public function ApacheVhostCreate($DomainName, $FarmID, $FarmRoleID, $DocumentRootDir, $EnableSSL, $SSLPrivateKey = null, $SSLCertificate = null) { $this->restrictAccess(Acl::RESOURCE_SERVICES_APACHE); $validator = new Scalr_Validator(); if ($validator->validateDomain($DomainName) !== true) { $err[] = _("Domain name is incorrect"); } $DBFarm = DBFarm::LoadByID($FarmID); if ($DBFarm->EnvID != $this->Environment->id) { throw new Exception(sprintf("Farm #%s not found", $FarmID)); } $this->user->getPermissions()->validate($DBFarm); $DBFarmRole = DBFarmRole::LoadByID($FarmRoleID); if ($DBFarm->ID != $DBFarmRole->FarmID) { throw new Exception(sprintf("FarmRole #%s not found on Farm #%s", $FarmRoleID, $FarmID)); } if (!$DocumentRootDir) { throw new Exception(_("DocumentRootDir required")); } $options = serialize(array("document_root" => trim($DocumentRootDir), "logs_dir" => "/var/log", "server_admin" => $this->user->getEmail())); $httpConfigTemplateSSL = @file_get_contents(dirname(__FILE__) . "/../../templates/services/apache/ssl.vhost.tpl"); $httpConfigTemplate = @file_get_contents(dirname(__FILE__) . "/../../templates/services/apache/nonssl.vhost.tpl"); $vHost = Scalr_Service_Apache_Vhost::init(); $vHost->envId = (int) $this->Environment->id; $vHost->clientId = $this->user->getAccountId(); $vHost->domainName = $DomainName; $vHost->isSslEnabled = $EnableSSL ? true : false; $vHost->farmId = $FarmID; $vHost->farmRoleId = $FarmRoleID; $vHost->httpdConf = $httpConfigTemplate; $vHost->templateOptions = $options; $this->DB->BeginTrans(); try { //SSL stuff if ($vHost->isSslEnabled) { $cert = new Entity\SslCertificate(); $cert->envId = $DBFarm->EnvID; $cert->name = $DomainName; $cert->privateKey = base64_decode($SSLPrivateKey); $cert->certificate = base64_decode($SSLCertificate); $cert->save(); $vHost->sslCertId = $cert->id; $vHost->httpdConfSsl = $httpConfigTemplateSSL; } else { $vHost->sslCertId = 0; } $vHost->save(); $this->DB->CommitTrans(); } catch (\Exception $e) { $this->DB->RollbackTrans(); throw new Exception('Error saving VHost. ' . $e->getMessage(), $e->getCode(), $e); } $servers = $DBFarm->GetServersByFilter(array('status' => array(SERVER_STATUS::INIT, SERVER_STATUS::RUNNING))); foreach ($servers as $DBServer) { if ($DBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::NGINX) || $DBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::APACHE)) { $DBServer->SendMessage(new Scalr_Messaging_Msg_VhostReconfigure()); } } $response = $this->CreateInitialResponse(); $response->Result = 1; return $response; }
/** * Save certificate (create new or update existing). * * @param string $name * @param int $id optional * @param int $privateKeyClear optional * @param int $certificateClear optional * @param int $caBundleClear optional * @param string $privateKeyPassword optional * @throws Scalr_Exception_Core * @throws Scalr_Exception_InsufficientPermissions * @throws Scalr_UI_Exception_NotFound * @throws \Scalr\Exception\ModelException */ public function xSaveAction($name, $id = null, $privateKeyClear = null, $certificateClear = null, $caBundleClear = null, $privateKeyPassword = null) { $this->request->restrictAccess(Acl::RESOURCE_SERVICES_SSL, Acl::PERM_SERVICES_SSL_MANAGE); $flagNew = false; if ($id) { /* @var \Scalr\Model\Entity\SslCertificate $cert */ $cert = Entity\SslCertificate::findPk($id); if (!$cert) { throw new Scalr_UI_Exception_NotFound(); } $this->user->getPermissions()->validate($cert); } else { $cert = new Entity\SslCertificate(); $cert->envId = $this->getEnvironmentId(); $flagNew = true; } $cert->name = $name; if (!$cert->name) { $this->request->addValidationErrors('name', 'Name can\'t be empty'); } $criteria = [['name' => $cert->name], ['envId' => $cert->envId]]; if ($id) { $criteria[] = ['id' => ['$ne' => $id]]; } if (Entity\SslCertificate::findOne($criteria)) { $this->request->addValidationErrors('name', 'Name must be unique.'); } if (!empty($_FILES['privateKey']['tmp_name'])) { $cert->privateKey = file_get_contents($_FILES['privateKey']['tmp_name']); } elseif ($privateKeyClear) { $cert->privateKey = null; } if ($privateKeyPassword) { if (!$cert->privateKey) { $this->request->addValidationErrors('privateKeyPassword', 'Private key password requires private key'); } else { if ($privateKeyPassword != '******') { $cert->privateKeyPassword = $privateKeyPassword; } } } else { $cert->privateKeyPassword = null; } if (!empty($_FILES['certificate']['tmp_name'])) { $cr = file_get_contents($_FILES['certificate']['tmp_name']); if (!openssl_x509_parse($cr, false)) { $this->request->addValidationErrors('certificate', 'Not valid certificate'); } else { $cert->certificate = $cr; } } elseif ($certificateClear) { $cert->certificate = null; } if (!empty($_FILES['caBundle']['tmp_name'])) { $bn = file_get_contents($_FILES['caBundle']['tmp_name']); if (!openssl_x509_parse($bn, false)) { $this->request->addValidationErrors('caBundle', 'Not valid certificate chain'); } else { $cert->caBundle = $bn; } } elseif ($caBundleClear) { $cert->caBundle = null; } if (!$cert->certificate) { $this->request->addValidationErrors('certificate', 'Certificate cannot be empty.'); } if (!$cert->privateKey) { $this->request->addValidationErrors('privateKey', 'Private key cannot be empty.'); } if (!$this->request->isValid()) { $this->response->data($this->request->getValidationErrors()); $this->response->failure(); } else { $cert->save(); if ($id) { try { // Update existing servers $res = $this->db->Execute("SELECT farm_roleid FROM farm_role_settings WHERE name='nginx.proxies' AND value LIKE '%ssl_certificate_id\":\"{$cert->id}%'"); while ($f = $res->FetchRow()) { $dbFarmRole = DBFarmRole::LoadByID($f['farm_roleid']); $servers = $dbFarmRole->GetServersByFilter(['status' => SERVER_STATUS::RUNNING]); foreach ($servers as $server) { $msg = new Scalr_Messaging_Msg_SSLCertificateUpdate(); $msg->id = $cert->id; $msg->certificate = $cert->certificate; $msg->cacertificate = $cert->caBundle; $msg->privateKey = $cert->privateKey; $server->SendMessage($msg, false, true); } } // Update apache server } catch (Exception $e) { } } $this->response->success('Certificate was successfully saved'); if ($flagNew) { $this->response->data(['cert' => $cert->getInfo()]); } } }