diff --git a/bin/v_add_sys_user_ssl b/bin/v_add_sys_user_ssl deleted file mode 100755 index 4d9d870f7..000000000 --- a/bin/v_add_sys_user_ssl +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -# info: adding ssl certificate - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument defenition -user=$1 -ssl=$2 - -# Importing variables -source $VESTA/conf/vars.conf -source $V_CONF/vesta.conf -source $V_FUNC/shared.func -source $V_FUNC/ssl.func - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Checking arg number -check_args '2' "$#" 'user ssl' - -# Checking argument format -format_validation 'user' 'ssl' - -# Checking user -is_user_valid - -# Checking user is active -is_user_suspended - -# Checking certificate name -is_cert_free - -# Checking template -is_cert_valid "$V_TMP" - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Adding certificate to user dir -mv $V_TMP/$ssl.crt $V_USERS/$user/ssl/ -mv $V_TMP/$ssl.key $V_USERS/$user/ssl/ - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_history "$V_EVENT" "v_del_sys_user_ssl $user $ssl" -log_event 'system' "$V_EVENT" - -exit diff --git a/bin/v_add_web_domain b/bin/v_add_web_domain index 5b00bf695..f5a5843bf 100755 --- a/bin/v_add_web_domain +++ b/bin/v_add_web_domain @@ -198,14 +198,14 @@ increase_user_value "$user" '$U_WEB_DOMAINS' # Defining domain variables v_str="DOMAIN='$domain'" -v_str="$v_str IP='$ip'" +v_str="$v_str IP='$ip' IP6=''" v_str="$v_str U_DISK='0'" v_str="$v_str U_BANDWIDTH='0'" v_str="$v_str TPL='$template'" v_str="$v_str ALIAS='$aliases'" v_str="$v_str $template_data" # Inserting PHP, CGI and ELOG keys v_str="$v_str STATS='' STATS_AUTH=''" -v_str="$v_str SSL='' SSL_HOME=''" +v_str="$v_str SSL='no' SSL_HOME='single'" v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'" # Registering domain diff --git a/bin/v_add_web_domain_alias b/bin/v_add_web_domain_alias index 67b5357de..fed222385 100755 --- a/bin/v_add_web_domain_alias +++ b/bin/v_add_web_domain_alias @@ -82,7 +82,7 @@ upd_web_domain_values del_web_config add_web_config -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -96,7 +96,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_add_web_domain_cgi b/bin/v_add_web_domain_cgi index 6cc4df201..fbd34b742 100755 --- a/bin/v_add_web_domain_cgi +++ b/bin/v_add_web_domain_cgi @@ -64,7 +64,7 @@ del_web_config add_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config diff --git a/bin/v_add_web_domain_elog b/bin/v_add_web_domain_elog index dd193a3b0..0805d06fc 100755 --- a/bin/v_add_web_domain_elog +++ b/bin/v_add_web_domain_elog @@ -64,7 +64,7 @@ del_web_config add_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_add_web_domain_nginx b/bin/v_add_web_domain_nginx index 41b9cc6db..1121250c9 100755 --- a/bin/v_add_web_domain_nginx +++ b/bin/v_add_web_domain_nginx @@ -68,7 +68,7 @@ conf="$V_HOME/$user/conf/nginx.conf" upd_web_domain_values add_web_config -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_add_web_domain_ssl b/bin/v_add_web_domain_ssl index 95ae3157a..1225359e6 100755 --- a/bin/v_add_web_domain_ssl +++ b/bin/v_add_web_domain_ssl @@ -9,7 +9,7 @@ user=$1 domain=$(idn -t --quiet -u "$2" ) domain_idn=$(idn -t --quiet -a "$domain") -ssl=$3 +ssl_dir=$3 ssl_home=${4-single} # Importing variables @@ -25,10 +25,10 @@ source $V_FUNC/ip.func #----------------------------------------------------------# # Checking arg number -check_args '3' "$#" 'user domain ssl [sslhome]' +check_args '3' "$#" 'user domain ssl_dir [ssl_home]' # Checking argument format -format_validation 'user' 'domain' 'ssl' +format_validation 'user' 'domain' 'ssl_dir' # Checking web system is enabled is_system_enabled 'web' @@ -59,12 +59,20 @@ is_web_domain_cert_valid # Action # #----------------------------------------------------------# +# Adding certificate to user data directory +cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt +cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key +cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem +if [ -e "$ssl_dir/$domain.ca" ]; then + cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca + cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem +fi + # Parsing domain values get_web_domain_values conf="$V_HOME/$user/conf/shttpd.conf" tpl_file="$V_WEBTPL/apache_$TPL.stpl" -SSL=$ssl -SSL_HOME=$ssl_home +SSL_HOME="$ssl_home" # Checking ip ownership is_sys_ip_owner @@ -76,8 +84,12 @@ upd_web_domain_values add_web_config # Adding certificate to user dir -cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert -cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key +cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt +cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key +cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem +if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then + cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca +fi # Running template trigger if [ -x $V_WEBTPL/apache_$template.sh ]; then @@ -115,8 +127,8 @@ fi increase_user_value "$user" '$U_WEB_SSL' # Adding ssl values -update_web_domain_value '$SSL' "$SSL" update_web_domain_value '$SSL_HOME' "$SSL_HOME" +update_web_domain_value '$SSL' 'yes' # Logging log_history "$V_EVENT" "v_del_web_domain_ssl $user $domain" diff --git a/bin/v_backup_sys_user b/bin/v_backup_sys_user index 058369932..ad17abba7 100755 --- a/bin/v_backup_sys_user +++ b/bin/v_backup_sys_user @@ -100,31 +100,6 @@ if [ -e "$V_USERS/$user/backup.excludes" ]; then cp -r $V_USERS/$user/backup.excludes $tmpdir/vesta/ fi -if [ -e "$V_USERS/$user/cron.conf" ]; then - echo -e "$(date "+%F %T") cron.conf" - cp -r $V_USERS/$user/cron.conf $tmpdir/vesta/ -fi - -if [ -e "$V_USERS/$user/db.conf" ]; then - echo -e "$(date "+%F %T") db.conf" - cp -r $V_USERS/$user/db.conf $tmpdir/vesta/ -fi - -if [ -e "$V_USERS/$user/dns.conf" ]; then - echo -e "$(date "+%F %T") dns.conf" - cp -r $V_USERS/$user/dns.conf $tmpdir/vesta/ -fi - -if [ -e "$V_USERS/$user/mail.conf" ]; then - echo -e "$(date "+%F %T") mail.conf" - cp -r $V_USERS/$user/mail.conf $tmpdir/vesta/ -fi - - -if [ -e "$V_USERS/$user/web.conf" ]; then - echo -e "$(date "+%F %T") web.conf" - cp -r $V_USERS/$user/web.conf $tmpdir/vesta/ -fi echo @@ -205,7 +180,7 @@ then sed -n "$top_line,$bottom_line p" $conf > conf/httpd.conf # SSL check - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" get_web_config_brds @@ -221,7 +196,7 @@ then sed -n "$top_line,$bottom_line p" $conf > conf/nginx.conf # SSL check - if [ ! -z "$SSL" ] ; then + if [ "$SSL" = 'yes' ] ; then tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" get_web_config_brds @@ -235,8 +210,8 @@ then done # SSL Certificates - if [ ! -z "$SSL" ] ; then - cp $V_HOME/$user/conf/$SSL.* ssl/ + if [ "$SSL" = 'yes' ] ; then + cp $V_HOME/$user/conf/ssl.$domain.* ssl/ fi tar -rf $tmpdir/web/$domain/$domain.tar conf ssl @@ -353,23 +328,6 @@ then echo fi -# SSL CERTIFICATES -if [ ! -z "$WEB_SSL" ] && [ "$WEB_SSL" != 'no' ] && [ "$SSL" != '*' ]; then - echo "-- SSL --" - mkdir $tmpdir/ssl - - # Backingup ssl certificates - cert_list=$(ls $V_USERS/$user/ssl/ | grep ".crt" |\ - sed -e "s/\.crt$//" |\ - tr '\n' ' ' |\ - sed -e 's/ $//' ) - for cert in $cert_list; do - echo -e "$(date "+%F %T") $cert" - cp $V_USERS/$user/ssl/$cert.