public function createOwnVhostStarter()
{
if (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
// /var/www/froxlor, needed for chown
$user = Settings::Get('phpfpm.vhost_httpuser');
$group = Settings::Get('phpfpm.vhost_httpgroup');
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $user, 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new phpinterface($domain);
// get php-config
if (Settings::Get('phpfpm.enabled') == '1') {
// fpm
$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
} else {
// fcgid
$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
}
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini (fpm does nothing here, as it
// defines ini-settings in its pool config)
$php->getInterface()->createIniFile($phpconfig);
}
}
public function createOwnVhostStarter()
{
if ($this->settings['phpfpm']['enabled'] == '1' && $this->settings['phpfpm']['enabled_ownvhost'] == '1') {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
// /var/www/froxlor, needed for chown
$user = $this->settings['phpfpm']['vhost_httpuser'];
$group = $this->settings['phpfpm']['vhost_httpgroup'];
$domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $user, 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
// all the files and folders have to belong to the local user
// now because we also use fcgid for our own vhost
safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
// get php.ini for our own vhost
$php = new phpinterface($this->getDB(), $this->settings, $domain);
// @FIXME don't use fcgid settings, but we don't have anything else atm
$phpconfig = $php->getPhpConfig($this->settings['system']['mod_fcgid_defaultini_ownvhost']);
// create starter-file | config-file
$php->getInterface()->createConfig($phpconfig);
// create php.ini
// @TODO make php-fpm support this
$php->getInterface()->createIniFile($phpconfig);
}
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
} else {
$ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
}
fwrite($this->debugHandler, ' apache::createIpPort: creating ip/port settings for ' . $ipport . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for ' . $ipport);
$vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->virtualhosts_data[$vhosts_filename])) {
$this->virtualhosts_data[$vhosts_filename] = '';
}
if ($row_ipsandports['listen_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
}
if ($row_ipsandports['namevirtualhost_statement'] == '1') {
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4');
} else {
$this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
}
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
if ($row_ipsandports['docroot'] == '') {
/**
* add 'real'-vhost content here, like doc-root :)
*/
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
}
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . "\n";
} else {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
$starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler fcgid-script' . "\n";
foreach ($file_extensions as $file_extension) {
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($mypath);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n";
}
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
}
} elseif (Settings::Get('phpfpm.enabled') == '1') {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
$srvName = substr(md5($ipport), 0, 4) . '.fpm.external';
if ($row_ipsandports['ssl']) {
$srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external';
}
// mod_proxy stuff for apache-2.4
if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch \\.php$>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php5-fastcgi .php' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Action php5-fastcgi /fastcgiphp' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($mypath);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n";
}
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
}
}
/**
* dirprotection, see #72
* @TODO deferred until 0.9.5, needs more testing
$this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
$this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
* end of dirprotection
*/
if ($row_ipsandports['specialsettings'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
// #418
if ($row_ipsandports['ssl_cert_chainfile'] == '') {
$row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
}
if ($row_ipsandports['ssl_cert_file'] != '') {
// check for existence, #1485
if (!file_exists($row_ipsandports['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate file "' . $row_ipsandports['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
echo $ipport . ' :: certificate file "' . $row_ipsandports['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
// this makes it more secure, thx to Marcel (08/2013)
$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";
if ($row_ipsandports['ssl_key_file'] != '') {
// check for existence, #1485
if (!file_exists($row_ipsandports['ssl_key_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate key file "' . $row_ipsandports['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
echo $ipport . ' :: certificate key file "' . $row_ipsandports['ssl_key_file'] . '" does not exist! SSL-directives might not be working' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n";
}
}
if ($row_ipsandports['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($row_ipsandports['ssl_ca_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate CA file "' . $row_ipsandports['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
echo $ipport . ' :: certificate CA file "' . $row_ipsandports['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
}
}
// #418
if ($row_ipsandports['ssl_cert_chainfile'] != '') {
// check for existence, #1485
if (!file_exists($row_ipsandports['ssl_cert_chainfile'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate chain file "' . $row_ipsandports['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives');
echo $ipport . ' :: certificate chain file "' . $row_ipsandports['ssl_cert_chainfile'] . '" does not exist! SSL-directives might not be working' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
}
}
}
}
}
$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
}
unset($vhosts_filename);
}
/**
* bug #32
*/
$this->_createStandardDirectoryEntry();
/**
* bug #unknown-yet
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
$port = $row_ipsandports['port'];
$ipv6 = 'server.use-ipv6 = "enable"' . "\n";
} else {
$ip = $row_ipsandports['ip'];
$port = $row_ipsandports['port'];
$ipv6 = '';
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::createIpPort: creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->lighttpd_data[$vhost_filename])) {
$this->lighttpd_data[$vhost_filename] = '';
}
$this->lighttpd_data[$vhost_filename] .= '$SERVER["socket"] == "' . $ip . ':' . $port . '" {' . "\n";
if ($row_ipsandports['listen_statement'] == '1') {
$this->lighttpd_data[$vhost_filename] .= 'server.port = ' . $port . "\n";
$this->lighttpd_data[$vhost_filename] .= 'server.bind = "' . $ip . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= $ipv6;
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$myhost = str_replace('.', '\\.', Settings::Get('system.hostname'));
$this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
$this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\\.|)' . $myhost . '$" {' . "\n";
$mypath = $this->getMyPath($row_ipsandports);
$this->lighttpd_data[$vhost_filename] .= ' server.document-root = "' . $mypath . '"' . "\n";
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->lighttpd_data[$vhost_filename] .= ' url.redirect = (' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' "^/(.*)$" => "' . $mypath . '$1"' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if (!$is_redirect) {
/**
* dirprotection, see #72
*
* @todo use better regex for this, deferred until 0.9.5
*
* $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
* $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n";
* $this->lighttpd_data[$vhost_filename].= ' }' . "\n";
*/
/**
* own php-fpm vhost
*/
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$this->lighttpd_data[$vhost_filename] .= ' fastcgi.server = ( ' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
}
if ($row_ipsandports['specialsettings'] != '') {
$this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
$this->lighttpd_data[$vhost_filename] .= '}' . "\n";
}
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
$domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
// override corresponding array values
$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
if ($domain['ssl_cert_file'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
echo $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
} else {
$this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
if ($domain['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_ca_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
echo $ip . ':' . port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n";
} else {
$this->lighttpd_data[$vhost_filename] .= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
}
}
}
}
}
/**
* this function will create a new file which will be included
* if Settings::Get('system.apacheconf_vhost') is a folder
* refs #70
*/
$vhosts = $this->createLighttpdHosts($row_ipsandports['id'], $row_ipsandports['ssl'], $vhost_filename);
if ($vhosts !== null && is_array($vhosts) && isset($vhosts[0])) {
// sort vhosts by number (subdomains first!)
sort($vhosts);
foreach ($vhosts as $vhost) {
$this->lighttpd_data[$vhost_filename] .= ' include "' . $vhost . '"' . "\n";
}
}
$this->lighttpd_data[$vhost_filename] .= '}' . "\n";
}
/**
* bug #unknown-yet
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("\n\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC\n\t\t");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
} else {
$ip = $row_ipsandports['ip'];
}
$port = $row_ipsandports['port'];
fwrite($this->debugHandler, ' nginx::createIpPort: creating ip/port settings for ' . $ip . ":" . $port . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->nginx_data[$vhost_filename])) {
$this->nginx_data[$vhost_filename] = '';
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
// check for ssl before anything else so
// we know whether it's an ssl vhost or not
$ssl_vhost = false;
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {
$ssl_vhost = true;
}
}
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
$mypath = '';
// no custom docroot set?
