date, 0400);
|
||||
$app->system->unlink($crt_file);
|
||||
}
|
||||
|
||||
if($web_config["website_symlinks_rel"] == 'y') {
|
||||
$this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
|
||||
} else {
|
||||
exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
|
||||
}
|
||||
|
||||
if(is_file($bundle_file)) {
|
||||
$app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
|
||||
$app->system->chmod($bundle_file.'.old.'.$date, 0400);
|
||||
$app->system->unlink($bundle_file);
|
||||
}
|
||||
|
||||
if($web_config["website_symlinks_rel"] == 'y') {
|
||||
$this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
|
||||
} else {
|
||||
exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
|
||||
}
|
||||
|
||||
/* we don't need to store it.
|
||||
/* Update the DB of the (local) Server */
|
||||
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
|
||||
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
|
||||
/* Update also the master-DB of the Server-Farm */
|
||||
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
|
||||
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
|
||||
}
|
||||
};
|
||||
|
||||
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
|
||||
|
||||
//$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder;
|
||||
|
|
@ -1409,10 +1275,8 @@ class apache2_plugin {
|
|||
$socket_dir = escapeshellcmd($web_config['php_fpm_socket_dir']);
|
||||
if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
|
||||
|
||||
$apache_modules = $app->system->getapachemodules();
|
||||
|
||||
// Use sockets, but not with apache 2.4 on centos (mod_proxy_fcgi) as socket support is buggy in that version
|
||||
if($data['new']['php_fpm_use_socket'] == 'y' && in_array('fastcgi_module',$apache_modules)){
|
||||
// User sockets, but not with apache 2.4 as socket support is buggy in that version
|
||||
if($data['new']['php_fpm_use_socket'] == 'y' && $app->system->getapacheversion() < 2.4){
|
||||
$use_tcp = 0;
|
||||
$use_socket = 1;
|
||||
} else {
|
||||
|
|
@ -2798,10 +2662,7 @@ class apache2_plugin {
|
|||
$tpl->newTemplate('php_fpm_pool.conf.master');
|
||||
$tpl->setVar('apache_version', $app->system->getapacheversion());
|
||||
|
||||
$apache_modules = $app->system->getapachemodules();
|
||||
|
||||
// Use sockets, but not with apache 2.4 on centos (mod_proxy_fcgi) as socket support is buggy in that version
|
||||
if($data['new']['php_fpm_use_socket'] == 'y' && in_array('fastcgi_module',$apache_modules)){
|
||||
if($data['new']['php_fpm_use_socket'] == 'y'){
|
||||
$use_tcp = 0;
|
||||
$use_socket = 1;
|
||||
if(!is_dir($socket_dir)) $app->system->mkdirpath($socket_dir);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue