protected function getVhostContent($domain, $ssl_vhost = false, $ipid)
{
if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
return '';
}
$vhost_content = '';
$vhost_content .= $this->getServerNames($domain) . " {\n";
// respect ssl_redirect settings, #542
if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled, if any
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;");
$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
}
// avoid using any whitespaces
$domain['documentroot'] = trim($domain['documentroot']);
if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {
$vhost_content .= ' url.redirect = (' . "\n";
$vhost_content .= ' "^/(.*)$" => "' . $this->idnaConvert->encode_uri($domain['documentroot']) . '$1"' . "\n";
$vhost_content .= ' )' . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
$only_webroot = false;
if ($ssl_vhost === false && $domain['ssl_redirect'] == '1') {
$only_webroot = true;
}
$vhost_content .= $this->getWebroot($domain, $ssl_vhost);
if (!$only_webroot) {
if ($this->_deactivated == false) {
$vhost_content .= $this->create_htaccess($domain);
$vhost_content .= $this->create_pathOptions($domain);
$vhost_content .= $this->composePhpOptions($domain);
$vhost_content .= $this->getStats($domain);
$ipandport_stmt = Database::prepare("\n\t\t\t\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "`\n\t\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\t");
$ipandport = Database::pexecute_first($ipandport_stmt, array('id' => $ipid));
$domain['ip'] = $ipandport['ip'];
$domain['port'] = $ipandport['port'];
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
// #418
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
$vhost_content .= $this->getSslSettings($domain, $ssl_vhost);
if ($domain['specialsettings'] != "") {
$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
if ($ipandport['default_vhostconf_domain'] != '') {
$vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
if (Settings::Get('system.default_vhostconf') != '') {
$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
}
$vhost_content .= $this->getLogFiles($domain);
}
}
$vhost_content .= '}' . "\n";
return $vhost_content;
}
/**
* We compose the virtualhost entry for one domain
*/
protected function getVhostContent($domain, $ssl_vhost = false)
{
if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) {
return '';
}
$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields
$query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
} else {
$query .= "AND i.ssl = '0';";
}
$vhost_content = '';
$result_stmt = Database::prepare($query);
Database::pexecute($result_stmt, array('domainid' => $domain['id']));
$ipportlist = '';
$_vhost_content = '';
while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$ipport = '';
$domain['ip'] = $ipandport['ip'];
$domain['port'] = $ipandport['port'];
if ($domain['ssl'] == '1') {
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
}
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' ';
} else {
$ipport = $domain['ip'] . ':' . $domain['port'] . ' ';
}
if ($ipandport['default_vhostconf_domain'] != '') {
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$ipportlist .= $ipport;
}
$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
$vhost_content .= $this->getServerNames($domain);
if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled, if any
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("\n\t\t\t\tSELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\t");
$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
}
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
if ($domain['ssl_cert_file'] == '') {
$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
}
if ($domain['ssl_key_file'] == '') {
$domain['ssl_key_file'] = Settings::Get('system.ssl_key_file');
}
if ($domain['ssl_ca_file'] == '') {
$domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
}
if ($domain['ssl_cert_chainfile'] == '') {
$domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
}
if ($domain['ssl_cert_file'] != '') {
$vhost_content .= ' SSLEngine On' . "\n";
$vhost_content .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
// this makes it more secure, thx to Marcel (08/2013)
$vhost_content .= ' SSLHonorCipherOrder On' . "\n";
$vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
$vhost_content .= ' SSLVerifyDepth 10' . "\n";
$vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
if ($domain['ssl_key_file'] != '') {
$vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
}
if ($domain['ssl_ca_file'] != '') {
$vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
}