if ($row_ipsandports['docroot'] == '') {
// check whether the hostname should directly point to
// the froxlor-installation or not
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$this->nginx_data[$vhost_filename] .= "\t" . 'root ' . $mypath . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'index index.php index.html index.htm;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
if ($row_ipsandports['specialsettings'] != '') {
$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array('domain' => Settings::Get('system.hostname'), 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), 'documentroot' => $mypath), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
/**
* SSL config options
*/
if ($row_ipsandports['ssl'] == '1') {
$row_ipsandports['domain'] = Settings::Get('system.hostname');
$this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
}
$this->nginx_data[$vhost_filename] .= "\tlocation ~ \\.php {\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\\.php)(/.+)\$;\n";
$this->nginx_data[$vhost_filename] .= "\t\tinclude fastcgi_params;\n";
$this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
}
if ((int) Settings::Get('phpfpm.enabled') == 1 && (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
}
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";
$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part
}
}
$this->createNginxHosts();
/**
* standard error pages
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
$port = $row_ipsandports['port'];
$ipv6 = 'server.use-ipv6 = "enable"' . "\n";
} else {
$ip = $row_ipsandports['ip'];
$port = $row_ipsandports['port'];
$ipv6 = '';
}
fwrite($this->debugHandler, ' lighttpd::createIpPort: creating ip/port settings for ' . $ip . ":" . $port . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->lighttpd_data[$vhost_filename])) {
$this->lighttpd_data[$vhost_filename] = '';
}
$this->lighttpd_data[$vhost_filename] .= '$SERVER["socket"] == "' . $ip . ':' . $port . '" {' . "\n";
if ($row_ipsandports['listen_statement'] == '1') {
$this->lighttpd_data[$vhost_filename] .= 'server.port = ' . $port . "\n";
$this->lighttpd_data[$vhost_filename] .= 'server.bind = "' . $ip . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= $ipv6;
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$myhost = str_replace('.', '\\.', Settings::Get('system.hostname'));
$this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
$this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\\.|)' . $myhost . '$" {' . "\n";
if ($row_ipsandports['docroot'] == '') {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$this->lighttpd_data[$vhost_filename] .= ' server.document-root = "' . $mypath . '"' . "\n";
/**
* dirprotection, see #72
* @TODO use better regex for this, deferred until 0.9.5
*
$this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
$this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n";
$this->lighttpd_data[$vhost_filename].= ' }' . "\n";
*/
/**
* own php-fpm vhost
*/
if ((int) Settings::Get('phpfpm.enabled') == 1) {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$this->lighttpd_data[$vhost_filename] .= ' fastcgi.server = ( ' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' )' . "\n";
}
if ($row_ipsandports['specialsettings'] != '') {
$this->lighttpd_data[$vhost_filename] .= $row_ipsandports['specialsettings'] . "\n";
}
$this->lighttpd_data[$vhost_filename] .= '}' . "\n";
}
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
if ($row_ipsandports['ssl_cert_file'] != '') {
$this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
if ($row_ipsandports['ssl_ca_file'] != '') {
$this->lighttpd_data[$vhost_filename] .= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
}
}
}
/**
* this function will create a new file which will be included
* if Settings::Get('system.apacheconf_vhost') is a folder
* refs #70
*/
$vhosts = $this->createLighttpdHosts($row_ipsandports['id'], $row_ipsandports['ssl'], $vhost_filename);
if ($vhosts !== null && is_array($vhosts) && isset($vhosts[0])) {
// sort vhosts by number (subdomains first!)
sort($vhosts);
foreach ($vhosts as $vhost) {
$this->lighttpd_data[$vhost_filename] .= ' include "' . $vhost . '"' . "\n";
}
}
$this->lighttpd_data[$vhost_filename] .= '}' . "\n";
}
/**
* bug #unknown-yet
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
} else {
$ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
}
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::createIpPort: creating ip/port settings for ' . $ipport);
$vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->virtualhosts_data[$vhosts_filename])) {
$this->virtualhosts_data[$vhosts_filename] = '';
}
if ($row_ipsandports['listen_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
}
if ($row_ipsandports['namevirtualhost_statement'] == '1') {
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$this->logger->logAction(CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4');
} else {
$this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
}
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$without_vhost = $this->virtualhosts_data[$vhosts_filename];
$close_vhost = true;
$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
$mypath = $this->getMyPath($row_ipsandports);
$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
}
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$code = '301';
$modrew_red = ' [R=' . $code . ';L,NE]';
// redirect everything, not only root-directory, #541
$this->virtualhosts_data[$vhosts_filename] .= ' <IfModule mod_rewrite.c>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteEngine On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{HTTPS} off' . "\n";
if (Settings::Get('system.le_froxlor_enabled') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteCond %{REQUEST_URI} !^/\\.well-known/acme-challenge' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </IfModule>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <IfModule !mod_rewrite.c>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Redirect ' . $code . ' / ' . $mypath . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </IfModule>' . "\n";
}
}
if (!$is_redirect) {
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . "\n";
} else {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
$starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler fcgid-script' . "\n";
foreach ($file_extensions as $file_extension) {
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($mypath);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n";
}
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
}
} elseif (Settings::Get('phpfpm.enabled') == '1') {
// create php-fpm <Directory>-Part (config is created in apache_fcgid)
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
$srvName = substr(md5($ipport), 0, 4) . '.fpm.external';
if ($row_ipsandports['ssl']) {
$srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external';
}
// mod_proxy stuff for apache-2.4
if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch \\.php$>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$file_extensions = explode(' ', $phpconfig['file_extensions']);
$this->virtualhosts_data[$vhosts_filename] .= ' <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php5-fastcgi .php' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Action php5-fastcgi /fastcgiphp' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </FilesMatch>' . "\n";
// >=apache-2.4 enabled?
