From 9bf86eaabdc1550d2c89602655b493f63e8723e6 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 11 Nov 2016 00:28:24 +0200 Subject: [PATCH] LE installation --- web/edit/web/index.php | 259 ++++++++++++++---------------- web/templates/admin/edit_web.html | 19 +-- 2 files changed, 128 insertions(+), 150 deletions(-) diff --git a/web/edit/web/index.php b/web/edit/web/index.php index 4c7377c4e..7712e55d8 100644 --- a/web/edit/web/index.php +++ b/web/edit/web/index.php @@ -35,8 +35,7 @@ $v_tpl = $data[$v_domain]['IP']; $v_cgi = $data[$v_domain]['CGI']; $v_elog = $data[$v_domain]['ELOG']; $v_ssl = $data[$v_domain]['SSL']; -$v_letsencrypt = $data[$v_domain]['LETSENCRYPT']; -if ( $v_ssl == 'yes' && ($v_letsencrypt == 'no' || empty($v_letsencrypt))) { +if (!empty($v_ssl)) { exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); @@ -51,6 +50,8 @@ if ( $v_ssl == 'yes' && ($v_letsencrypt == 'no' || empty($v_letsencrypt))) { $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY']; $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER']; } +$v_letsencrypt = $data[$v_domain]['LETSENCRYPT']; +if (empty($v_letsencrypt)) $v_letsencrypt = 'no'; $v_ssl_home = $data[$v_domain]['SSL_HOME']; $v_backend_template = $data[$v_domain]['BACKEND']; $v_proxy = $data[$v_domain]['PROXY']; @@ -214,10 +215,10 @@ if (!empty($_POST['save'])) { // Change backend template if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { - $v_backend_template = $_POST['v_backend_template']; - exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var); - check_return_code($return_var,$output); - unset($output); + $v_backend_template = $_POST['v_backend_template']; + exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var); + check_return_code($return_var,$output); + unset($output); } // Delete proxy support @@ -264,139 +265,72 @@ if (!empty($_POST['save'])) { $restart_proxy = 'yes'; } - // Disable Lets Encrypt support - - if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." '' 'no'", $output, $return_var); + // Delete Lets Encrypt support + if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) { + exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_letsencrypt = 'no'; + $v_letsencrypt_deleted = 'yes'; + $v_ssl = 'no'; $restart_web = 'yes'; $restart_proxy = 'yes'; - } - else{ - // Delete SSL certificate - if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); - check_return_code($return_var,$output); - unset($output); - $v_ssl = 'no'; - $restart_web = 'yes'; - $restart_proxy = 'yes'; - } - } + } - // Enable Lets Encrypt support - if (( $v_letsencrypt == 'no' || empty( $v_letsencrypt)) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var); - $data = json_decode(implode('', $output), true); - exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '' 'no'", $output, $return_var); + // Delete SSL certificate + if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { + exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + $v_ssl = 'no'; + $restart_web = 'yes'; + $restart_proxy = 'yes'; + } + + // Add Lets Encrypt support + if ((!empty($_POST['v_ssl'])) && ( $v_letsencrypt == 'no' ) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) { + $l_aliases = str_replace("\n", ',', $v_aliases); + exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$l_aliases."' 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_letsencrypt = 'yes'; + $v_ssl = 'yes'; $restart_web = 'yes'; $restart_proxy = 'yes'; } - else{ - // Change SSL certificate - if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - if (( $v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ( $v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key'])) || ( $v_ssl_ca != str_replace("\r\n", "\n", $_POST['v_ssl_ca']))) { - exec ('mktemp -d', $mktemp_output, $return_var); - $tmpdir = $mktemp_output[0]; - // Certificate - if (!empty($_POST['v_ssl_crt'])) { - $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); - fwrite($fp, "\n"); - fclose($fp); - } + // Add SSL certificate + if (( $v_ssl == 'no' ) && (!empty($_POST['v_ssl'])) && (empty($v_letsencrypt_deleted)) && (empty($_SESSION['error_msg']))) { + if (empty($_POST['v_ssl_crt'])) $errors[] = 'ssl certificate'; + if (empty($_POST['v_ssl_key'])) $errors[] = 'ssl key'; + if (empty($_POST['v_ssl_home'])) $errors[] = 'ssl home'; + $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); + if (!empty($errors[0])) { + foreach ($errors as $i => $error) { + if ( $i == 0 ) { + $error_msg = $error; + } else { + $error_msg = $error_msg.", ".$error; + } + } + $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); + } else { + exec ('mktemp -d', $mktemp_output, $return_var); + $tmpdir = $mktemp_output[0]; - // Key - if (!empty($_POST['v_ssl_key'])) { - $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); - fwrite($fp, "\n"); - fclose($fp); - } + // Certificate + if (!empty($_POST['v_ssl_crt'])) { + $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w'); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); + fclose($fp); + } - // CA - if (!empty($_POST['v_ssl_ca'])) { - $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); - fwrite($fp, "\n"); - fclose($fp); - } - - exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); - check_return_code($return_var,$output); - unset($output); - $restart_web = 'yes'; - $restart_proxy = 'yes'; - - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); - $ssl_str = json_decode(implode('', $output), true); - unset($output); - $v_ssl_crt = $ssl_str[$v_domain]['CRT']; - $v_ssl_key = $ssl_str[$v_domain]['KEY']; - $v_ssl_ca = $ssl_str[$v_domain]['CA']; - $v_ssl_subject = $ssl_str[$v_domain]['SUBJECT']; - $v_ssl_aliases = $ssl_str[$v_domain]['ALIASES']; - $v_ssl_not_before = $ssl_str[$v_domain]['NOT_BEFORE']; - $v_ssl_not_after = $ssl_str[$v_domain]['NOT_AFTER']; - $v_ssl_signature = $ssl_str[$v_domain]['SIGNATURE']; - $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY']; - $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER']; - - // Cleanup certificate tempfiles - if (!empty($_POST['v_ssl_crt'])) { - unlink($tmpdir."