github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added SSL CA-bundle support

Browse source
This commit is contained in:
Serghey Rodin 2011-12-12 16:34:24 +02:00
commit 5458c49d39
32 changed files with 158 additions and 428 deletions
Download patch file Download diff file Expand all files Collapse all files

58
bin/v_add_sys_user_ssl
View file

@ -1,58 +0,0 @@
#!/bin/bash
# info: adding ssl certificate
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
ssl=$2
# Importing variables
source $VESTA/conf/vars.conf
source $V_CONF/vesta.conf
source $V_FUNC/shared.func
source $V_FUNC/ssl.func
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Checking arg number
check_args '2' "$#" 'user ssl'
# Checking argument format
format_validation 'user' 'ssl'
# Checking user
is_user_valid
# Checking user is active
is_user_suspended
# Checking certificate name
is_cert_free
# Checking template
is_cert_valid "$V_TMP"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Adding certificate to user dir
mv $V_TMP/$ssl.crt $V_USERS/$user/ssl/
mv $V_TMP/$ssl.key $V_USERS/$user/ssl/
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_history "$V_EVENT" "v_del_sys_user_ssl $user $ssl"
log_event 'system' "$V_EVENT"
exit

4
bin/v_add_web_domain
View file

@ -198,14 +198,14 @@ increase_user_value "$user" '$U_WEB_DOMAINS'
# Defining domain variables
v_str="DOMAIN='$domain'"
v_str="$v_str IP='$ip'"
v_str="$v_str IP='$ip' IP6=''"
v_str="$v_str U_DISK='0'"
v_str="$v_str U_BANDWIDTH='0'"
v_str="$v_str TPL='$template'"
v_str="$v_str ALIAS='$aliases'"
v_str="$v_str $template_data" # Inserting PHP, CGI and ELOG keys
v_str="$v_str STATS='' STATS_AUTH=''"
v_str="$v_str SSL='' SSL_HOME=''"
v_str="$v_str SSL='no' SSL_HOME='single'"
v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'"
# Registering domain

4
bin/v_add_web_domain_alias
View file

@ -82,7 +82,7 @@ upd_web_domain_values
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -96,7 +96,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

2
bin/v_add_web_domain_cgi
View file

@ -64,7 +64,7 @@ del_web_config
add_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config

4
bin/v_add_web_domain_elog
View file

@ -64,7 +64,7 @@ del_web_config
add_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

2
bin/v_add_web_domain_nginx
View file

@ -68,7 +68,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
upd_web_domain_values
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

28
bin/v_add_web_domain_ssl
View file

@ -9,7 +9,7 @@
user=$1
domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain")
ssl=$3
ssl_dir=$3
ssl_home=${4-single}
# Importing variables
@ -25,10 +25,10 @@ source $V_FUNC/ip.func
#----------------------------------------------------------#
# Checking arg number
check_args '3' "$#" 'user domain ssl [sslhome]'
check_args '3' "$#" 'user domain ssl_dir [ssl_home]'
# Checking argument format
format_validation 'user' 'domain' 'ssl'
format_validation 'user' 'domain' 'ssl_dir'
# Checking web system is enabled
is_system_enabled 'web'
@ -59,12 +59,20 @@ is_web_domain_cert_valid
# Action #
#----------------------------------------------------------#
# Adding certificate to user data directory
cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
if [ -e "$ssl_dir/$domain.ca" ]; then
cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
fi
# Parsing domain values
get_web_domain_values
conf="$V_HOME/$user/conf/shttpd.conf"
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
SSL=$ssl
SSL_HOME=$ssl_home
SSL_HOME="$ssl_home"
# Checking ip ownership
is_sys_ip_owner
@ -76,8 +84,12 @@ upd_web_domain_values
add_web_config
# Adding certificate to user dir
cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
fi
# Running template trigger
if [ -x $V_WEBTPL/apache_$template.sh ]; then
@ -115,8 +127,8 @@ fi
increase_user_value "$user" '$U_WEB_SSL'
# Adding ssl values
update_web_domain_value '$SSL' "$SSL"
update_web_domain_value '$SSL_HOME' "$SSL_HOME"
update_web_domain_value '$SSL' 'yes'
# Logging
log_history "$V_EVENT" "v_del_web_domain_ssl $user $domain"

