コード例 #1
0
 public function createOwnVhostStarter()
 {
     if (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.enabled_ownvhost') == '1') {
         $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
         // /var/www/froxlor, needed for chown
         $user = Settings::Get('phpfpm.vhost_httpuser');
         $group = Settings::Get('phpfpm.vhost_httpgroup');
         $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $user, 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
         // all the files and folders have to belong to the local user
         // now because we also use fcgid for our own vhost
         safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
         // get php.ini for our own vhost
         $php = new phpinterface($domain);
         // get php-config
         if (Settings::Get('phpfpm.enabled') == '1') {
             // fpm
             $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
         } else {
             // fcgid
             $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
         }
         // create starter-file | config-file
         $php->getInterface()->createConfig($phpconfig);
         // create php.ini (fpm does nothing here, as it
         // defines ini-settings in its pool config)
         $php->getInterface()->createIniFile($phpconfig);
     }
 }
コード例 #2
0
 public function createOwnVhostStarter()
 {
     if ($this->settings['phpfpm']['enabled'] == '1' && $this->settings['phpfpm']['enabled_ownvhost'] == '1') {
         $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
         // /var/www/froxlor, needed for chown
         $user = $this->settings['phpfpm']['vhost_httpuser'];
         $group = $this->settings['phpfpm']['vhost_httpgroup'];
         $domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $user, 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
         // all the files and folders have to belong to the local user
         // now because we also use fcgid for our own vhost
         safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
         // get php.ini for our own vhost
         $php = new phpinterface($this->getDB(), $this->settings, $domain);
         // @FIXME don't use fcgid settings, but we don't have anything else atm
         $phpconfig = $php->getPhpConfig($this->settings['system']['mod_fcgid_defaultini_ownvhost']);
         // create starter-file | config-file
         $php->getInterface()->createConfig($phpconfig);
         // create php.ini
         // @TODO make php-fpm support this
         $php->getInterface()->createIniFile($phpconfig);
     }
 }
コード例 #3
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
         } else {
             $ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
         }
         fwrite($this->debugHandler, '  apache::createIpPort: creating ip/port settings for  ' . $ipport . "\n");
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for  ' . $ipport);
         $vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->virtualhosts_data[$vhosts_filename])) {
             $this->virtualhosts_data[$vhosts_filename] = '';
         }
         if ($row_ipsandports['listen_statement'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
         }
         if ($row_ipsandports['namevirtualhost_statement'] == '1') {
             // >=apache-2.4 enabled?
             if (Settings::Get('system.apache24') == '1') {
                 $this->logger->logAction(CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4');
             } else {
                 $this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
                 $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
             }
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
             if ($row_ipsandports['docroot'] == '') {
                 /**
                  * add 'real'-vhost content here, like doc-root :)
                  */
                 if (Settings::Get('system.froxlordirectlyviahostname')) {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
                 } else {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
                 }
             } else {
                 // user-defined docroot, #417
                 $mypath = makeCorrectDir($row_ipsandports['docroot']);
             }
             $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
             if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
                 $this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
             }
             // create fcgid <Directory>-Part (starter is created in apache_fcgid)
             if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
                 $configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
                 $this->virtualhosts_data[$vhosts_filename] .= '  FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
                 if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
                     $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  ScriptAlias /php/ ' . $configdir . "\n";
                 } else {
                     $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                     $php = new phpinterface($domain);
                     $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
                     $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
                     $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                     $file_extensions = explode(' ', $phpconfig['file_extensions']);
                     $this->virtualhosts_data[$vhosts_filename] .= '    <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '      SetHandler fcgid-script' . "\n";
                     foreach ($file_extensions as $file_extension) {
                         $this->virtualhosts_data[$vhosts_filename] .= '      FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n";
                     }
                     $this->virtualhosts_data[$vhosts_filename] .= '      Options +ExecCGI' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    </FilesMatch>' . "\n";
                     // >=apache-2.4 enabled?
                     if (Settings::Get('system.apache24') == '1') {
                         $mypath_dir = new frxDirectory($mypath);
                         // only create the require all granted if there is not active directory-protection
                         // for this path, as this would be the first require and therefore grant all access
                         if ($mypath_dir->isUserProtected() == false) {
                             $this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
                         }
                     } else {
                         $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                     }
                     $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                 }
             } elseif (Settings::Get('phpfpm.enabled') == '1') {
                 $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                 $php = new phpinterface($domain);
                 $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
                 $srvName = substr(md5($ipport), 0, 4) . '.fpm.external';
                 if ($row_ipsandports['ssl']) {
                     $srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external';
                 }
                 // mod_proxy stuff for apache-2.4
                 if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
                     $this->virtualhosts_data[$vhosts_filename] .= '  <FilesMatch \\.php$>' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  </FilesMatch>' . "\n";
                 } else {
                     $this->virtualhosts_data[$vhosts_filename] .= '  FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                     $file_extensions = explode(' ', $phpconfig['file_extensions']);
                     $this->virtualhosts_data[$vhosts_filename] .= '   <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '     AddHandler php5-fastcgi .php' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '     Action php5-fastcgi /fastcgiphp' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '      Options +ExecCGI' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    </FilesMatch>' . "\n";
                     // >=apache-2.4 enabled?
