protected function getVhostContent($domain, $ssl_vhost = false, $ipid) { if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') { return ''; } $vhost_content = ''; $vhost_content .= $this->getServerNames($domain) . " {\n"; // respect ssl_redirect settings, #542 if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') { // We must not check if our port differs from port 443, // but if there is a destination-port != 443 $_sslport = ''; // This returns the first port that is != 443 with ssl enabled, if any // ordered by ssl-certificate (if any) so that the ip/port combo // with certificate is used $ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;"); $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id'])); if ($ssldestport['port'] != '') { $_sslport = ":" . $ssldestport['port']; } $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } // avoid using any whitespaces $domain['documentroot'] = trim($domain['documentroot']); if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) { $vhost_content .= ' url.redirect = (' . "\n"; $vhost_content .= ' "^/(.*)$" => "' . $this->idnaConvert->encode_uri($domain['documentroot']) . '$1"' . "\n"; $vhost_content .= ' )' . "\n"; } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true); $only_webroot = false; if ($ssl_vhost === false && $domain['ssl_redirect'] == '1') { $only_webroot = true; } $vhost_content .= $this->getWebroot($domain, $ssl_vhost); if (!$only_webroot) { if ($this->_deactivated == false) { $vhost_content .= $this->create_htaccess($domain); $vhost_content .= $this->create_pathOptions($domain); $vhost_content .= $this->composePhpOptions($domain); $vhost_content .= $this->getStats($domain); $ipandport_stmt = Database::prepare("\n\t\t\t\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "`\n\t\t\t\t\t\tWHERE `id` = :id\n\t\t\t\t\t"); $ipandport = Database::pexecute_first($ipandport_stmt, array('id' => $ipid)); $domain['ip'] = $ipandport['ip']; $domain['port'] = $ipandport['port']; $domain['ssl_cert_file'] = $ipandport['ssl_cert_file']; $domain['ssl_key_file'] = $ipandport['ssl_key_file']; $domain['ssl_ca_file'] = $ipandport['ssl_ca_file']; // #418 $domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile']; // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); $vhost_content .= $this->getSslSettings($domain, $ssl_vhost); if ($domain['specialsettings'] != "") { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } if ($ipandport['default_vhostconf_domain'] != '') { $vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } if (Settings::Get('system.default_vhostconf') != '') { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } } $vhost_content .= $this->getLogFiles($domain); } } $vhost_content .= '}' . "\n"; return $vhost_content; }
/** * We compose the virtualhost entry for one domain */ protected function getVhostContent($domain, $ssl_vhost = false) { if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) { return ''; } $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) { // by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields $query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;"; } else { $query .= "AND i.ssl = '0';"; } $vhost_content = ''; $result_stmt = Database::prepare($query); Database::pexecute($result_stmt, array('domainid' => $domain['id'])); $ipportlist = ''; $_vhost_content = ''; while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $ipport = ''; $domain['ip'] = $ipandport['ip']; $domain['port'] = $ipandport['port']; if ($domain['ssl'] == '1') { $domain['ssl_cert_file'] = $ipandport['ssl_cert_file']; $domain['ssl_key_file'] = $ipandport['ssl_key_file']; $domain['ssl_ca_file'] = $ipandport['ssl_ca_file']; $domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile']; // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); } if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $ipport = '[' . $domain['ip'] . ']:' . $domain['port'] . ' '; } else { $ipport = $domain['ip'] . ':' . $domain['port'] . ' '; } if ($ipandport['default_vhostconf_domain'] != '') { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } $ipportlist .= $ipport; } $vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n"; $vhost_content .= $this->getServerNames($domain); if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') { // We must not check if our port differs from port 443, // but if there is a destination-port != 443 $_sslport = ''; // This returns the first port that is != 443 with ssl enabled, if any // ordered by ssl-certificate (if any) so that the ip/port combo // with certificate is used $ssldestport_stmt = Database::prepare("\n\t\t\t\tSELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;\n\t\t\t"); $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id'])); if ($ssldestport['port'] != '') { $_sslport = ":" . $ssldestport['port']; } $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { if ($domain['ssl_cert_file'] == '') { $domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file'); } if ($domain['ssl_key_file'] == '') { $domain['ssl_key_file'] = Settings::Get('system.ssl_key_file'); } if ($domain['ssl_ca_file'] == '') { $domain['ssl_ca_file'] = Settings::Get('system.ssl_ca_file'); } if ($domain['ssl_cert_chainfile'] == '') { $domain['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile'); } if ($domain['ssl_cert_file'] != '') { $vhost_content .= ' SSLEngine On' . "\n"; $vhost_content .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n"; // this makes it more secure, thx to Marcel (08/2013) $vhost_content .= ' SSLHonorCipherOrder On' . "\n"; $vhost_content .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; $vhost_content .