/**
* Function checkDomainIPConfigured
*
* Checks whether a domain has at least one ipandport which is actually
* configured on any interface of the current host
*
* @param int $domainid domain id
*
* @return true if ip is configured, false otherwise
*/
function checkDomainIPConfigured($domainid)
{
$result_stmt = Database::prepare("SELECT `ipp`.`ip` FROM `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_IPSANDPORTS . "` `ipp` ON (`dip`.`id_ipandports` = `ipp`.`id`)\n\t\t\t WHERE `dip`.`id_domain` = :domainid;");
Database::pexecute($result_stmt, array('domainid' => (int) $domainid));
while ($result = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if (checkIPConfigured($result['ip'])) {
return true;
}
}
return false;
}
/**
* We compose the virtualhost entry for one domain
*/
protected function getVhostContent($domain, $ssl_vhost = false)
{
if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) {
return '';
}
$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields
$query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
} else {
$query .= "AND i.ssl = '0';";
}
$vhost_content = '';
$result_stmt = Database::prepare($query);
Database::pexecute($result_stmt, array('domainid' => $domain['id']));
$ipportlist = '';
$_vhost_content = '';
while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if (!checkIPConfigured($ipandport['ip'])) {
// skip unconfigured IP
continue;
}
$ipport = '';
$domain['ip'] = getListenIP($ipandport['ip']);
$domain['port'] = $ipandport['port'];
if ($domain['ssl'] == '1') {
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
}
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' ';
} else {
$ipport = $domain['ip'] . ':' . $domain['port'] . ' ';
}
if ($ipandport['default_vhostconf_domain'] != '') {
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$ipportlist .= $ipport;
}
$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
$vhost_content .= $this->getServerNames($domain);
if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled, if any
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("\n\t\t\t\tSELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\t");
$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
}
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
if ($domain['ssl_cert_file'] == '') {
$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($domain['ssl_key_file'] == '') {
$domain['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($domain['ssl_ca_file'] == '') {
$domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
if ($domain['ssl_cert_chainfile'] == '') {
$domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
}
if ($domain['ssl_cert_file'] != '') {
$vhost_content .= ' SSLEngine On' . "\n";
$vhost_content .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
// this makes it more secure, thx to Marcel (08/2013)
$vhost_content .= ' SSLHonorCipherOrder On' . "\n";
$vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
$vhost_content .= ' SSLVerifyDepth 10' . "\n";
$vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
if ($domain['ssl_key_file'] != '') {
$vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
}
if ($domain['ssl_ca_file'] != '') {
$vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
}
if ($domain['ssl_cert_chainfile'] != '') {
$vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
}
}
}
if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {
$corrected_docroot = $this->idnaConvert->encode($domain['documentroot']);
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$modrew_red = '';
if ($code != '') {
$modrew_red = '[R=' . $code . ';L,NE]';
}
// redirect everything, not only root-directory, #541
$vhost_content .= ' <IfModule mod_rewrite.c>' . "\n";
$vhost_content .= ' RewriteEngine On' . "\n";
if (!$ssl_vhost) {
$vhost_content .= ' RewriteCond %{HTTPS} off' . "\n";
}
$vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1 ' . $modrew_red . "\n";
$vhost_content .= ' </IfModule>' . "\n";
$vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
} else {
if (Settings::Get('system.customerdir_group_webserver') == '1') {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], Settings::Get('system.httpgroup'), true, true, true);
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true, true);
}
$vhost_content .= $this->getWebroot($domain);
if ($this->_deactivated == false) {
$vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);
$vhost_content .= $this->getStats($domain);
}
$vhost_content .= $this->getLogfiles($domain);
if ($domain['specialsettings'] != '') {
$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
if ($_vhost_content != '') {
$vhost_content .= $_vhost_content;
}
if (Settings::Get('system.default_vhostconf') != '') {
$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
}
$vhost_content .= '</VirtualHost>' . "\n";
return $vhost_content;
}