                     if (Settings::Get('system.apache24') == '1') {
                         $mypath_dir = new frxDirectory($mypath);
                         // only create the require all granted if there is not active directory-protection
                         // for this path, as this would be the first require and therefore grant all access
                         if ($mypath_dir->isUserProtected() == false) {
                             $this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
                         }
                     } else {
                         $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                     }
                     $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
                 }
             }
             /**
             * dirprotection, see #72
             * @TODO deferred until 0.9.5, needs more testing
             $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
             
             $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
             $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
             * end of dirprotection
             */
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
             }
             if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
                 if ($row_ipsandports['ssl_cert_file'] == '') {
                     $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
                 }
                 if ($row_ipsandports['ssl_key_file'] == '') {
                     $row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
                 }
                 if ($row_ipsandports['ssl_ca_file'] == '') {
                     $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
                 }
                 // #418
                 if ($row_ipsandports['ssl_cert_chainfile'] == '') {
                     $row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
                 }
                 if ($row_ipsandports['ssl_cert_file'] != '') {
                     // check for existence, #1485
                     if (!file_exists($row_ipsandports['ssl_cert_file'])) {
                         $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate file "' . $row_ipsandports['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
                         echo $ipport . ' :: certificate file "' . $row_ipsandports['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
                     } else {
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
                         // this makes it more secure, thx to Marcel (08/2013)
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";
                         if ($row_ipsandports['ssl_key_file'] != '') {
                             // check for existence, #1485
                             if (!file_exists($row_ipsandports['ssl_key_file'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate key file "' . $row_ipsandports['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
                                 echo $ipport . ' :: certificate key file "' . $row_ipsandports['ssl_key_file'] . '" does not exist! SSL-directives might not be working' . "\n";
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n";
                             }
                         }
                         if ($row_ipsandports['ssl_ca_file'] != '') {
                             // check for existence, #1485
                             if (!file_exists($row_ipsandports['ssl_ca_file'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate CA file "' . $row_ipsandports['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
                                 echo $ipport . ' :: certificate CA file "' . $row_ipsandports['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n";
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
                             }
                         }
                         // #418
                         if ($row_ipsandports['ssl_cert_chainfile'] != '') {
                             // check for existence, #1485
                             if (!file_exists($row_ipsandports['ssl_cert_chainfile'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate chain file "' . $row_ipsandports['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives');
                                 echo $ipport . ' :: certificate chain file "' . $row_ipsandports['ssl_cert_chainfile'] . '" does not exist! SSL-directives might not be working' . "\n";
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= '  SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
                             }
                         }
                     }
                 }
             }
             $this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
         }
         unset($vhosts_filename);
     }
     /**
      * bug #32
      */
     $this->_createStandardDirectoryEntry();
     /**
      * bug #unknown-yet
      */
     $this->_createStandardErrorHandler();
 }
コード例 #4
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ip = '[' . $row_ipsandports['ip'] . ']';
             $port = $row_ipsandports['port'];
             $ipv6 = 'server.use-ipv6 = "enable"' . "\n";
         } else {
             $ip = $row_ipsandports['ip'];
             $port = $row_ipsandports['port'];
             $ipv6 = '';
         }
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::createIpPort: creating ip/port settings for  ' . $ip . ":" . $port);
         $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->lighttpd_data[$vhost_filename])) {
             $this->lighttpd_data[$vhost_filename] = '';
         }
         $this->lighttpd_data[$vhost_filename] .= '$SERVER["socket"] == "' . $ip . ':' . $port . '" {' . "\n";
         if ($row_ipsandports['listen_statement'] == '1') {
             $this->lighttpd_data[$vhost_filename] .= 'server.port = ' . $port . "\n";
             $this->lighttpd_data[$vhost_filename] .= 'server.bind = "' . $ip . '"' . "\n";
             $this->lighttpd_data[$vhost_filename] .= $ipv6;
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $myhost = str_replace('.', '\\.', Settings::Get('system.hostname'));
             $this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
             $this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\\.|)' . $myhost . '$" {' . "\n";
             $mypath = $this->getMyPath($row_ipsandports);
             $this->lighttpd_data[$vhost_filename] .= '  server.document-root = "' . $mypath . '"' . "\n";
             $is_redirect = false;
             // check for SSL redirect
             if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
                 $is_redirect = true;
                 // check whether froxlor uses Let's Encrypt and not cert is being generated yet
                 // or a renew is ongoing - disable redirect
                 if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
                     $this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
                     $is_redirect = false;
                 } else {
                     $_sslport = $this->checkAlternativeSslPort();