= ' SSLVerifyDepth 10' . "\n"; $vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n"; if ($domain['ssl_key_file'] != '') { $vhost_content .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n"; } if ($domain['ssl_ca_file'] != '') { $vhost_content .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n"; } if ($domain['ssl_cert_chainfile'] != '') { $vhost_content .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n"; } } } if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) { $corrected_docroot = $this->idnaConvert->encode($domain['documentroot']); // Get domain's redirect code $code = getDomainRedirectCode($domain['id']); $modrew_red = ''; if ($code != '') { $modrew_red = '[R=' . $code . ';L,NE]'; } // redirect everything, not only root-directory, #541 $vhost_content .= ' <IfModule mod_rewrite.c>' . "\n"; $vhost_content .= ' RewriteEngine On' . "\n"; if (!$ssl_vhost) { $vhost_content .= ' RewriteCond %{HTTPS} off' . "\n"; } $vhost_content .= ' RewriteRule ^/(.*) ' . $corrected_docroot . '$1 ' . $modrew_red . "\n"; $vhost_content .= ' </IfModule>' . "\n"; $vhost_content .= ' Redirect ' . $code . ' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n"; } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true); $vhost_content .= $this->getWebroot($domain); if ($this->_deactivated == false) { $vhost_content .= $this->composePhpOptions($domain, $ssl_vhost); $vhost_content .= $this->getStats($domain); } $vhost_content .= $this->getLogfiles($domain); if ($domain['specialsettings'] != '') { $vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } if ($_vhost_content != '') { $vhost_content .= $_vhost_content; } if (Settings::Get('system.default_vhostconf') != '') { $vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } } $vhost_content .= '</VirtualHost>' . "\n"; return $vhost_content; }
protected function getVhostContent($domain, $ssl_vhost = false) { if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') { return ''; } $vhost_content = ''; $_vhost_content = ''; $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\tWHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) { // by ordering by cert-file the row with filled out SSL-Fields will be shown last, // thus it is enough to fill out 1 set of SSL-Fields $query .= "AND i.ssl = 1 ORDER BY i.ssl_cert_file ASC;"; } else { $query .= "AND i.ssl = '0';"; } // start vhost $vhost_content .= 'server { ' . "\n"; $result_stmt = Database::prepare($query); Database::pexecute($result_stmt, array('domainid' => $domain['id'])); while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $domain['ip'] = $ipandport['ip']; $domain['port'] = $ipandport['port']; if ($domain['ssl'] == '1') { $domain['ssl_cert_file'] = $ipandport['ssl_cert_file']; $domain['ssl_key_file'] = $ipandport['ssl_key_file']; $domain['ssl_ca_file'] = $ipandport['ssl_ca_file']; $domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile']; // SSL STUFF $dssl = new DomainSSL(); // this sets the ssl-related array-indices in the $domain array // if the domain has customer-defined ssl-certificates $dssl->setDomainSSLFilesArray($domain); } if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $ipport = '[' . $domain['ip'] . ']:' . $domain['port']; } else { $ipport = $domain['ip'] . ':' . $domain['port']; } if ($ipandport['default_vhostconf_domain'] != '') { $_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"; } $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n"; } // get all server-names $vhost_content .= $this->getServerNames($domain); // respect ssl_redirect settings, #542 if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') { // We must not check if our port differs from port 443, // but if there is a destination-port != 443 $_sslport = ''; // This returns the first port that is != 443 with ssl enabled, if any // ordered by ssl-certificate (if any) so that the ip/port combo // with certificate is used $ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`\n\t\t\t\tLEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)\n\t\t\t\tWHERE `dip`.`id_domain` = :domainid\n\t\t\t\tAND `ip`.`ssl` = '1' AND `ip`.`port` != 443\n\t\t\t\tORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;"); $ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id'])); if ($ssldestport['port'] != '') { $_sslport = ":" . $ssldestport['port']; } $domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/'; } // if the documentroot is an URL we just redirect if (preg_match('/^https?\\:\\/\\//', $domain['documentroot'])) { $uri = $this->idnaConvert->encode($domain['documentroot']); if (substr($uri, -1) == '/') { $uri = substr($uri, 0, -1); } $vhost_content .= "\t" . 'rewrite ^(.*) ' . $uri . '$1 permanent;' . "\n"; } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true); $vhost_content .= $this->getLogFiles($domain); $vhost_content .= $this->getWebroot($domain, $ssl_vhost); if ($this->_deactivated == false) { if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') { $vhost_content .= $this->composeSslSettings($domain); } $vhost_content = $this->mergeVhostCustom($vhost_content, $this->create_pathOptions($domain)) . "\n"; $vhost_content .= $this->composePhpOptions($domain, $ssl_vhost); $vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : ''; if ($domain['specialsettings'] != "") { $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost)); } if ($_vhost_content != '') { $vhost_content = $this->mergeVhostCustom($vhost_content, $_vhost_content); } if (Settings::Get('system.default_vhostconf') != '') { $vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n"); } } } $vhost_content .= "\n}\n\n"; return $vhost_content; }