/** * Function checkDomainIPConfigured * * Checks whether a domain has at least one ipandport which is actually * configured on any interface of the current host * * @param int $domainid domain id * * @return true if ip is configured, false otherwise */ function checkDomainIPConfigured($domainid) { $result_stmt = Database::prepare("SELECT `ipp`.`ip` FROM `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_IPSANDPORTS . "` `ipp` ON (`dip`.`id_ipandports` = `ipp`.`id`)\n\t\t\t WHERE `dip`.`id_domain` = :domainid;"); Database::pexecute($result_stmt, array('domainid' => (int) $domainid)); while ($result = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (checkIPConfigured($result['ip'])) { return true; } } return false; }
/** * We compose the virtualhost entry for one domain */ protected function getVhostContent($domain, $ssl_vhost = false) { if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) { return ''; } $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) { // by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields $query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;"; } else { $query .= "AND i.ssl = '0';"; } $vhost_content = ''; $result_stmt = Database::prepare($query); Database::pexecute($result_stmt, array('domainid' => $domain['id'])); $ipportlist = ''; $_vhost_content = ''; while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!checkIPConfigured($ipandport['ip'])) { // skip unconfigured IP continue; } $ipport = ''; $domain['ip'] = getListenIP($ipandport['ip']); $domain['port'] = $ipandport['port']; if ($domain['ssl'] == '1') { $domain['ssl_cert_file'] = $ipandport['ssl_cert_file']; $domain['ssl_key_file'] = $ipandport['ssl_key_file']; $domain['ssl_ca_file'] = $ipandport['ssl_ca_file']; $domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile']; // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); } if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' '; } else { $ipport = $domain['ip'] . ':' . $domain['port'] . ' '; } if ($ipandport['default_vhostconf_domain'] != '') { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } $ipportlist .= $ipport; } $vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n"; $vhost_content .= $this->getServerNames($domain); if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') { // We must not check if our port differs from port 443, // but if there is a destination-port != 443 $_sslport = ''; // This returns the first port that is != 443 with ssl enabled, if any // ordered by ssl-certificate (if any) so that the ip/port combo // with certificate is used $ssldestport_stmt = Database::prepare("\n\t\t\t\tSELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\t"); $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id'])); if ($ssldestport['port'] != '') { $_sslport = ":" . $ssldestport['port']; } $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { if ($domain['ssl_cert_file'] == '') { $domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); } if ($domain['ssl_key_file'] == '') { $domain['ssl_key_file'] = Settings::Get('system.ssl_key_file'); } if ($domain['ssl_ca_file'] == '') { $domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file'); } if ($domain['ssl_cert_chainfile'] == '') { $domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile'); } if ($domain['ssl_cert_file'] != '') { $vhost_content .= ' SSLEngine On' . "\n"; $vhost_content .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n"; // this makes it more secure, thx to Marcel (08/2013) $vhost_content .= ' SSLHonorCipherOrder On' . "\n"; $vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; $vhost_content .= ' SSLVerifyDepth 10' . "\n"; $vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n"; if ($domain['ssl_key_file'] != '') { $vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n"; } if ($domain['ssl_ca_file'] != '') { $vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n"; } if ($domain['ssl_cert_chainfile'] != '') { $vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n"; } } } if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) { $corrected_docroot = $this->idnaConvert->encode($domain['documentroot']); // Get domain's redirect code $code = getDomainRedirectCode($domain['id']); $modrew_red = ''; if ($code != '') { $modrew_red = '[R=' . $code . ';L,NE]'; } // redirect everything, not only root-directory, #541 $vhost_content .= ' <IfModule mod_rewrite.c>' . "\n"; $vhost_content .= ' RewriteEngine On' . "\n"; if (!$ssl_vhost) { $vhost_content .= ' RewriteCond %{HTTPS} off' . "\n"; } $vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1 ' . $modrew_red . "\n"; $vhost_content .= ' </IfModule>' . "\n"; $vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n"; } else { if (Settings::Get('system.customerdir_group_webserver') == '1') { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], Settings::Get('system.httpgroup'), true, true, true); } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true, true); } $vhost_content .= $this->getWebroot($domain); if ($this->_deactivated == false) { $vhost_content .= $this->composePhpOptions($domain, $ssl_vhost); $vhost_content .= $this->getStats($domain); } $vhost_content .= $this->getLogfiles($domain); if ($domain['specialsettings'] != '') { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } if ($_vhost_content != '') { $vhost_content .= $_vhost_content; } if (Settings::Get('system.default_vhostconf') != '') { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } } $vhost_content .= '</VirtualHost>' . "\n"; return $vhost_content; }