                     $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
                     $this->lighttpd_data[$vhost_filename] .= '  url.redirect = (' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= '     "^/(.*)$" => "' . $mypath . '$1"' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
                 }
             }
             if (!$is_redirect) {
                 /**
                  * dirprotection, see #72
                  *
                  * @todo use better regex for this, deferred until 0.9.5
                  *
                  *       $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
                  *       $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n";
                  *       $this->lighttpd_data[$vhost_filename].= ' }' . "\n";
                  */
                 /**
                  * own php-fpm vhost
                  */
                 if ((int) Settings::Get('phpfpm.enabled') == 1) {
                     $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                     $php = new phpinterface($domain);
                     $this->lighttpd_data[$vhost_filename] .= '  fastcgi.server = ( ' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
                 }
             }
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
             }
             $this->lighttpd_data[$vhost_filename] .= '}' . "\n";
         }
         if ($row_ipsandports['ssl'] == '1') {
             if ($row_ipsandports['ssl_cert_file'] == '') {
                 $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
             }
             if ($row_ipsandports['ssl_ca_file'] == '') {
                 $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
             }
             $domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
             // override corresponding array values
             $domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
             $domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
             $domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
             $domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
             // SSL STUFF
             $dssl = new DomainSSL();
             // this sets the ssl-related array-indices in the $domain array
             // if the domain has customer-defined ssl-certificates
             $dssl->setDomainSSLFilesArray($domain);
             if ($domain['ssl_cert_file'] != '') {
                 // check for existence, #1485
                 if (!file_exists($domain['ssl_cert_file'])) {
                     $this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
                     echo $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
                 } else {
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
                     if ($domain['ssl_ca_file'] != '') {
                         // check for existence, #1485
                         if (!file_exists($domain['ssl_ca_file'])) {
                             $this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
                             echo $ip . ':' . port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n";
                         } else {
                             $this->lighttpd_data[$vhost_filename] .= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
                         }
                     }
                 }
             }
         }
         /**
          * this function will create a new file which will be included
          * if Settings::Get('system.apacheconf_vhost') is a folder
          * refs #70
          */
         $vhosts = $this->createLighttpdHosts($row_ipsandports['id'], $row_ipsandports['ssl'], $vhost_filename);
         if ($vhosts !== null && is_array($vhosts) && isset($vhosts[0])) {
             // sort vhosts by number (subdomains first!)
             sort($vhosts);
             foreach ($vhosts as $vhost) {
                 $this->lighttpd_data[$vhost_filename] .= ' include "' . $vhost . '"' . "\n";
             }
         }
         $this->lighttpd_data[$vhost_filename] .= '}' . "\n";
     }
     /**
      * bug #unknown-yet
      */
     $this->_createStandardErrorHandler();
 }
コード例 #5
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("\n\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC\n\t\t");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ip = '[' . $row_ipsandports['ip'] . ']';
         } else {
             $ip = $row_ipsandports['ip'];
         }
         $port = $row_ipsandports['port'];
         fwrite($this->debugHandler, '  nginx::createIpPort: creating ip/port settings for  ' . $ip . ":" . $port . "\n");
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for  ' . $ip . ":" . $port);
         $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->nginx_data[$vhost_filename])) {
             $this->nginx_data[$vhost_filename] = '';
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
             // check for ssl before anything else so
             // we know whether it's an ssl vhost or not
             $ssl_vhost = false;
             if ($row_ipsandports['ssl'] == '1') {
                 if ($row_ipsandports['ssl_cert_file'] == '') {
                     $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
                 }
                 if ($row_ipsandports['ssl_key_file'] == '') {
                     $row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
                 }
                 if ($row_ipsandports['ssl_ca_file'] == '') {
                     $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
                 }
                 if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {
                     $ssl_vhost = true;
                 }
             }
             /**
              * this HAS to be set for the default host in nginx or else no vhost will work
              */
             $this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'access_log      /var/log/nginx/access.log;' . "\n";
             $mypath = '';
             // no custom docroot set?
             if ($row_ipsandports['docroot'] == '') {
                 // check whether the hostname should directly point to
                 // the froxlor-installation or not
                 if (Settings::Get('system.froxlordirectlyviahostname')) {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
                 } else {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
                 }
             } else {
                 // user-defined docroot, #417
                 $mypath = makeCorrectDir($row_ipsandports['docroot']);
             }
             $this->nginx_data[$vhost_filename] .= "\t" . 'root     ' . $mypath . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t\t" . 'index    index.php index.html index.htm;' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array('domain' => Settings::Get('system.hostname'), 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), 'documentroot' => $mypath), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
             }
             /**
              * SSL config options
              */
             if ($row_ipsandports['ssl'] == '1') {