51
bin/v_backup_sys_user
View file

@ -100,31 +100,6 @@ if [ -e "$V_USERS/$user/backup.excludes" ]; then
cp -r $V_USERS/$user/backup.excludes $tmpdir/vesta/
fi
if [ -e "$V_USERS/$user/cron.conf" ]; then
echo -e "$(date "+%F %T") cron.conf"
cp -r $V_USERS/$user/cron.conf $tmpdir/vesta/
fi
if [ -e "$V_USERS/$user/db.conf" ]; then
echo -e "$(date "+%F %T") db.conf"
cp -r $V_USERS/$user/db.conf $tmpdir/vesta/
fi
if [ -e "$V_USERS/$user/dns.conf" ]; then
echo -e "$(date "+%F %T") dns.conf"
cp -r $V_USERS/$user/dns.conf $tmpdir/vesta/
fi
if [ -e "$V_USERS/$user/mail.conf" ]; then
echo -e "$(date "+%F %T") mail.conf"
cp -r $V_USERS/$user/mail.conf $tmpdir/vesta/
fi
if [ -e "$V_USERS/$user/web.conf" ]; then
echo -e "$(date "+%F %T") web.conf"
cp -r $V_USERS/$user/web.conf $tmpdir/vesta/
fi
echo
@ -205,7 +180,7 @@ then
sed -n "$top_line,$bottom_line p" $conf > conf/httpd.conf
# SSL check
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
get_web_config_brds
@ -221,7 +196,7 @@ then
sed -n "$top_line,$bottom_line p" $conf > conf/nginx.conf
# SSL check
if [ ! -z "$SSL" ] ; then
if [ "$SSL" = 'yes' ] ; then
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"
get_web_config_brds
@ -235,8 +210,8 @@ then
done
# SSL Certificates
if [ ! -z "$SSL" ] ; then
cp $V_HOME/$user/conf/$SSL.* ssl/
if [ "$SSL" = 'yes' ] ; then
cp $V_HOME/$user/conf/ssl.$domain.* ssl/
fi
tar -rf $tmpdir/web/$domain/$domain.tar conf ssl
@ -353,23 +328,6 @@ then
echo
fi
# SSL CERTIFICATES
if [ ! -z "$WEB_SSL" ] && [ "$WEB_SSL" != 'no' ] && [ "$SSL" != '*' ]; then
echo "-- SSL --"
mkdir $tmpdir/ssl
# Backingup ssl certificates
cert_list=$(ls $V_USERS/$user/ssl/ | grep ".crt" |\
sed -e "s/\.crt$//" |\
tr '\n' ' ' |\
sed -e 's/ $//' )
for cert in $cert_list; do
echo -e "$(date "+%F %T") $cert"
cp $V_USERS/$user/ssl/$cert.* $tmpdir/ssl/
done
echo
fi
# Get backup size
size="$(du -shm $tmpdir | cut -f 1)"
@ -539,7 +497,6 @@ backup_str="$backup_str WEB='${web_list// /,}'"
backup_str="$backup_str DNS='${dns_list// /,}'"
backup_str="$backup_str MAIL='${mail_list// /,}'"
backup_str="$backup_str DB='${db_list// /,}'"
backup_str="$backup_str SSL='${cert_list// /,}'"
backup_str="$backup_str CRON='$cron_list'"
echo "$backup_str" >> $V_USERS/$user/backup.conf

4
bin/v_change_web_domain_ip
View file

@ -61,7 +61,7 @@ new=$ip
replace_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
replace_web_config
@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
fi
# Checking nginx
if [ ! -z "$SSL" ] && [ ! -z "$NGINX" ]; then
if [ "$SSL" = 'yes' ] && [ ! -z "$NGINX" ]; then
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"
replace_web_config