if (Settings::Get('system.apache24') == '1') {
$mypath_dir = new frxDirectory($mypath);
// only create the require all granted if there is not active directory-protection
// for this path, as this would be the first require and therefore grant all access
if ($mypath_dir->isUserProtected() == false) {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all granted' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AllowOverride All' . "\n";
}
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
}
} else {
// mod_php
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'guid' => Settings::Get('system.httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
}
}
// end of ssl-redirect check
/**
* dirprotection, see #72
*
* @todo deferred until 0.9.5, needs more testing
* $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
*
* $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
* $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
* end of dirprotection
*/
if ($row_ipsandports['specialsettings'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
// #418
if ($row_ipsandports['ssl_cert_chainfile'] == '') {
$row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
}
$domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
// override corresponding array values
$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
if ($domain['ssl_cert_file'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
// this makes it more secure, thx to Marcel (08/2013)
$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
if ($domain['ssl_key_file'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_key_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "' . $domain['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
}
}
if ($domain['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_ca_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
}
}
// #418
if ($domain['ssl_cert_chainfile'] != '') {
// check for existence, #1485
if (!file_exists($domain['ssl_cert_chainfile'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "' . $domain['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives');
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
}
}
}
} else {
// if there is no cert-file specified but we are generating a ssl-vhost,
// we should return an empty string because this vhost would suck dick, ref #1583
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');
$this->virtualhosts_data[$vhosts_filename] = $without_vhost;
$this->virtualhosts_data[$vhosts_filename] .= '# no ssl-certificate was specified for this domain, therefore no explicit vhost-container is being generated';
$close_vhost = false;
}
}
if ($close_vhost) {
$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
}
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
}
unset($vhosts_filename);
}
/**
* bug #32
*/
$this->_createStandardDirectoryEntry();
/**
* bug #unknown-yet
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports = $this->db->query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
while ($row_ipsandports = $this->db->fetch_array($result_ipsandports)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
} else {
$ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
}
fwrite($this->debugHandler, ' apache::createIpPort: creating ip/port settings for ' . $ipport . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for ' . $ipport);
$vhosts_filename = makeCorrectFile($this->settings['system']['apacheconf_vhost'] . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->virtualhosts_data[$vhosts_filename])) {
$this->virtualhosts_data[$vhosts_filename] = '';
}
if ($row_ipsandports['listen_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
}
if ($row_ipsandports['namevirtualhost_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
if ($row_ipsandports['docroot'] == '') {
/**
* add 'real'-vhost content here, like doc-root :)
*/
if ($this->settings['system']['froxlordirectlyviahostname']) {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
} else {
$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
}
} else {
// user-defined docroot, #417
$mypath = makeCorrectDir($row_ipsandports['docroot']);
}
$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . $this->settings['system']['hostname'] . "\n";
}
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
if ($this->settings['system']['mod_fcgid_ownvhost'] == '1' && $this->settings['system']['mod_fcgid'] == '1') {
$configdir = makeCorrectDir($this->settings['system']['mod_fcgid_configdir'] . '/froxlor.panel/' . $this->settings['system']['hostname']);
$this->virtualhosts_data[$vhosts_filename] .= ' FcgidIdleTimeout ' . $this->settings['system']['mod_fcgid_idle_timeout'] . "\n";
if ((int) $this->settings['system']['mod_fcgid_wrapper'] == 0) {
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' ScriptAlias /php/ ' . $configdir . "\n";
} else {
$starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AddHandler fcgid-script .php' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' FCGIWrapper ' . $starter_filename . ' .php' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
}
} elseif ($this->settings['phpfpm']['enabled'] == '1') {
$domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $this->settings['phpfpm']['vhost_httpuser'], 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($this->getDB(), $this->settings, $domain);
$this->virtualhosts_data[$vhosts_filename] .= ' SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' FastCgiExternalServer ' . $mypath . $domain['domain'] . "." . 'fpm.external -socket ' . $php->getInterface()->getSocketFile() . ' -user ' . $this->settings['system']['mod_fcgid_httpuser'] . ' -group ' . $this->settings['system']['mod_fcgid_httpuser'] . " -idle-timeout " . $this->settings['phpfpm']['idle_timeout'] . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . $mypath . '">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' AddHandler php5-fastcgi .php' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Action php5-fastcgi /fastcgiphp' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Options +ExecCGI' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Order allow,deny' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' allow from all' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' Alias /fastcgiphp ' . $mypath . $domain['domain'] . "." . 'fpm.external' . "\n";
}
/**
* dirprotection, see #72
* @TODO deferred until 0.9.5, needs more testing
$this->virtualhosts_data[$vhosts_filename].= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
$this->virtualhosts_data[$vhosts_filename].= "\t\tAllow from all\n";
$this->virtualhosts_data[$vhosts_filename].= "\t\tOptions -Indexes\n";
$this->virtualhosts_data[$vhosts_filename].= "\t</Directory>\n";
$this->virtualhosts_data[$vhosts_filename].= "\t<Directory \"'.$mypath.'*\">\n";
$this->virtualhosts_data[$vhosts_filename].= "\t\tOrder Deny,Allow\n";
$this->virtualhosts_data[$vhosts_filename].= "\t\tDeny from All\n";
$this->virtualhosts_data[$vhosts_filename].= "\t</Directory>\n";
* end of dirprotection
*/
if ($row_ipsandports['specialsettings'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= $row_ipsandports['specialsettings'] . "\n";
}
if ($row_ipsandports['ssl'] == '1' && $this->settings['system']['use_ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
}
// #418
if ($row_ipsandports['ssl_cert_chainfile'] == '') {
$row_ipsandports['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
}
if ($row_ipsandports['ssl_cert_file'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";
if ($row_ipsandports['ssl_key_file'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n";
}
if ($row_ipsandports['ssl_ca_file'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
}
// #418
if ($row_ipsandports['ssl_cert_chainfile'] != '') {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
}
}
}
$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
}
unset($vhosts_filename);
}
/**
* bug #32
*/
$this->_createStandardDirectoryEntry();
/**
* bug #unknown-yet
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC";
$result_ipsandports = $this->db->query($query);
while ($row_ipsandports = $this->db->fetch_array($result_ipsandports)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
$port = $row_ipsandports['port'];
} else {
$ip = $row_ipsandports['ip'];
$port = $row_ipsandports['port'];
}
fwrite($this->debugHandler, ' nginx::createIpPort: creating ip/port settings for ' . $ip . ":" . $port . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile($this->settings['system']['apacheconf_vhost'] . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->nginx_data[$vhost_filename])) {
$this->nginx_data[$vhost_filename] = '';
}
$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default;' . "\n";
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . $this->settings['system']['hostname'] . ';' . "\n";
}
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
$mypath = '';
if ($row_ipsandports['vhostcontainer'] == '1') {
$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
$this->nginx_data[$vhost_filename] .= "\t" . 'root ' . $mypath . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'index index.php index.html index.htm;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
if ($row_ipsandports['specialsettings'] != '') {
$this->nginx_data[$vhost_filename] .= $row_ipsandports['specialsettings'] . "\n";
}
}
/**
* SSL config options
*/
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
}
if ($row_ipsandports['ssl_cert_file'] != '') {
$this->nginx_data[$vhost_filename] .= "\t" . 'ssl on;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'ssl_certificate ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'ssl_certificate_key ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . ';' . "\n";
if ($row_ipsandports['ssl_ca_file'] != '') {