                 $row_ipsandports['domain'] = Settings::Get('system.hostname');
                 $this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
             }
             $this->nginx_data[$vhost_filename] .= "\tlocation ~ \\.php {\n";
             $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\\.php)(/.+)\$;\n";
             $this->nginx_data[$vhost_filename] .= "\t\tinclude fastcgi_params;\n";
             $this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
             $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
             $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
             $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
             if ($row_ipsandports['ssl'] == '1') {
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
             }
             if ((int) Settings::Get('phpfpm.enabled') == 1 && (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
                 $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                 $php = new phpinterface($domain);
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
             } else {
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
             }
             $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
             $this->nginx_data[$vhost_filename] .= "\t}\n";
             $this->nginx_data[$vhost_filename] .= "}\n\n";
             // End of Froxlor server{}-part
         }
     }
     $this->createNginxHosts();
     /**
      * standard error pages
      */
     $this->_createStandardErrorHandler();
 }
コード例 #6
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ip = '[' . $row_ipsandports['ip'] . ']';
             $port = $row_ipsandports['port'];
             $ipv6 = 'server.use-ipv6 = "enable"' . "\n";
         } else {
             $ip = $row_ipsandports['ip'];
             $port = $row_ipsandports['port'];
             $ipv6 = '';
         }
         fwrite($this->debugHandler, '  lighttpd::createIpPort: creating ip/port settings for  ' . $ip . ":" . $port . "\n");
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for  ' . $ip . ":" . $port);
         $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->lighttpd_data[$vhost_filename])) {
             $this->lighttpd_data[$vhost_filename] = '';
         }
         $this->lighttpd_data[$vhost_filename] .= '$SERVER["socket"] == "' . $ip . ':' . $port . '" {' . "\n";
         if ($row_ipsandports['listen_statement'] == '1') {
             $this->lighttpd_data[$vhost_filename] .= 'server.port = ' . $port . "\n";
             $this->lighttpd_data[$vhost_filename] .= 'server.bind = "' . $ip . '"' . "\n";
             $this->lighttpd_data[$vhost_filename] .= $ipv6;
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $myhost = str_replace('.', '\\.', Settings::Get('system.hostname'));
             $this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
             $this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\\.|)' . $myhost . '$" {' . "\n";
             if ($row_ipsandports['docroot'] == '') {
                 if (Settings::Get('system.froxlordirectlyviahostname')) {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
                 } else {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
                 }
             } else {
                 // user-defined docroot, #417
                 $mypath = makeCorrectDir($row_ipsandports['docroot']);
             }
             $this->lighttpd_data[$vhost_filename] .= '  server.document-root = "' . $mypath . '"' . "\n";
             /**
             * dirprotection, see #72
             * @TODO use better regex for this, deferred until 0.9.5
             *
             $this->lighttpd_data[$vhost_filename].= '  $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
             $this->lighttpd_data[$vhost_filename].= '    url.access-deny = ("")' . "\n";
             $this->lighttpd_data[$vhost_filename].= '  }' . "\n";
             */
             /**
              * own php-fpm vhost
              */
             if ((int) Settings::Get('phpfpm.enabled') == 1) {
                 $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                 $php = new phpinterface($domain);
                 $this->lighttpd_data[$vhost_filename] .= '  fastcgi.server = ( ' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t" . '".php" => (' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"localhost" => (' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"socket" => "' . $php->getInterface()->getSocketFile() . '",' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"check-local" => "enable",' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t\t" . '"disable-time" => 1' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
             }
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->lighttpd_data[$vhost_filename] .= $row_ipsandports['specialsettings'] . "\n";
             }
             $this->lighttpd_data[$vhost_filename] .= '}' . "\n";
         }
         if ($row_ipsandports['ssl'] == '1') {
             if ($row_ipsandports['ssl_cert_file'] == '') {
                 $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
             }
             if ($row_ipsandports['ssl_ca_file'] == '') {
                 $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
             }
             if ($row_ipsandports['ssl_cert_file'] != '') {
                 $this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
                 $this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
                 if ($row_ipsandports['ssl_ca_file'] != '') {
                     $this->lighttpd_data[$vhost_filename] .= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
                 }
             }
         }
         /**
          * this function will create a new file which will be included
          * if Settings::Get('system.apacheconf_vhost') is a folder
          * refs #70
          */
         $vhosts = $this->createLighttpdHosts($row_ipsandports['id'], $row_ipsandports['ssl'], $vhost_filename);
         if ($vhosts !== null && is_array($vhosts) && isset($vhosts[0])) {
             // sort vhosts by number (subdomains first!)
             sort($vhosts);
             foreach ($vhosts as $vhost) {
                 $this->lighttpd_data[$vhost_filename] .= ' include "' . $vhost . '"' . "\n";
             }
         }
         $this->lighttpd_data[$vhost_filename] .= '}' . "\n";
     }
     /**
      * bug #unknown-yet
      */
     $this->_createStandardErrorHandler();
 }
コード例 #7
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
         } else {
             $ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
         }
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::createIpPort: creating ip/port settings for  ' . $ipport);
         $vhosts_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->virtualhosts_data[$vhosts_filename])) {
             $this->virtualhosts_data[$vhosts_filename] = '';
         }
         if ($row_ipsandports['listen_statement'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
         }
         if ($row_ipsandports['namevirtualhost_statement'] == '1') {
             // >=apache-2.4 enabled?