* $tmpdir/ssl/ - done - echo -fi - # Get backup size size="$(du -shm $tmpdir | cut -f 1)" @@ -539,7 +497,6 @@ backup_str="$backup_str WEB='${web_list// /,}'" backup_str="$backup_str DNS='${dns_list// /,}'" backup_str="$backup_str MAIL='${mail_list// /,}'" backup_str="$backup_str DB='${db_list// /,}'" -backup_str="$backup_str SSL='${cert_list// /,}'" backup_str="$backup_str CRON='$cron_list'" echo "$backup_str" >> $V_USERS/$user/backup.conf diff --git a/bin/v_change_web_domain_ip b/bin/v_change_web_domain_ip index 8e748152a..091e895b4 100755 --- a/bin/v_change_web_domain_ip +++ b/bin/v_change_web_domain_ip @@ -61,7 +61,7 @@ new=$ip replace_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" replace_web_config @@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then fi # Checking nginx -if [ ! -z "$SSL" ] && [ ! -z "$NGINX" ]; then +if [ "$SSL" = 'yes' ] && [ ! -z "$NGINX" ]; then tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" replace_web_config diff --git a/bin/v_change_web_domain_sslcert b/bin/v_change_web_domain_sslcert index 1bedc9ce9..1a36e7f7b 100755 --- a/bin/v_change_web_domain_sslcert +++ b/bin/v_change_web_domain_sslcert @@ -9,7 +9,7 @@ user=$1 domain=$(idn -t --quiet -u "$2" ) domain_idn=$(idn -t --quiet -a "$domain") -ssl=$3 +ssl_dir=$3 # Importing variables source $VESTA/conf/vars.conf @@ -54,38 +54,27 @@ is_web_domain_cert_valid # Action # #----------------------------------------------------------# -# Parsing domain values -get_web_domain_values -tpl_file="$V_WEBTPL/apache_$TPL.stpl" -conf="$V_HOME/$user/conf/shttpd.conf" -old_ssl="$SSL" -SSL="$ssl" +# Deleting old certificate +tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d) +rm -f $V_HOME/$user/conf/ssl.$domain.* +mv $V_USERS/$user/ssl/$domain.* $tmpdir +chown -R $user:$user $tmpdir -# Preparing domain values for the template substitution -upd_web_domain_values - -# Recreating vhost -del_web_config -add_web_config - -# Checking nginx -if [ ! -z "$NGINX" ]; then - proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" - tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" - conf="$V_HOME/$user/conf/snginx.conf" - del_web_config - add_web_config +# Adding new certificate to user data directory +cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt +cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key +cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem +if [ -e "$ssl_dir/$domain.ca" ]; then + cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca + cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem fi # Adding new certificate to user dir -cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert -cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key - -# Deleting old certificate -check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l) -if [ "$check_cert" -lt 2 ]; then - rm -f $V_HOME/$user/conf/$old_ssl.crt - rm -f $V_HOME/$user/conf/$old_ssl.key +cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt +cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key +cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem +if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then + cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca fi @@ -93,14 +82,11 @@ fi # Vesta # #----------------------------------------------------------# -# Adding sslcert in config -update_web_domain_value '$SSL' "$SSL" - # Adding task to the vesta pipe restart_schedule 'web' # Logging -log_history "$V_EVENT" "$V_SCRIPT $user $domain $old_ssl" +log_history "$V_EVENT" "$V_SCRIPT $user $domain $tmpdir" log_event 'system' "$V_EVENT" exit diff --git a/bin/v_change_web_domain_tpl b/bin/v_change_web_domain_tpl index ca78f1228..aedf96653 100755 --- a/bin/v_change_web_domain_tpl +++ b/bin/v_change_web_domain_tpl @@ -62,7 +62,7 @@ conf="$V_HOME/$user/conf/httpd.conf" del_web_config # Deleting ssl vhost -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -139,10 +139,15 @@ if [ -x $V_WEBTPL/apache_$template.sh ]; then fi # Checking ssl -if [ ! -z "$SSL" ]; then - # Defining variables for ssl template replace - ssl_cert="$V_HOME/$user/conf/$SSL.crt" - ssl_key="$V_HOME/$user/conf/$SSL.key" +if [ "$SSL" = 'yes' ]; then + # Defining SSL vars + ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt" + ssl_key="$V_HOME/$user/conf/ssl.