52
bin/v_change_web_domain_sslcert
View file

@ -9,7 +9,7 @@
user=$1
domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain")
ssl=$3
ssl_dir=$3
# Importing variables
source $VESTA/conf/vars.conf
@ -54,38 +54,27 @@ is_web_domain_cert_valid
# Action #
#----------------------------------------------------------#
# Parsing domain values
get_web_domain_values
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
old_ssl="$SSL"
SSL="$ssl"
# Deleting old certificate
tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
rm -f $V_HOME/$user/conf/ssl.$domain.*
mv $V_USERS/$user/ssl/$domain.* $tmpdir
chown -R $user:$user $tmpdir
# Preparing domain values for the template substitution
upd_web_domain_values
# Recreating vhost
del_web_config
add_web_config
# Checking nginx
if [ ! -z "$NGINX" ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"
del_web_config
add_web_config
# Adding new certificate to user data directory
cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
if [ -e "$ssl_dir/$domain.ca" ]; then
cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
fi
# Adding new certificate to user dir
cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
# Deleting old certificate
check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
if [ "$check_cert" -lt 2 ]; then
rm -f $V_HOME/$user/conf/$old_ssl.crt
rm -f $V_HOME/$user/conf/$old_ssl.key
cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
fi
@ -93,14 +82,11 @@ fi
# Vesta #
#----------------------------------------------------------#
# Adding sslcert in config
update_web_domain_value '$SSL' "$SSL"
# Adding task to the vesta pipe
restart_schedule 'web'
# Logging
log_history "$V_EVENT" "$V_SCRIPT $user $domain $old_ssl"
log_history "$V_EVENT" "$V_SCRIPT $user $domain $tmpdir"
log_event 'system' "$V_EVENT"
exit

15
bin/v_change_web_domain_tpl
View file

@ -62,7 +62,7 @@ conf="$V_HOME/$user/conf/httpd.conf"
del_web_config
# Deleting ssl vhost
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -139,10 +139,15 @@ if [ -x $V_WEBTPL/apache_$template.sh ]; then
fi
# Checking ssl
if [ ! -z "$SSL" ]; then
# Defining variables for ssl template replace
ssl_cert="$V_HOME/$user/conf/$SSL.crt"
ssl_key="$V_HOME/$user/conf/$SSL.key"
if [ "$SSL" = 'yes' ]; then
# Defining SSL vars
ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
ssl_ca_str='#'
fi
case $SSL_HOME in
single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
same) docroot="$V_HOME/$user/web/$domain/public_html" ;;

55
bin/v_del_sys_user_ssl
View file

@ -1,55 +0,0 @@
#!/bin/bash
# info: adding ssl certificate
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
ssl=$2
# Importing variables
source $VESTA/conf/vars.conf
source $V_CONF/vesta.conf
source $V_FUNC/shared.func
source $V_FUNC/ssl.func
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Checking arg number
check_args '2' "$#" 'user certificate'
# Checking argument format
format_validation 'user' 'certificate'
# Checking user
is_user_valid
# Checking user is active
is_user_suspended
# Checking certificate
is_cert_used
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Deleting certificate
rm -f $V_USERS/$user/ssl/$ssl.*
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_history "$V_EVENT"
log_event 'system' "$V_EVENT"
exit

18
bin/v_del_web_domain
View file

@ -57,18 +57,14 @@ conf="$V_HOME/$user/conf/httpd.conf"
del_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
# Deleting old certificate
check_cert=$(grep "SSL='$SSL'" $V_USERS/$user/web.conf |wc -l)
if [ "$check_cert" -lt 2 ]; then
rm -f $V_HOME/$user/conf/$SSL.crt
rm -f $V_HOME/$user/conf/$SSL.key
fi
# Deleting certificates
rm -f $V_HOME/$user/conf/ssl.$domain.*
rm -f $V_USERS/$user/ssl/$domain.*
fi
# Checking nginx
@ -77,7 +73,7 @@ if [ ! -z "$NGINX" ]; then
conf="$V_HOME/$user/conf/nginx.conf"
del_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"
@ -117,7 +113,7 @@ rm -rf /var/log/httpd/domains/$domain.error*
del_web_domain
# Checking last ssl domain
ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf | wc -l)
ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf | wc -l)
if [ "$ssl_dom" -eq '0' ]; then
sed -i "s/ Include /#Include /" $V_HOME/$user/conf/httpd.conf
fi
@ -135,7 +131,7 @@ fi
# Checking last nginx domain
conf='/etc/nginx/conf.d/vesta_users.conf'
last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
if [ -z "$last_snginx" ]; then
sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
if [ ! -z "$sline" ]; then

4
bin/v_del_web_domain_alias
View file

@ -73,7 +73,7 @@ upd_web_domain_values
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -87,7 +87,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

2
bin/v_del_web_domain_cgi
View file

@ -63,7 +63,7 @@ del_web_config
add_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config

4
bin/v_del_web_domain_elog
View file

@ -64,7 +64,7 @@ del_web_config
add_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