             if (Settings::Get('system.apache24') == '1') {
                 $this->logger->logAction(CRON_ACTION, LOG_NOTICE, $ipport . ' :: namevirtualhost-statement no longer needed for apache-2.4');
             } else {
                 $this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
                 $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
             }
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $without_vhost = $this->virtualhosts_data[$vhosts_filename];
             $close_vhost = true;
             $this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
             $mypath = $this->getMyPath($row_ipsandports);
             $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
             if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
                 $this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
             }
             $is_redirect = false;
             // check for SSL redirect
             if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
                 $is_redirect = true;
                 // check whether froxlor uses Let's Encrypt and not cert is being generated yet
                 // or a renew is ongoing - disable redirect
                 if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
                     $this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
                     $is_redirect = false;
                 } else {
                     $_sslport = $this->checkAlternativeSslPort();
                     $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
                     $code = '301';
                     $modrew_red = ' [R=' . $code . ';L,NE]';
                     // redirect everything, not only root-directory, #541
                     $this->virtualhosts_data[$vhosts_filename] .= '  <IfModule mod_rewrite.c>' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    RewriteEngine On' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    RewriteCond %{HTTPS} off' . "\n";
                     if (Settings::Get('system.le_froxlor_enabled') == '1') {
                         $this->virtualhosts_data[$vhosts_filename] .= '    RewriteCond %{REQUEST_URI} !^/\\.well-known/acme-challenge' . "\n";
                     }
                     $this->virtualhosts_data[$vhosts_filename] .= '    RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  </IfModule>' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  <IfModule !mod_rewrite.c>' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    Redirect ' . $code . ' / ' . $mypath . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  </IfModule>' . "\n";
                 }
             }
             if (!$is_redirect) {
                 // create fcgid <Directory>-Part (starter is created in apache_fcgid)
                 if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
                     $configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
                     $this->virtualhosts_data[$vhosts_filename] .= '  FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
                     if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
                         $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  ScriptAlias /php/ ' . $configdir . "\n";
                     } else {
                         $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                         $php = new phpinterface($domain);
                         $phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
                         $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
                         $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                         $file_extensions = explode(' ', $phpconfig['file_extensions']);
                         $this->virtualhosts_data[$vhosts_filename] .= '    <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '      SetHandler fcgid-script' . "\n";
                         foreach ($file_extensions as $file_extension) {
                             $this->virtualhosts_data[$vhosts_filename] .= '      FcgidWrapper ' . $starter_filename . ' .' . $file_extension . "\n";
                         }
                         $this->virtualhosts_data[$vhosts_filename] .= '      Options +ExecCGI' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '    </FilesMatch>' . "\n";
                         // >=apache-2.4 enabled?
                         if (Settings::Get('system.apache24') == '1') {
                             $mypath_dir = new frxDirectory($mypath);
                             // only create the require all granted if there is not active directory-protection
                             // for this path, as this would be the first require and therefore grant all access
                             if ($mypath_dir->isUserProtected() == false) {
                                 $this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
                                 $this->virtualhosts_data[$vhosts_filename] .= '    AllowOverride All' . "\n";
                             }
                         } else {
                             $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                             $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                         }
                         $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                     }
                 } elseif (Settings::Get('phpfpm.enabled') == '1') {
                     // create php-fpm <Directory>-Part (config is created in apache_fcgid)
                     $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                     $php = new phpinterface($domain);
                     $phpconfig = $php->getPhpConfig(Settings::Get('phpfpm.vhost_defaultini'));
                     $srvName = substr(md5($ipport), 0, 4) . '.fpm.external';
                     if ($row_ipsandports['ssl']) {
                         $srvName = substr(md5($ipport), 0, 4) . '.ssl-fpm.external';
                     }
                     // mod_proxy stuff for apache-2.4
                     if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
                         $this->virtualhosts_data[$vhosts_filename] .= '  <FilesMatch \\.php$>' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  </FilesMatch>' . "\n";
                     } else {
                         $this->virtualhosts_data[$vhosts_filename] .= '  FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                         $file_extensions = explode(' ', $phpconfig['file_extensions']);
                         $this->virtualhosts_data[$vhosts_filename] .= '   <FilesMatch "\\.(' . implode('|', $file_extensions) . ')$">' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '     AddHandler php5-fastcgi .php' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '     Action php5-fastcgi /fastcgiphp' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '      Options +ExecCGI' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '    </FilesMatch>' . "\n";
                         // >=apache-2.4 enabled?
                         if (Settings::Get('system.apache24') == '1') {
                             $mypath_dir = new frxDirectory($mypath);
                             // only create the require all granted if there is not active directory-protection
                             // for this path, as this would be the first require and therefore grant all access
                             if ($mypath_dir->isUserProtected() == false) {
                                 $this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
                                 $this->virtualhosts_data[$vhosts_filename] .= '    AllowOverride All' . "\n";
                             }
                         } else {
                             $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                             $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                         }
                         $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= '  Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
                     }
                 } else {
                     // mod_php
