Skip to content
Permalink
Browse files

only include acme.conf to vhosts if system has ssl and LE enabled (mi…

…ght not exist if not)

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
  • Loading branch information
d00p committed Apr 15, 2016
1 parent e8f5fc1 commit 28f0c3eac401b5793c8ca9e9750d99421683cb96
Showing with 16 additions and 12 deletions.
  1. +16 −12 scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -207,11 +207,11 @@ public function createIpPort() {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";

if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
}

if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array(
'id' => 'none',
@@ -225,16 +225,16 @@ public function createIpPort() {
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
);

$php = new phpinterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
}

$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";

$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part
}
@@ -422,7 +422,11 @@ protected function getVhostContent($domain, $ssl_vhost = false) {
) {
$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
}
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";

if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
{
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
}

// if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
@@ -562,7 +566,7 @@ protected function composeSslSettings($domain_or_ip) {
}

if ($domain_or_ip['ssl_cert_file'] != '') {

// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
@@ -575,7 +579,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";

if ($domain_or_ip['ssl_key_file'] != '') {
// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_key_file'])) {
@@ -585,7 +589,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
}
}

if ($domain_or_ip['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_ca_file'])) {
@@ -595,7 +599,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
}
}

if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {

$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
@@ -835,11 +839,11 @@ protected function composePhpOptions($domain, $ssl_vhost = false) {
$phpopts .= "\t\tfastcgi_param HTTPS on;\n";
}
$phpopts .= "\t}\n\n";

}
return $phpopts;
}


protected function getWebroot($domain, $ssl) {
$webroot_text = '';

0 comments on commit 28f0c3e

Please sign in to comment.
You can’t perform that action at this time.