4
bin/v_del_web_domain_nginx
View file

@ -57,7 +57,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
del_web_config
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"
del_web_config
@ -75,7 +75,7 @@ update_web_domain_value '$NGINX_EXT' ''
# Checking last nginx domain
conf='/etc/nginx/conf.d/vesta_users.conf'
last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
if [ -z "$last_snginx" ]; then
sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
if [ ! -z "$sline" ]; then

19
bin/v_del_web_domain_ssl
View file

@ -54,7 +54,6 @@ is_web_domain_value_exist '$SSL'
get_web_domain_values
conf="$V_HOME/$user/conf/shttpd.conf"
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
old_ssl="$SSL"
# Deleting domain
del_web_config
@ -67,11 +66,10 @@ if [ ! -z "$NGINX" ]; then
fi
# Deleting old certificate
check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
if [ "$check_cert" -lt 2 ]; then
rm -f $V_HOME/$user/conf/$old_ssl.crt
rm -f $V_HOME/$user/conf/$old_ssl.key
fi
tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
rm -f $V_HOME/$user/conf/ssl.$domain.*
mv $V_USERS/$user/ssl/$domain.* $tmpdir
chown -R $user:$user $tmpdir
#----------------------------------------------------------#
@ -79,11 +77,10 @@ fi
#----------------------------------------------------------#
# Deleting ssl in config
update_web_domain_value '$SSL' ''
update_web_domain_value '$SSL_HOME' ''
update_web_domain_value '$SSL' 'no'
# Checking last ssl domain
ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf)
ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf)
main_conf='/etc/httpd/conf.d/vesta.conf'
conf="$V_HOME/$user/conf/shttpd.conf"
if [ -z "$ssl_dom" ]; then
@ -94,7 +91,7 @@ fi
# Checking last nginx domain
conf='/etc/nginx/conf.d/vesta_users.conf'
last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
if [ -z "$last_snginx" ]; then
sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
if [ ! -z "$sline" ]; then
@ -110,7 +107,7 @@ decrease_user_value "$user" '$U_WEB_SSL'
restart_schedule 'web'
# Logging
log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $SSL $SSL_HOME"
log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $tmpdir $SSL_HOME"
log_event 'system' "$V_EVENT"
exit

2
bin/v_list_sys_user_backups
View file

@ -39,7 +39,7 @@ fi
# Defining fileds to select
fields="\$DATE \$TIME \$RUNTIME \$TYPE \$SIZE \$VESTA \$PAM \$WEB \$DNS \$DB"
fields="$fields \$MAIL \$SSL \$CRON"
fields="$fields \$MAIL \$CRON"
# Listing domains
case $format in

86
bin/v_list_sys_user_ssl
View file

@ -1,86 +0,0 @@
#!/bin/bash
# info: listing ssl certificates
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
format=${2-shell}
# Importing variables
source $VESTA/conf/vars.conf
source $V_FUNC/shared.func
# Json function
json_list_cert() {
# Print top bracket
echo '['
# Checking certificates number
certificates=$(ls $V_USERS/$user/ssl/ |grep '.crt' )
certificates_count=$(echo "$certificates" | wc -l)
i=1
# Listing files by mask
for cert in $certificates; do
if [ $i -eq $certificates_count ]; then
echo -e "\t\"${cert//.crt/}\""
else
echo -e "\t\"${cert//.crt/}\","
fi
(( ++i))
done
# Printing bottom bracket
echo -e "]"
}
# Shell function
shell_list_cert() {
if [ -z "$nohead" ] ; then
# Print brief info
echo "Certificate"
echo "----------"
fi
# Listing files by mask
for cert in $(ls $V_USERS/$user/ssl/ | grep '.crt'); do
# Print result
echo "${cert//.crt/}"
done
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Checking args
check_args '1' "$#" 'user [format] [limit] [offset]'
# Checking argument format
format_validation 'user'
# Checking user
is_user_valid
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Listing domains
case $format in
json) json_list_cert ;;
plain) nohead=1; shell_list_cert ;;
shell) shell_list_cert | column -t ;;
*) check_args '1' '0' 'user [format]' ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