                     $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'guid' => Settings::Get('system.httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                 }
             }
             // end of ssl-redirect check
             /**
              * dirprotection, see #72
              *
              * @todo deferred until 0.9.5, needs more testing
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
              *
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
              *       $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
              *       end of dirprotection
              */
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
             }
             if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
                 if ($row_ipsandports['ssl_cert_file'] == '') {
                     $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
                 }
                 if ($row_ipsandports['ssl_key_file'] == '') {
                     $row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
                 }
                 if ($row_ipsandports['ssl_ca_file'] == '') {
                     $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
                 }
                 // #418
                 if ($row_ipsandports['ssl_cert_chainfile'] == '') {
                     $row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
                 }
                 $domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
                 // override corresponding array values
                 $domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
                 $domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
                 $domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
                 $domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
                 // SSL STUFF
                 $dssl = new DomainSSL();
                 // this sets the ssl-related array-indices in the $domain array
                 // if the domain has customer-defined ssl-certificates
                 $dssl->setDomainSSLFilesArray($domain);
                 if ($domain['ssl_cert_file'] != '') {
                     // check for existence, #1485
                     if (!file_exists($domain['ssl_cert_file'])) {
                         $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
                     } else {
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
                         // this makes it more secure, thx to Marcel (08/2013)
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
                         if ($domain['ssl_key_file'] != '') {
                             // check for existence, #1485
                             if (!file_exists($domain['ssl_key_file'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "' . $domain['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
                             }
                         }
                         if ($domain['ssl_ca_file'] != '') {
                             // check for existence, #1485
                             if (!file_exists($domain['ssl_ca_file'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
                             }
                         }
                         // #418
                         if ($domain['ssl_cert_chainfile'] != '') {
                             // check for existence, #1485
                             if (!file_exists($domain['ssl_cert_chainfile'])) {
                                 $this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "' . $domain['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives');
                             } else {
                                 $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
                             }
                         }
                     }
                 } else {
                     // if there is no cert-file specified but we are generating a ssl-vhost,
                     // we should return an empty string because this vhost would suck dick, ref #1583
                     $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');
                     $this->virtualhosts_data[$vhosts_filename] = $without_vhost;
                     $this->virtualhosts_data[$vhosts_filename] .= '# no ssl-certificate was specified for this domain, therefore no explicit vhost-container is being generated';
                     $close_vhost = false;
                 }
             }
             if ($close_vhost) {
                 $this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
             }
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
         }
         unset($vhosts_filename);
     }
     /**
      * bug #32
      */
     $this->_createStandardDirectoryEntry();
     /**
      * bug #unknown-yet
      */
     $this->_createStandardErrorHandler();
 }
コード例 #8
0
 public function createIpPort()
 {
     $result_ipsandports = $this->db->query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
     while ($row_ipsandports = $this->db->fetch_array($result_ipsandports)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ipport = '[' . $row_ipsandports['ip'] . ']:' . $row_ipsandports['port'];
         } else {
             $ipport = $row_ipsandports['ip'] . ':' . $row_ipsandports['port'];
         }
         fwrite($this->debugHandler, '  apache::createIpPort: creating ip/port settings for  ' . $ipport . "\n");
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for  ' . $ipport);
         $vhosts_filename = makeCorrectFile($this->settings['system']['apacheconf_vhost'] . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->virtualhosts_data[$vhosts_filename])) {
             $this->virtualhosts_data[$vhosts_filename] = '';
         }
         if ($row_ipsandports['listen_statement'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= 'Listen ' . $ipport . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted listen-statement');
         }
         if ($row_ipsandports['namevirtualhost_statement'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= 'NameVirtualHost ' . $ipport . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted namevirtualhost-statement');
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
             if ($row_ipsandports['docroot'] == '') {
                 /**
                  * add 'real'-vhost content here, like doc-root :)
                  */
                 if ($this->settings['system']['froxlordirectlyviahostname']) {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
                 } else {
                     $mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
                 }
             } else {
                 // user-defined docroot, #417
                 $mypath = makeCorrectDir($row_ipsandports['docroot']);
             }
             $this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
             if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
                 $this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . $this->settings['system']['hostname'] . "\n";
             }
             // create fcgid <Directory>-Part (starter is created in apache_fcgid)
             if ($this->settings['system']['mod_fcgid_ownvhost'] == '1' && $this->settings['system']['mod_fcgid'] == '1') {
                 $configdir = makeCorrectDir($this->settings['system']['mod_fcgid_configdir'] . '/froxlor.panel/' . $this->settings['system']['hostname']);
                 $this->virtualhosts_data[$vhosts_filename] .= '  FcgidIdleTimeout ' . $this->settings['system']['mod_fcgid_idle_timeout'] . "\n";
                 if ((int) $this->settings['system']['mod_fcgid_wrapper'] == 0) {
                     $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  ScriptAlias /php/ ' . $configdir . "\n";
                 } else {
                     $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter');
                     $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    AddHandler fcgid-script .php' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    FCGIWrapper ' . $starter_filename . ' .php' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    Options +ExecCGI' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                 }