$domain.key" + ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem" + ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca" + if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then + ssl_ca_str='#' + fi case $SSL_HOME in single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;; same) docroot="$V_HOME/$user/web/$domain/public_html" ;; diff --git a/bin/v_del_sys_user_ssl b/bin/v_del_sys_user_ssl deleted file mode 100755 index 4d91deaee..000000000 --- a/bin/v_del_sys_user_ssl +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -# info: adding ssl certificate - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument defenition -user=$1 -ssl=$2 - -# Importing variables -source $VESTA/conf/vars.conf -source $V_CONF/vesta.conf -source $V_FUNC/shared.func -source $V_FUNC/ssl.func - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Checking arg number -check_args '2' "$#" 'user certificate' - -# Checking argument format -format_validation 'user' 'certificate' - -# Checking user -is_user_valid - -# Checking user is active -is_user_suspended - -# Checking certificate -is_cert_used - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Deleting certificate -rm -f $V_USERS/$user/ssl/$ssl.* - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_history "$V_EVENT" -log_event 'system' "$V_EVENT" - -exit diff --git a/bin/v_del_web_domain b/bin/v_del_web_domain index d7de93756..e4ab50934 100755 --- a/bin/v_del_web_domain +++ b/bin/v_del_web_domain @@ -57,18 +57,14 @@ conf="$V_HOME/$user/conf/httpd.conf" del_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config - # Deleting old certificate - check_cert=$(grep "SSL='$SSL'" $V_USERS/$user/web.conf |wc -l) - if [ "$check_cert" -lt 2 ]; then - rm -f $V_HOME/$user/conf/$SSL.crt - rm -f $V_HOME/$user/conf/$SSL.key - fi - + # Deleting certificates + rm -f $V_HOME/$user/conf/ssl.$domain.* + rm -f $V_USERS/$user/ssl/$domain.* fi # Checking nginx @@ -77,7 +73,7 @@ if [ ! -z "$NGINX" ]; then conf="$V_HOME/$user/conf/nginx.conf" del_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" @@ -117,7 +113,7 @@ rm -rf /var/log/httpd/domains/$domain.error* del_web_domain # Checking last ssl domain -ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf | wc -l) +ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf | wc -l) if [ "$ssl_dom" -eq '0' ]; then sed -i "s/ Include /#Include /" $V_HOME/$user/conf/httpd.conf fi @@ -135,7 +131,7 @@ fi # Checking last nginx domain conf='/etc/nginx/conf.d/vesta_users.conf' last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf) -last_snginx=$(echo "$last_nginx" | grep -v "SSL=''") +last_snginx=$(echo "$last_nginx" | grep "SSL='yes'") if [ -z "$last_snginx" ]; then sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : ) if [ ! -z "$sline" ]; then diff --git a/bin/v_del_web_domain_alias b/bin/v_del_web_domain_alias index 90466c4c9..6766d8f04 100755 --- a/bin/v_del_web_domain_alias +++ b/bin/v_del_web_domain_alias @@ -73,7 +73,7 @@ upd_web_domain_values del_web_config add_web_config -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -87,7 +87,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_del_web_domain_cgi b/bin/v_del_web_domain_cgi index a82396152..7033cb848 100755 --- a/bin/v_del_web_domain_cgi +++ b/bin/v_del_web_domain_cgi @@ -63,7 +63,7 @@ del_web_config