$this->nginx_data[$vhost_filename] .= 'ssl_client_certificate ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . ';' . "\n";
}
}
}
$this->nginx_data[$vhost_filename] .= "\t" . 'location ~ \\.php$ {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_index index.php;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'include /etc/nginx/fastcgi_params;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' . "\n";
if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_param HTTPS on;' . "\n";
}
if ((int) $this->settings['phpfpm']['enabled'] == 1 && (int) $this->settings['phpfpm']['enabled_ownvhost'] == 1) {
$domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $this->settings['phpfpm']['vhost_httpuser'], 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($this->getDB(), $this->settings, $domain);
$this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_pass unix:' . $php->getInterface()->getSocketFile() . ';' . "\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_pass ' . $this->settings['system']['nginx_php_backend'] . ';' . "\n";
}
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
$this->nginx_data[$vhost_filename] .= '}' . "\n\n";
// End of Froxlor server{}-part
$this->createNginxHosts($row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'], $vhost_filename);
}
/**
* standard error pages
*/
$this->_createStandardErrorHandler();
}
public function createIpPort()
{
$result_ipsandports_stmt = Database::query("\n\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC\n\t\t");
while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip = '[' . $row_ipsandports['ip'] . ']';
} else {
$ip = $row_ipsandports['ip'];
}
$port = $row_ipsandports['port'];
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::createIpPort: creating ip/port settings for ' . $ip . ":" . $port);
$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
if (!isset($this->nginx_data[$vhost_filename])) {
$this->nginx_data[$vhost_filename] = '';
}
if ($row_ipsandports['vhostcontainer'] == '1') {
$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
$mypath = $this->getMyPath($row_ipsandports);
// check for ssl before anything else so
// we know whether it's an ssl vhost or not
$ssl_vhost = false;
if ($row_ipsandports['ssl'] == '1') {
if ($row_ipsandports['ssl_cert_file'] == '') {
$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {
$ssl_vhost = true;
}
$domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
// override corresponding array values
$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
if ($domain['ssl_cert_file'] != '' && file_exists($domain['ssl_cert_file'])) {
// override corresponding array values
$row_ipsandports['ssl_cert_file'] = $domain['ssl_cert_file'];
$row_ipsandports['ssl_key_file'] = $domain['ssl_key_file'];
$row_ipsandports['ssl_ca_file'] = $domain['ssl_ca_file'];
$row_ipsandports['ssl_cert_chainfile'] = $domain['ssl_cert_chainfile'];
$ssl_vhost = true;
}
}
/**
* this HAS to be set for the default host in nginx or else no vhost will work
*/
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'access_log /var/log/nginx/access.log;' . "\n";
$is_redirect = false;
// check for SSL redirect
if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
$is_redirect = true;
// check whether froxlor uses Let's Encrypt and not cert is being generated yet
// or a renew is ongoing - disable redirect
if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
$this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
$is_redirect = false;
} else {
$_sslport = $this->checkAlternativeSslPort();
$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\\.well-known/acme-challenge/\\w+$") {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\t" . 'root ' . $mypath . ';' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'index index.php index.html index.htm;' . "\n\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}
if ($row_ipsandports['specialsettings'] != '') {
$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array('domain' => Settings::Get('system.hostname'), 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), 'documentroot' => $mypath), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
}
/**
* SSL config options
*/
if ($row_ipsandports['ssl'] == '1') {
$row_ipsandports['domain'] = Settings::Get('system.hostname');
$this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
}
if (!$is_redirect) {
$this->nginx_data[$vhost_filename] .= "\tlocation ~ \\.php {\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\\.php)(/.+)\$;\n";
$this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
}
if ((int) Settings::Get('phpfpm.enabled') == 1 && (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
$php = new phpinterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
}
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";
}
$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part
}
}
$this->createNginxHosts();
/**
* standard error pages
*/
$this->_createStandardErrorHandler();
}