if ($domain['ssl_cert_chainfile'] != '') {
$vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
}
}
}
if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {
$corrected_docroot = $this->idnaConvert->encode($domain['documentroot']);
// Get domain's redirect code
$code = getDomainRedirectCode($domain['id']);
$modrew_red = '';
if ($code != '') {
$modrew_red = '[R=' . $code . ';L,NE]';
}
// redirect everything, not only root-directory, #541
$vhost_content .= ' <IfModule mod_rewrite.c>' . "\n";
$vhost_content .= ' RewriteEngine On' . "\n";
if (!$ssl_vhost) {
$vhost_content .= ' RewriteCond %{HTTPS} off' . "\n";
}
$vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1 ' . $modrew_red . "\n";
$vhost_content .= ' </IfModule>' . "\n";
$vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
$vhost_content .= $this->getWebroot($domain);
if ($this->_deactivated == false) {
$vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);
$vhost_content .= $this->getStats($domain);
}
$vhost_content .= $this->getLogfiles($domain);
if ($domain['specialsettings'] != '') {
$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
if ($_vhost_content != '') {
$vhost_content .= $_vhost_content;
}
if (Settings::Get('system.default_vhostconf') != '') {
$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
}
$vhost_content .= '</VirtualHost>' . "\n";
return $vhost_content;
}
protected function getVhostContent($domain, $ssl_vhost = false)
{
if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
return '';
}
$vhost_content = '';
$_vhost_content = '';
$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
// by ordering by cert-file the row with filled out SSL-Fields will be shown last,
// thus it is enough to fill out 1 set of SSL-Fields
$query .= "AND i.ssl = 1 ORDER BY i.ssl_cert_file ASC;";
} else {
$query .= "AND i.ssl = '0';";
}
// start vhost
$vhost_content .= 'server { ' . "\n";
$result_stmt = Database::prepare($query);
Database::pexecute($result_stmt, array('domainid' => $domain['id']));
while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$domain['ip'] = $ipandport['ip'];
$domain['port'] = $ipandport['port'];
if ($domain['ssl'] == '1') {
$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
// SSL STUFF
$dssl = new DomainSSL();
// this sets the ssl-related array-indices in the $domain array
// if the domain has customer-defined ssl-certificates
$dssl->setDomainSSLFilesArray($domain);
}
if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
} else {
$ipport = $domain['ip'] . ':' . $domain['port'];
}
if ($ipandport['default_vhostconf_domain'] != '') {
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
}
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
}
// get all server-names
$vhost_content .= $this->getServerNames($domain);
// respect ssl_redirect settings, #542
if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
// We must not check if our port differs from port 443,
// but if there is a destination-port != 443
$_sslport = '';
// This returns the first port that is != 443 with ssl enabled, if any
// ordered by ssl-certificate (if any) so that the ip/port combo
// with certificate is used
$ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;");
$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
if ($ssldestport['port'] != '') {
$_sslport = ":" . $ssldestport['port'];
}
$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
}
// if the documentroot is an URL we just redirect
if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) {
$uri = $this->idnaConvert->encode($domain['documentroot']);
if (substr($uri, -1) == '/') {
$uri = substr($uri, 0, -1);
}
$vhost_content .= "\t" . 'rewrite ^(.*) ' . $uri . '$1 permanent;' . "\n";
} else {
mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);
$vhost_content .= $this->getLogFiles($domain);
$vhost_content .= $this->getWebroot($domain, $ssl_vhost);
if ($this->_deactivated == false) {
if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
$vhost_content .= $this->composeSslSettings($domain);
}
$vhost_content = $this->mergeVhostCustom($vhost_content, $this->create_pathOptions($domain)) . "\n";
$vhost_content .= $this->composePhpOptions($domain, $ssl_vhost);
$vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : '';
if ($domain['specialsettings'] != "") {
$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));
}
if ($_vhost_content != '') {
$vhost_content = $this->mergeVhostCustom($vhost_content, $_vhost_content);
}
if (Settings::Get('system.default_vhostconf') != '') {
$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n");
}
}
}
$vhost_content .= "\n}\n\n";
return $vhost_content;
}