add_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config diff --git a/bin/v_del_web_domain_elog b/bin/v_del_web_domain_elog index 2deac53ec..403c828c2 100755 --- a/bin/v_del_web_domain_elog +++ b/bin/v_del_web_domain_elog @@ -64,7 +64,7 @@ del_web_config add_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_del_web_domain_nginx b/bin/v_del_web_domain_nginx index 29ebb439c..bcb1c6586 100755 --- a/bin/v_del_web_domain_nginx +++ b/bin/v_del_web_domain_nginx @@ -57,7 +57,7 @@ conf="$V_HOME/$user/conf/nginx.conf" del_web_config # Checking ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" del_web_config @@ -75,7 +75,7 @@ update_web_domain_value '$NGINX_EXT' '' # Checking last nginx domain conf='/etc/nginx/conf.d/vesta_users.conf' last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf) -last_snginx=$(echo "$last_nginx" | grep -v "SSL=''") +last_snginx=$(echo "$last_nginx" | grep "SSL='yes'") if [ -z "$last_snginx" ]; then sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : ) if [ ! -z "$sline" ]; then diff --git a/bin/v_del_web_domain_ssl b/bin/v_del_web_domain_ssl index fe8fb9cb2..b9b1140c5 100755 --- a/bin/v_del_web_domain_ssl +++ b/bin/v_del_web_domain_ssl @@ -54,7 +54,6 @@ is_web_domain_value_exist '$SSL' get_web_domain_values conf="$V_HOME/$user/conf/shttpd.conf" tpl_file="$V_WEBTPL/apache_$TPL.stpl" -old_ssl="$SSL" # Deleting domain del_web_config @@ -67,11 +66,10 @@ if [ ! -z "$NGINX" ]; then fi # Deleting old certificate -check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l) -if [ "$check_cert" -lt 2 ]; then - rm -f $V_HOME/$user/conf/$old_ssl.crt - rm -f $V_HOME/$user/conf/$old_ssl.key -fi +tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d) +rm -f $V_HOME/$user/conf/ssl.$domain.* +mv $V_USERS/$user/ssl/$domain.* $tmpdir +chown -R $user:$user $tmpdir #----------------------------------------------------------# @@ -79,11 +77,10 @@ fi #----------------------------------------------------------# # Deleting ssl in config -update_web_domain_value '$SSL' '' -update_web_domain_value '$SSL_HOME' '' +update_web_domain_value '$SSL' 'no' # Checking last ssl domain -ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf) +ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf) main_conf='/etc/httpd/conf.d/vesta.conf' conf="$V_HOME/$user/conf/shttpd.conf" if [ -z "$ssl_dom" ]; then @@ -94,7 +91,7 @@ fi # Checking last nginx domain conf='/etc/nginx/conf.d/vesta_users.conf' last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf) -last_snginx=$(echo "$last_nginx" | grep -v "SSL=''") +last_snginx=$(echo "$last_nginx" | grep "SSL='yes'") if [ -z "$last_snginx" ]; then sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : ) if [ ! -z "$sline" ]; then @@ -110,7 +107,7 @@ decrease_user_value "$user" '$U_WEB_SSL' restart_schedule 'web' # Logging -log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $SSL $SSL_HOME" +log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $tmpdir $SSL_HOME" log_event 'system' "$V_EVENT" exit diff --git a/bin/v_list_sys_user_backups b/bin/v_list_sys_user_backups index 857526e36..2d5c091d4 100755 --- a/bin/v_list_sys_user_backups +++ b/bin/v_list_sys_user_backups @@ -39,7 +39,7 @@ fi # Defining fileds to select fields="\$DATE \$TIME \$RUNTIME \$TYPE \$SIZE \$VESTA \$PAM \$WEB \$DNS \$DB" -fields="$fields \$MAIL \$SSL \$CRON" +fields="$fields \$MAIL \$CRON" # Listing domains case $format in diff --git a/bin/v_list_sys_user_ssl b/bin/v_list_sys_user_ssl deleted file mode 100755 index 16d1e7fad..000000000 --- a/bin/v_list_sys_user_ssl +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# info: listing ssl certificates - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument defenition -user=$1 -format=${2-shell} - -# Importing variables -source $VESTA/conf/vars.conf -source $V_FUNC/shared.func - -# Json function -json_list_cert() { - # Print top bracket - echo '[' - - # Checking certificates number - certificates=$(ls $V_USERS/$user/ssl/ |grep '.crt' ) - certificates_count=$(echo "$certificates" | wc -l) - i=1 - - # Listing files by mask - for cert in $certificates; do - if [ $i -eq $certificates_count ]; then - echo -e "\t\"${cert//.crt/}\"" - else - echo -e "\t\"${cert//.crt/}\"," - fi - (( ++i)) - done - - # Printing bottom bracket - echo -e "]" -} - -# Shell function -shell_list_cert() { - if [ -z "$nohead" ] ; then - # Print brief info - echo "Certificate" - echo "----------" - fi - - # Listing files by mask - for cert in $(ls $V_USERS/$user/ssl/ | grep '.crt'); do - # Print result - echo "${cert//.crt/}" - done -} - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Checking args -check_args '1' "$#" 'user [format] [limit] [offset]' - -# Checking argument format -format_validation 'user' - -# Checking user -is_user_valid - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Listing domains -case $format in - json) json_list_cert ;; - plain) nohead=1; shell_list_cert ;; - shell) shell_list_cert | column -t ;; - *) check_args '1' '0' 'user [format]' ;; -esac - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit diff --git a/bin/v_list_web_domain b/bin/v_list_web_domain index 9f1e581dc..e749a27ea 100755 --- a/bin/v_list_web_domain +++ b/bin/v_list_web_domain @@ -102,7 +102,7 @@ fields='$DOMAIN $IP $U_DISK $U_BANDWIDTH $TPL $ALIAS $PHP $CGI $ELOG $STATS case $format in json) json_list_domain ;; plain) nohead=1; shell_list_domain ;; - shell) shell_list_domain | column -t ;; + shell) shell_list_domain |column -t ;; *) check_args '2' '0' 'user domain [format]' esac diff --git a/bin/v_rebuild_web_domains b/bin/v_rebuild_web_domains index 32ecd718b..e5a893b3f 100755 --- a/bin/v_rebuild_web_domains +++ b/bin/v_rebuild_web_domains @@ -70,7 +70,7 @@ for domain in $(shell_list) ; do fi # Checking ssl - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then # Adding domain to the shttpd.conf conf="$V_HOME/$user/conf/tmp_shttpd.conf" tpl_file="$V_WEBTPL/apache_$TPL.stpl" @@ -90,7 +90,7 @@ for domain in $(shell_list) ; do conf="$V_HOME/$user/conf/tmp_nginx.conf" add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then if [ "$SUSPEND" = 'yes' ]; then proxy_string="rewrite ^(.*)\$ http://$url;" else diff --git a/bin/v_suspend_web_domain b/bin/v_suspend_web_domain index 552d8d01c..48d808591 100755 --- a/bin/v_suspend_web_domain +++ b/bin/v_suspend_web_domain @@ -61,7 +61,7 @@ del_web_config add_web_config # Check ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="rewrite ^(.*)\$ http://$url;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_unsuspend_web_domain b/bin/v_unsuspend_web_domain index d6223d045..06f6d3451 100755 --- a/bin/v_unsuspend_web_domain +++ b/bin/v_unsuspend_web_domain @@ -58,7 +58,7 @@ del_web_config add_web_config # Check ssl -if [ ! -z "$SSL" ]; then +if [ "$SSL" = 'yes' ]; then tpl_file="$V_WEBTPL/apache_$TPL.stpl" conf="$V_HOME/$user/conf/shttpd.conf" del_web_config @@ -72,7 +72,7 @@ if [ ! -z "$NGINX" ]; then del_web_config add_web_config - if [ ! -z "$SSL" ]; then + if [ "$SSL" = 'yes' ]; then proxy_string="proxy_pass https://$ip:$WEB_SSL_PORT;" tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl" conf="$V_HOME/$user/conf/snginx.conf" diff --git a/bin/v_upd_sys_user_backups b/bin/v_upd_sys_user_backups index 0147702e3..0d70fe1dd 100755 --- a/bin/v_upd_sys_user_backups +++ b/bin/v_upd_sys_user_backups @@ -213,7 +213,7 @@ if [ -e "$tmp_file" ]; then fi # Checking local -if [ "$type" == 'local' ]; then +if [ "$type" = 'local' ]; then backups=$(ls $V_BACKUP |grep "^$user."