/".$_POST['v_domain'].".crt"); - } - - if (!empty($_POST['v_ssl_key'])) { - unlink($tmpdir."/".$_POST['v_domain'].".key"); - } - - if (!empty($_POST['v_ssl_ca'])) { - unlink($tmpdir."/".$_POST['v_domain'].".ca"); - } - - rmdir($tmpdir); - } - } - - // Add SSL certificate - if (( $v_ssl == 'no') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate'; - if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key'; - if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home'; - $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - if (!empty($errors[0])) { - foreach ($errors as $i => $error) { - if ( $i == 0 ) { - $error_msg = $error; - } else { - $error_msg = $error_msg.", ".$error; - } - } - $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); - } else { - exec ('mktemp -d', $mktemp_output, $return_var); - $tmpdir = $mktemp_output[0]; - - // Certificate - if (!empty($_POST['v_ssl_crt'])) { - $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); - fclose($fp); - } - - // Key - if (!empty($_POST['v_ssl_key'])) { - $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); - fclose($fp); - } + // Key + if (!empty($_POST['v_ssl_key'])) { + $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w'); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); + fclose($fp); + } // CA if (!empty($_POST['v_ssl_ca'])) { @@ -425,23 +359,72 @@ if (!empty($_POST['save'])) { $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY']; $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER']; - // Cleanup certificate tempfiles - if (!empty($_POST['v_ssl_crt'])) { - unlink($tmpdir."/".$_POST['v_domain'].".crt"); - } + // Cleanup certificate tempfiles + if (!empty($_POST['v_ssl_crt'])) unlink($tmpdir."/".$_POST['v_domain'].".crt"); + if (!empty($_POST['v_ssl_key'])) unlink($tmpdir."/".$_POST['v_domain'].".key"); + if (!empty($_POST['v_ssl_ca'])) unlink($tmpdir."/".$_POST['v_domain'].".ca"); + rmdir($tmpdir); + } + } - if (!empty($_POST['v_ssl_key'])) { - unlink($tmpdir."/".$_POST['v_domain'].".key"); - } + // Change SSL certificate + if (( $v_letsencrypt == 'no' ) && ( $v_ssl == 'yes' ) && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { + if (( $v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ( $v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key'])) || ( $v_ssl_ca != str_replace("\r\n", "\n", $_POST['v_ssl_ca']))) { + exec ('mktemp -d', $mktemp_output, $return_var); + $tmpdir = $mktemp_output[0]; - if (!empty($_POST['v_ssl_ca'])) { - unlink($tmpdir."/".$_POST['v_domain'].".ca"); - } + // Certificate + if (!empty($_POST['v_ssl_crt'])) { + $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w'); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); + fwrite($fp, "\n"); + fclose($fp); + } + + // Key + if (!empty($_POST['v_ssl_key'])) { + $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w'); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); + fwrite($fp, "\n"); + fclose($fp); + } + + // CA + if (!empty($_POST['v_ssl_ca'])) { + $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w'); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); + fwrite($fp, "\n"); + fclose($fp); + } + + exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + $restart_web = 'yes'; + $restart_proxy = 'yes'; + + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + $ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_ssl_crt = $ssl_str[$v_domain]['CRT']; + $v_ssl_key = $ssl_str[$v_domain]['KEY']; + $v_ssl_ca = $ssl_str[$v_domain]['CA']; + $v_ssl_subject = $ssl_str[$v_domain]['SUBJECT']; + $v_ssl_aliases = $ssl_str[$v_domain]['ALIASES']; + $v_ssl_not_before = $ssl_str[$v_domain]['NOT_BEFORE']; + $v_ssl_not_after = $ssl_str[$v_domain]['NOT_AFTER']; + $v_ssl_signature = $ssl_str[$v_domain]['SIGNATURE']; + $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY']; + $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER']; + + // Cleanup certificate tempfiles + if (!empty($_POST['v_ssl_crt'])) unlink($tmpdir."/".$_POST['v_domain'].".crt"); + if (!empty($_POST['v_ssl_key'])) unlink($tmpdir."/".$_POST['v_domain'].".key"); + if (!empty($_POST['v_ssl_ca'])) unlink($tmpdir."/".$_POST['v_domain'].".ca"); + rmdir($tmpdir); + } + } - rmdir($tmpdir); - } - } - } // Change document root for ssl domain if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if ( $v_ssl_home != $_POST['v_ssl_home'] ) { diff --git a/web/templates/admin/edit_web.html b/web/templates/admin/edit_web.html index 46e53c10c..e16486788 100644 --- a/web/templates/admin/edit_web.html +++ b/web/templates/admin/edit_web.html @@ -186,14 +186,9 @@ - - - - - + @@ -217,7 +212,7 @@ @@ -246,7 +241,7 @@ + if ($v_ssl != 'no' ) { ?> - +
- -
- +
+
- / + /
@@ -311,7 +306,7 @@
@@ -337,7 +332,7 @@ - > +