             } elseif ($this->settings['phpfpm']['enabled'] == '1') {
                 $domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $this->settings['phpfpm']['vhost_httpuser'], 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                 $php = new phpinterface($this->getDB(), $this->settings, $domain);
                 $this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . $this->settings['system']['mod_fcgid_httpuser'] . '" "' . $this->settings['system']['mod_fcgid_httpgroup'] . '"' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '  FastCgiExternalServer ' . $mypath . $domain['domain'] . "." . 'fpm.external -socket ' . $php->getInterface()->getSocketFile() . ' -user ' . $this->settings['system']['mod_fcgid_httpuser'] . ' -group ' . $this->settings['system']['mod_fcgid_httpuser'] . " -idle-timeout " . $this->settings['phpfpm']['idle_timeout'] . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '    AddHandler php5-fastcgi .php' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '    Action php5-fastcgi /fastcgiphp' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '    Options +ExecCGI' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
                 $this->virtualhosts_data[$vhosts_filename] .= '  Alias /fastcgiphp ' . $mypath . $domain['domain'] . "." . 'fpm.external' . "\n";
             }
             /**
             * dirprotection, see #72
             * @TODO deferred until 0.9.5, needs more testing
             				$this->virtualhosts_data[$vhosts_filename].= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t\tAllow from all\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t\tOptions -Indexes\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t</Directory>\n";
             				
             				$this->virtualhosts_data[$vhosts_filename].= "\t<Directory \"'.$mypath.'*\">\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t\tOrder Deny,Allow\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t\tDeny from All\n";
             				$this->virtualhosts_data[$vhosts_filename].= "\t</Directory>\n";
             * end of dirprotection
             */
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->virtualhosts_data[$vhosts_filename] .= $row_ipsandports['specialsettings'] . "\n";
             }
             if ($row_ipsandports['ssl'] == '1' && $this->settings['system']['use_ssl'] == '1') {
                 if ($row_ipsandports['ssl_cert_file'] == '') {
                     $row_ipsandports['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
                 }
                 if ($row_ipsandports['ssl_key_file'] == '') {
                     $row_ipsandports['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
                 }
                 if ($row_ipsandports['ssl_ca_file'] == '') {
                     $row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
                 }
                 // #418
                 if ($row_ipsandports['ssl_cert_chainfile'] == '') {
                     $row_ipsandports['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
                 }
                 if ($row_ipsandports['ssl_cert_file'] != '') {
                     $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
                     $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";
                     if ($row_ipsandports['ssl_key_file'] != '') {
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n";
                     }
                     if ($row_ipsandports['ssl_ca_file'] != '') {
                         $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
                     }
                     // #418
                     if ($row_ipsandports['ssl_cert_chainfile'] != '') {
                         $this->virtualhosts_data[$vhosts_filename] .= '  SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
                     }
                 }
             }
             $this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
             $this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
         }
         unset($vhosts_filename);
     }
     /**
      * bug #32
      */
     $this->_createStandardDirectoryEntry();
     /**
      * bug #unknown-yet
      */
     $this->_createStandardErrorHandler();
 }
コード例 #9
0
 public function createIpPort()
 {
     $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC";
     $result_ipsandports = $this->db->query($query);
     while ($row_ipsandports = $this->db->fetch_array($result_ipsandports)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ip = '[' . $row_ipsandports['ip'] . ']';
             $port = $row_ipsandports['port'];
         } else {
             $ip = $row_ipsandports['ip'];
             $port = $row_ipsandports['port'];
         }
         fwrite($this->debugHandler, '  nginx::createIpPort: creating ip/port settings for  ' . $ip . ":" . $port . "\n");
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'creating ip/port settings for  ' . $ip . ":" . $port);
         $vhost_filename = makeCorrectFile($this->settings['system']['apacheconf_vhost'] . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->nginx_data[$vhost_filename])) {
             $this->nginx_data[$vhost_filename] = '';
         }
         $this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
         /**
          * this HAS to be set for the default host in nginx or else no vhost will work
          */
         $this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default;' . "\n";
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . $this->settings['system']['hostname'] . ';' . "\n";
         }
         $this->nginx_data[$vhost_filename] .= "\t" . 'access_log      /var/log/nginx/access.log;' . "\n";
         $mypath = '';
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
             $this->nginx_data[$vhost_filename] .= "\t" . 'root     ' . $mypath . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t\t" . 'index    index.php index.html index.htm;' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->nginx_data[$vhost_filename] .= $row_ipsandports['specialsettings'] . "\n";
             }
         }
         /**
          * SSL config options
          */
         if ($row_ipsandports['ssl'] == '1') {
             if ($row_ipsandports['ssl_cert_file'] == '') {
                 $row_ipsandports['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
             }
             if ($row_ipsandports['ssl_key_file'] == '') {
                 $row_ipsandports['ssl_key_file'] = $this->settings['system']['ssl_key_file'];
             }
             if ($row_ipsandports['ssl_ca_file'] == '') {
                 $row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
             }
             if ($row_ipsandports['ssl_cert_file'] != '') {
                 $this->nginx_data[$vhost_filename] .= "\t" . 'ssl on;' . "\n";
                 $this->nginx_data[$vhost_filename] .= "\t" . 'ssl_certificate ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . ';' . "\n";
                 $this->nginx_data[$vhost_filename] .= "\t" . 'ssl_certificate_key ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . ';' . "\n";
                 if ($row_ipsandports['ssl_ca_file'] != '') {
                     $this->nginx_data[$vhost_filename] .= 'ssl_client_certificate ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . ';' . "\n";
                 }
             }
         }
         $this->nginx_data[$vhost_filename] .= "\t" . 'location ~ \\.php$ {' . "\n";
         $this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_index index.php;' . "\n";
         $this->nginx_data[$vhost_filename] .= "\t\t" . 'include /etc/nginx/fastcgi_params;' . "\n";
         $this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' . "\n";
         if ($row_ipsandports['ssl'] == '1') {
             $this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_param HTTPS on;' . "\n";
         }
         if ((int) $this->settings['phpfpm']['enabled'] == 1 && (int) $this->settings['phpfpm']['enabled_ownvhost'] == 1) {