|sort) for backup in $backups; do get_backup_info $V_BACKUP/$backup $type >> $tmp_file @@ -221,7 +221,7 @@ if [ "$type" == 'local' ]; then fi # Checking ftp -if [ "$type" == 'ftp' ]; then +if [ "$type" = 'ftp' ]; then tmpdir=$(mktemp -p $V_BACKUP -d) ftmpdir=$(basename $tmpdir) init_ftp_variables @@ -242,7 +242,7 @@ if [ "$type" == 'ftp' ]; then fi # Checking both local and ftp -if [ "$type" == 'ftp,local' ] || [ "$type" == 'local,ftp' ]; then +if [ "$type" = 'ftp,local' ] || [ "$type" = 'local,ftp' ]; then tmpdir=$(mktemp -p $V_BACKUP -d) ftmpdir=$(basename $tmpdir) diff --git a/data/templates/apache_default.stpl b/data/templates/apache_default.stpl index a0cc86d11..02916c791 100644 --- a/data/templates/apache_default.stpl +++ b/data/templates/apache_default.stpl @@ -31,8 +31,9 @@ php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp SSLEngine on SSLVerifyClient none - SSLCertificateFile %ssl_cert% + SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% RMode config RUidGid %user% %group% diff --git a/data/templates/apache_phpcgi.stpl b/data/templates/apache_phpcgi.stpl index 177da5b4e..9664b0408 100644 --- a/data/templates/apache_phpcgi.stpl +++ b/data/templates/apache_phpcgi.stpl @@ -25,8 +25,9 @@ php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp SSLEngine on SSLVerifyClient none - SSLCertificateFile %ssl_cert% + SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% Include %home%/%user%/conf/shttpd.%domain%.conf* diff --git a/data/templates/apache_phpfcgid.stpl b/data/templates/apache_phpfcgid.stpl index ab51e6a25..6fe5b6e9b 100644 --- a/data/templates/apache_phpfcgid.stpl +++ b/data/templates/apache_phpfcgid.stpl @@ -25,8 +25,9 @@ php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp SSLEngine on SSLVerifyClient none - SSLCertificateFile %ssl_cert% + SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% Include %home%/%user%/conf/shttpd.%domain%.conf* diff --git a/data/templates/apache_unlim.stpl b/data/templates/apache_unlim.stpl index 322420eff..7df4a2ed9 100644 --- a/data/templates/apache_unlim.stpl +++ b/data/templates/apache_unlim.stpl @@ -31,8 +31,9 @@ php_admin_value open_basedir none SSLEngine on SSLVerifyClient none - SSLCertificateFile %ssl_cert% + SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% RMode config diff --git a/data/templates/ngingx_vhost_default.stpl b/data/templates/ngingx_vhost_default.stpl index 342476c45..227470407 100644 --- a/data/templates/ngingx_vhost_default.stpl +++ b/data/templates/ngingx_vhost_default.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; server_name_in_redirect off; ssl on; - ssl_certificate %ssl_cert%; + ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; %elog%error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/func/domain.func b/func/domain.func index 5a54fb8c2..afd3209a0 100644 --- a/func/domain.func +++ b/func/domain.func @@ -239,8 +239,10 @@ add_web_config() { -e "s/%alias_string%/$alias_string/g" \ -e "s/%alias_idn%/${aliases_idn//,/ }/g" \ -e "s/%alias%/${aliases//,/ }/g" \ - -e "s/%ssl_cert%/${ssl_cert////\/}/g" \ + -e "s/%ssl_crt%/${ssl_crt////\/}/g" \ -e "s/%ssl_key%/${ssl_key////\/}/g" \ + -e "s/%ssl_pem%/${ssl_pem////\/}/g" \ + -e "s/%ssl_ca_str%/${ssl_ca_str////\/}/g" \ -e "s/%nginx_extentions%/${NGINX_EXT//,/|}/g" \ -e "s/%elog%/$elog/g" \ -e "s/%cgi%/$cgi/g" \ @@ -448,13 +450,53 @@ is_web_domain_key_empty() { } is_web_domain_cert_valid() { + # Checking file existance - path="$V_USERS/$user/ssl" - if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then + if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then echo "Error: certificate not