Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
only include acme.conf to vhosts if system has ssl and LE enabled (mi…
…ght not exist if not)

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
  • Loading branch information
d00p committed Apr 15, 2016
1 parent e8f5fc1 commit 28f0c3e
Showing 1 changed file with 16 additions and 12 deletions.
28 changes: 16 additions & 12 deletions scripts/jobs/cron_tasks.inc.http.30.nginx.php
Expand Up @@ -207,11 +207,11 @@ public function createIpPort() {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";

if ($row_ipsandports['ssl'] == '1') {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
}

if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
$domain = array(
'id' => 'none',
Expand All @@ -225,16 +225,16 @@ public function createIpPort() {
'loginname' => 'froxlor.panel',
'documentroot' => $mypath,
);

$php = new phpinterface($domain);
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n";
} else {
$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
}

$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
$this->nginx_data[$vhost_filename] .= "\t}\n";

$this->nginx_data[$vhost_filename] .= "}\n\n";
// End of Froxlor server{}-part
}
Expand Down Expand Up @@ -422,7 +422,11 @@ protected function getVhostContent($domain, $ssl_vhost = false) {
) {
$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
}
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";

if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
{
$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
}

// if the documentroot is an URL we just redirect
if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
Expand Down Expand Up @@ -562,7 +566,7 @@ protected function composeSslSettings($domain_or_ip) {
}

if ($domain_or_ip['ssl_cert_file'] != '') {

// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_cert_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
Expand All @@ -575,7 +579,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";

if ($domain_or_ip['ssl_key_file'] != '') {
// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_key_file'])) {
Expand All @@ -585,7 +589,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
}
}

if ($domain_or_ip['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_ca_file'])) {
Expand All @@ -595,7 +599,7 @@ protected function composeSslSettings($domain_or_ip) {
$sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
}
}

if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {

$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
Expand Down Expand Up @@ -835,11 +839,11 @@ protected function composePhpOptions($domain, $ssl_vhost = false) {
$phpopts .= "\t\tfastcgi_param HTTPS on;\n";
}
$phpopts .= "\t}\n\n";

}
return $phpopts;
}


protected function getWebroot($domain, $ssl) {
$webroot_text = '';
Expand Down

0 comments on commit 28f0c3e

Please sign in to comment.