             $domain = array('id' => 'none', 'domain' => $this->settings['system']['hostname'], 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => $this->settings['phpfpm']['vhost_httpuser'], 'openbasedir' => 0, 'safemode' => '0', 'email' => $this->settings['panel']['adminmail'], 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
             $php = new phpinterface($this->getDB(), $this->settings, $domain);
             $this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_pass unix:' . $php->getInterface()->getSocketFile() . ';' . "\n";
         } else {
             $this->nginx_data[$vhost_filename] .= "\t\t" . 'fastcgi_pass ' . $this->settings['system']['nginx_php_backend'] . ';' . "\n";
         }
         $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
         $this->nginx_data[$vhost_filename] .= '}' . "\n\n";
         // End of Froxlor server{}-part
         $this->createNginxHosts($row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'], $vhost_filename);
     }
     /**
      * standard error pages
      */
     $this->_createStandardErrorHandler();
 }
コード例 #10
0
 public function createIpPort()
 {
     $result_ipsandports_stmt = Database::query("\n\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC\n\t\t");
     while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
         if (filter_var($row_ipsandports['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
             $ip = '[' . $row_ipsandports['ip'] . ']';
         } else {
             $ip = $row_ipsandports['ip'];
         }
         $port = $row_ipsandports['port'];
         $this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::createIpPort: creating ip/port settings for  ' . $ip . ":" . $port);
         $vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/10_froxlor_ipandport_' . trim(str_replace(':', '.', $row_ipsandports['ip']), '.') . '.' . $row_ipsandports['port'] . '.conf');
         if (!isset($this->nginx_data[$vhost_filename])) {
             $this->nginx_data[$vhost_filename] = '';
         }
         if ($row_ipsandports['vhostcontainer'] == '1') {
             $this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
             $mypath = $this->getMyPath($row_ipsandports);
             // check for ssl before anything else so
             // we know whether it's an ssl vhost or not
             $ssl_vhost = false;
             if ($row_ipsandports['ssl'] == '1') {
                 if ($row_ipsandports['ssl_cert_file'] == '') {
                     $row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
                 }
                 if ($row_ipsandports['ssl_key_file'] == '') {
                     $row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
                 }
                 if ($row_ipsandports['ssl_ca_file'] == '') {
                     $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
                 }
                 if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {
                     $ssl_vhost = true;
                 }
                 $domain = array('id' => 0, 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'loginname' => 'froxlor.panel', 'documentroot' => $mypath, 'parentdomainid' => 0);
                 // override corresponding array values
                 $domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
                 $domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
                 $domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
                 $domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
                 // SSL STUFF
                 $dssl = new DomainSSL();
                 // this sets the ssl-related array-indices in the $domain array
                 // if the domain has customer-defined ssl-certificates
                 $dssl->setDomainSSLFilesArray($domain);
                 if ($domain['ssl_cert_file'] != '' && file_exists($domain['ssl_cert_file'])) {
                     // override corresponding array values
                     $row_ipsandports['ssl_cert_file'] = $domain['ssl_cert_file'];
                     $row_ipsandports['ssl_key_file'] = $domain['ssl_key_file'];
                     $row_ipsandports['ssl_ca_file'] = $domain['ssl_ca_file'];
                     $row_ipsandports['ssl_cert_chainfile'] = $domain['ssl_cert_chainfile'];
                     $ssl_vhost = true;
                 }
             }
             /**
              * this HAS to be set for the default host in nginx or else no vhost will work
              */
             $this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
             $this->nginx_data[$vhost_filename] .= "\t" . 'access_log      /var/log/nginx/access.log;' . "\n";
             $is_redirect = false;
             // check for SSL redirect
             if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
                 $is_redirect = true;
                 // check whether froxlor uses Let's Encrypt and not cert is being generated yet
                 // or a renew is ongoing - disable redirect
                 if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
                     $this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
                     $is_redirect = false;
                 } else {
                     $_sslport = $this->checkAlternativeSslPort();
                     $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
                     $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\\.well-known/acme-challenge/\\w+$") {' . "\n";
                     $this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
                     $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
                 }
             }
             if (!$is_redirect) {
                 $this->nginx_data[$vhost_filename] .= "\t" . 'root     ' . $mypath . ';' . "\n";
                 $this->nginx_data[$vhost_filename] .= "\t" . 'index    index.php index.html index.htm;' . "\n\n";
                 $this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
                 $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
             }
             if ($row_ipsandports['specialsettings'] != '') {
                 $this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array('domain' => Settings::Get('system.hostname'), 'loginname' => Settings::Get('phpfpm.vhost_httpuser'), 'documentroot' => $mypath), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
             }
             /**
              * SSL config options
              */
             if ($row_ipsandports['ssl'] == '1') {
                 $row_ipsandports['domain'] = Settings::Get('system.hostname');
                 $this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
             }
             if (!$is_redirect) {
                 $this->nginx_data[$vhost_filename] .= "\tlocation ~ \\.php {\n";
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\\.php)(/.+)\$;\n";
                 $this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
                 $this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
                 if ($row_ipsandports['ssl'] == '1') {
                     $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
                 }
                 if ((int) Settings::Get('phpfpm.enabled') == 1 && (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
                     $domain = array('id' => 'none', 'domain' => Settings::Get('system.hostname'), 'adminid' => 1, 'mod_fcgid_starter' => -1, 'mod_fcgid_maxrequests' => -1, 'guid' => Settings::Get('phpfpm.vhost_httpuser'), 'openbasedir' => 0, 'email' => Settings::Get('panel.adminmail'), 'loginname' => 'froxlor.panel', 'documentroot' => $mypath);
                     $php = new phpinterface($domain);
                     $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:" . $php->getInterface()->getSocketFile() . ";\n";
                 } else {
                     $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
                 }
                 $this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
                 $this->nginx_data[$vhost_filename] .= "\t}\n";
             }
             $this->nginx_data[$vhost_filename] .= "}\n\n";
             // End of Froxlor server{}-part
         }
     }
     $this->createNginxHosts();
     /**
      * standard error pages
      */
     $this->_createStandardErrorHandler();
 }