2
bin/v_list_web_domain
View file

@ -102,7 +102,7 @@ fields='$DOMAIN $IP $U_DISK $U_BANDWIDTH $TPL $ALIAS $PHP $CGI $ELOG $STATS
case $format in
json) json_list_domain ;;
plain) nohead=1; shell_list_domain ;;
shell) shell_list_domain | column -t ;;
shell) shell_list_domain |column -t ;;
*) check_args '2' '0' 'user domain [format]'
esac

4
bin/v_rebuild_web_domains
View file

@ -70,7 +70,7 @@ for domain in $(shell_list) ; do
fi
# Checking ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
# Adding domain to the shttpd.conf
conf="$V_HOME/$user/conf/tmp_shttpd.conf"
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
@ -90,7 +90,7 @@ for domain in $(shell_list) ; do
conf="$V_HOME/$user/conf/tmp_nginx.conf"
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
if [ "$SUSPEND" = 'yes' ]; then
proxy_string="rewrite ^(.*)\$ http://$url;"
else

4
bin/v_suspend_web_domain
View file

@ -61,7 +61,7 @@ del_web_config
add_web_config
# Check ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="rewrite ^(.*)\$ http://$url;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

4
bin/v_unsuspend_web_domain
View file

@ -58,7 +58,7 @@ del_web_config
add_web_config
# Check ssl
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
tpl_file="$V_WEBTPL/apache_$TPL.stpl"
conf="$V_HOME/$user/conf/shttpd.conf"
del_web_config
@ -72,7 +72,7 @@ if [ ! -z "$NGINX" ]; then
del_web_config
add_web_config
if [ ! -z "$SSL" ]; then
if [ "$SSL" = 'yes' ]; then
proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;"
tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
conf="$V_HOME/$user/conf/snginx.conf"

6
bin/v_upd_sys_user_backups
View file

@ -213,7 +213,7 @@ if [ -e "$tmp_file" ]; then
fi
# Checking local
if [ "$type" == 'local' ]; then
if [ "$type" = 'local' ]; then
backups=$(ls $V_BACKUP |grep "^$user."|sort)
for backup in $backups; do
get_backup_info $V_BACKUP/$backup $type >> $tmp_file
@ -221,7 +221,7 @@ if [ "$type" == 'local' ]; then
fi
# Checking ftp
if [ "$type" == 'ftp' ]; then
if [ "$type" = 'ftp' ]; then
tmpdir=$(mktemp -p $V_BACKUP -d)
ftmpdir=$(basename $tmpdir)
init_ftp_variables
@ -242,7 +242,7 @@ if [ "$type" == 'ftp' ]; then
fi
# Checking both local and ftp
if [ "$type" == 'ftp,local' ] || [ "$type" == 'local,ftp' ]; then
if [ "$type" = 'ftp,local' ] || [ "$type" = 'local,ftp' ]; then
tmpdir=$(mktemp -p $V_BACKUP -d)
ftmpdir=$(basename $tmpdir)

3
data/templates/apache_default.stpl
View file

@ -31,8 +31,9 @@
php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_cert%
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
<IfModule mod_ruid2.c>
RMode config
RUidGid %user% %group%

3
data/templates/apache_phpcgi.stpl
View file

@ -25,8 +25,9 @@
php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_cert%
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
Include %home%/%user%/conf/shttpd.%domain%.conf*

3
data/templates/apache_phpfcgid.stpl
View file

@ -25,8 +25,9 @@
php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_cert%
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
Include %home%/%user%/conf/shttpd.%domain%.conf*

3
data/templates/apache_unlim.stpl
View file

@ -31,8 +31,9 @@
php_admin_value open_basedir none
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_cert%
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
<IfModule mod_ruid2.c>
RMode config

2
data/templates/ngingx_vhost_default.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%;
server_name_in_redirect off;
ssl on;
ssl_certificate %ssl_cert%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
%elog%error_log /var/log/httpd/domains/%domain%.error.log error;

