github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

backend: user domain vesta ssl certificate support

Browse source
This commit is contained in:
Serghey Rodin 2019-03-14 00:44:06 +02:00
parent f456afec60
commit 8edf965375
8 changed files with 307 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

23
bin/v-copy-sys-mail-ssl → bin/v-add-sys-mail-ssl
View file

@ -26,7 +26,7 @@ source $VESTA/conf/vesta.conf
check_args '2' "$#" 'USER DOMAIN [RESTART]' check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain' is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
@ -51,8 +51,8 @@ fi
diff $dom_crt $vst_crt >/dev/null 2>&1 diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old mv $vst_crt $vst_crt.old >/dev/null 2>&1
mv $vst_key $vst_key.old mv $vst_key $vst_key.old >/dev/null 2>&1
cp $dom_crt $vst_crt 2>/dev/null cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key chown root:mail $vst_crt $vst_key
@ -60,6 +60,23 @@ else
restart=no restart=no
fi fi
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

6
bin/v-copy-sys-vesta-ssl → bin/v-add-sys-vesta-ssl
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# info: copy vesta ssl certificate # info: add vesta ssl certificate
# options: USER DOMAIN [RESTART] # options: USER DOMAIN [RESTART]
# #
# The function copies user domain SSL to vesta SSL directory # The function copies user domain SSL to vesta SSL directory
@ -67,10 +67,10 @@ fi
# Restarting services # Restarting services
if [ "$restart" != 'no' ]; then if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $MAIL_SYSTEM $BIN/v-restart-service $MAIL_SYSTEM
fi fi
if [ ! -z "$IMAP_SYSTEM" ]; then if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $IMAP_SYSTEM $BIN/v-restart-service $IMAP_SYSTEM
fi fi
if [ ! -z "$FTP_SYSTEM" ]; then if [ ! -z "$FTP_SYSTEM" ]; then

16
bin/v-add-web-domain-ssl
View file

@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null
$BIN/v-restart-proxy $restart $BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null check_result $? "Proxy restart failed" >/dev/null
# Updating system ssl dependencies
if [ -z "$VESTA_CERTIFICATE" ]; then
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ -z "$MAIL_CERTIFICATE" ]; then
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
hostname=$(hostname) hostname=$(hostname)
if [ "$hostname" = "$domain" ]; then if [ "$hostname" = "$domain" ]; then

75
bin/v-delete-sys-mail-ssl Executable file
View file

@ -0,0 +1,75 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
# Moving old certificates
if [ -e "$VESTA/ssl/mail.crt" ]; then
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
fi
if [ -e "VESTA/ssl/mail.key" ]; then
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
fi
# Updating vesta.conf value
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

37
bin/v-delete-sys-vesta-ssl Executable file
View file

@ -0,0 +1,37 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Updating vesta.conf value
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

19
bin/v-list-sys-config
View file

@ -51,7 +51,9 @@ json_list() {
"MAIL_URL": "'$MAIL_URL'", "MAIL_URL": "'$MAIL_URL'",
"DB_PMA_URL": "'$DB_PMA_URL'", "DB_PMA_URL": "'$DB_PMA_URL'",
"DB_PGA_URL": "'$DB_PGA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'",
"SOFTACULOUS": "'$SOFTACULOUS'" "SOFTACULOUS": "'$SOFTACULOUS'",
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
} }
}' }'
} }
@ -138,6 +140,12 @@ shell_list() {
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
echo "Language: $LANGUAGE" echo "Language: $LANGUAGE"
fi fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
echo "Mail SSL: $MAIL_CERTIFICATE"
fi
if [ ! -z "$VESTA_CERTIFICATE" ]; then
echo "Vesta SSL: $VESTA_CERTIFICATE"
fi
echo "Version: $VERSION" echo "Version: $VERSION"
} }
@ -151,7 +159,8 @@ plain_list() {
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
echo -e "$VESTA_CERTIFICATE"
} }
@ -165,7 +174,8 @@ csv_list() {
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
echo echo
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -176,6 +186,7 @@ csv_list() {
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
echo echo
} }
@ -187,7 +198,7 @@ csv_list() {
# Listing data # Listing data
case $format in case $format in
json) json_list ;; json) json_list ;;
plain) shell_list ;; plain) plain_list ;;
csv) csv_list ;; csv) csv_list ;;
shell) shell_list ;; shell) shell_list ;;
esac esac

135
bin/v-list-sys-mail-ssl Executable file
View file

@ -0,0 +1,135 @@
#!/bin/bash
# info: list mail ssl certificate
# options: [FORMAT]
#
# The function of obtaining mail ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"MAIL\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
exit
fi
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

16
bin/v-search-ssl-certificates
View file

@ -18,23 +18,19 @@ source $VESTA/func/main.sh
# JSON list function # JSON list function
json_list() { json_list() {
IFS=$'\n' IFS=$'\n'
i=1
objects=$(echo "$search_cmd" |wc -l) objects=$(echo "$search_cmd" |wc -l)
echo "{" i=1
echo '['
for str in $search_cmd; do for str in $search_cmd; do
eval $str eval $str
echo -n ' "'$i'": {
"USER": "'$USER'",
"DOMAIN": "'$DOMAIN'"
}'
if [ "$i" -lt "$objects" ]; then if [ "$i" -lt "$objects" ]; then
echo ',' echo -e "\t\"$USER:$DOMAIN\","
else else
echo echo -e "\t\"$USER:$DOMAIN\""
fi fi
((i++)) (( ++i))
done done
echo '}' echo "]"
} }
# SHELL list function # SHELL list function