exist" log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT" exit $E_CERT_NOTEXIST fi + + # Checking certificate + crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep '/C=') + if [ -z "$crt" ]; then + echo "Error: certificate invalid" + log_event 'debug' "$E_CERT_INVALID $V_EVENT" + exit $E_CERT_INVALID + fi + + # Checking certificate key + openssl rsa -in "$ssl_dir/$domain.key" -check >/dev/null 2>/dev/null + if [ "$?" -ne 0 ]; then + echo "Error: key invalid" + log_event 'debug' "$E_KEY_INVALID $V_EVENT" + exit $E_KEY_INVALID + fi + + # Checking certificate authority + if [ -e "$ssl_dir/$domain.ca" ]; then + ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep '/C=') + if [ -z "$ca" ]; then + echo "Error: certificate invalid" + log_event 'debug' "$E_CERT_INVALID $V_EVENT" + exit $E_CERT_INVALID + fi + fi + + # Checking server + openssl s_server -quiet \ + -cert $ssl_dir/$domain.crt -key $ssl_dir/$domain.key & + pid=$! + sleep 1 + disown > /dev/null 2>&1 + kill $pid > /dev/null 2>&1 + result=$? + if [ "$result" -ne '0' ]; then + echo "Error: certificate key pair invalid" + log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT" + exit $E_CERTKEY_INVALID + fi } @@ -733,8 +775,14 @@ upd_web_domain_values() { fi # Defining SSL vars - ssl_cert="$V_HOME/$user/conf/$SSL.crt" - ssl_key="$V_HOME/$user/conf/$SSL.key" + ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt" + ssl_key="$V_HOME/$user/conf/ssl.$domain.key" + ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem" + ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca" + if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then + ssl_ca_str='#' + fi + case $SSL_HOME in single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;; same) docroot="$V_HOME/$user/web/$domain/public_html" ;; diff --git a/func/ssl.func b/func/ssl.func deleted file mode 100644 index 2ec06a90e..000000000 --- a/func/ssl.func +++ /dev/null @@ -1,76 +0,0 @@ -is_cert_free() { - # Defining path - user_cert="$V_USERS/$user/ssl/$cert" - - # Checking file existance - if [ -e "$user_cert.crt" ] || [ -e "$user_cert.key" ]; then - echo "Error: certificate exist" - log_event 'debug' "$E_CERT_EXIST $V_EVENT" - exit $E_CERT_EXIST - fi -} - -is_cert_valid() { - path="$1" - - # Checking file existance - if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then - echo "Error: certificate not exist" - log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT" - exit $E_CERT_NOTEXIST - fi - - # Checking crt file - crt=$(openssl verify "$path/$ssl.crt" 2>/dev/null|tail -n 1|grep -w 'OK') - if [ -z "$crt" ]; then - echo "Error: certificate invalid" - log_event 'debug' "$E_CERT_INVALID $V_EVENT" - exit $E_CERT_INVALID - fi - - # Checking key file - key=$(openssl rsa -in "$path/$ssl.key" -check 2>/dev/null|\ - head -n1|grep -w 'ok') - if [ -z "$key" ]; then - echo "Error: key invalid" - log_event 'debug' "$E_KEY_INVALID $V_EVENT" - exit $E_KEY_INVALID - fi - - # FIXME we should run server on free port - # Checking server - cmd="openssl s_server -quiet -cert $path/$ssl.crt -key $path/$ssl.key" - $cmd & - - # Defining pid - pid=$! - - # Sleep 1 second - sleep 1 - - # Disown background process - disown > /dev/null 2>&1 - - # Killing ssl server - kill $pid > /dev/null 2>&1 - - # Checking result - result=$? - if [ "$result" -ne '0' ]; then - echo "Error: certificate key pair invalid" - log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT" - exit $E_CERTKEY_INVALID - fi -} - -is_cert_used() { - # Parsing config - check_cert=$(grep "SSL='$ssl'" $V_USERS/$user/*.conf) - - # Checking result - if [ ! -z "$check_cert" ]; then - echo "Error: certificate used" - log_event 'debug' "$E_CERT_USED $V_EVENT" - exit $E_CERT_USED - fi -}