58
func/domain.func
View file

@ -239,8 +239,10 @@ add_web_config() {
-e "s/%alias_string%/$alias_string/g" \
-e "s/%alias_idn%/${aliases_idn//,/ }/g" \
-e "s/%alias%/${aliases//,/ }/g" \
-e "s/%ssl_cert%/${ssl_cert////\/}/g" \
-e "s/%ssl_crt%/${ssl_crt////\/}/g" \
-e "s/%ssl_key%/${ssl_key////\/}/g" \
-e "s/%ssl_pem%/${ssl_pem////\/}/g" \
-e "s/%ssl_ca_str%/${ssl_ca_str////\/}/g" \
-e "s/%nginx_extentions%/${NGINX_EXT//,/|}/g" \
-e "s/%elog%/$elog/g" \
-e "s/%cgi%/$cgi/g" \
@ -448,13 +450,53 @@ is_web_domain_key_empty() {
}
is_web_domain_cert_valid() {
# Checking file existance
path="$V_USERS/$user/ssl"
if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then
echo "Error: certificate not exist"
log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
exit $E_CERT_NOTEXIST
fi
# Checking certificate
crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep '/C=')
if [ -z "$crt" ]; then
echo "Error: certificate invalid"
log_event 'debug' "$E_CERT_INVALID $V_EVENT"
exit $E_CERT_INVALID
fi
# Checking certificate key
openssl rsa -in "$ssl_dir/$domain.key" -check >/dev/null 2>/dev/null
if [ "$?" -ne 0 ]; then
echo "Error: key invalid"
log_event 'debug' "$E_KEY_INVALID $V_EVENT"
exit $E_KEY_INVALID
fi
# Checking certificate authority
if [ -e "$ssl_dir/$domain.ca" ]; then
ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep '/C=')
if [ -z "$ca" ]; then
echo "Error: certificate invalid"
log_event 'debug' "$E_CERT_INVALID $V_EVENT"
exit $E_CERT_INVALID
fi
fi
# Checking server
openssl s_server -quiet \
-cert $ssl_dir/$domain.crt -key $ssl_dir/$domain.key &
pid=$!
sleep 1
disown > /dev/null 2>&1
kill $pid > /dev/null 2>&1
result=$?
if [ "$result" -ne '0' ]; then
echo "Error: certificate key pair invalid"
log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
exit $E_CERTKEY_INVALID
fi
}
@ -733,8 +775,14 @@ upd_web_domain_values() {
fi
# Defining SSL vars
ssl_cert="$V_HOME/$user/conf/$SSL.crt"
ssl_key="$V_HOME/$user/conf/$SSL.key"
ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
ssl_ca_str='#'
fi
case $SSL_HOME in
single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
same) docroot="$V_HOME/$user/web/$domain/public_html" ;;

76
func/ssl.func
View file

@ -1,76 +0,0 @@
is_cert_free() {
# Defining path
user_cert="$V_USERS/$user/ssl/$cert"
# Checking file existance
if [ -e "$user_cert.crt" ] || [ -e "$user_cert.key" ]; then
echo "Error: certificate exist"
log_event 'debug' "$E_CERT_EXIST $V_EVENT"
exit $E_CERT_EXIST
fi
}
is_cert_valid() {
path="$1"
# Checking file existance
if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
echo "Error: certificate not exist"
log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
exit $E_CERT_NOTEXIST
fi
# Checking crt file
crt=$(openssl verify "$path/$ssl.crt" 2>/dev/null|tail -n 1|grep -w 'OK')
if [ -z "$crt" ]; then
echo "Error: certificate invalid"
log_event 'debug' "$E_CERT_INVALID $V_EVENT"
exit $E_CERT_INVALID
fi
# Checking key file
key=$(openssl rsa -in "$path/$ssl.key" -check 2>/dev/null|\
head -n1|grep -w 'ok')
if [ -z "$key" ]; then
echo "Error: key invalid"
log_event 'debug' "$E_KEY_INVALID $V_EVENT"
exit $E_KEY_INVALID
fi
# FIXME we should run server on free port
# Checking server
cmd="openssl s_server -quiet -cert $path/$ssl.crt -key $path/$ssl.key"
$cmd &
# Defining pid
pid=$!
# Sleep 1 second
sleep 1
# Disown background process
disown > /dev/null 2>&1
# Killing ssl server
kill $pid > /dev/null 2>&1
# Checking result
result=$?
if [ "$result" -ne '0' ]; then
echo "Error: certificate key pair invalid"
log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
exit $E_CERTKEY_INVALID
fi
}
is_cert_used() {
# Parsing config
check_cert=$(grep "SSL='$ssl'" $V_USERS/$user/*.conf)
# Checking result
if [ ! -z "$check_cert" ]; then
echo "Error: certificate used"
log_event 'debug' "$E_CERT_USED $V_EVENT"
exit $E_CERT_USED
fi
}