Propriétaire';
+ print 'Virtual Host ';
} ?>
- Domaine
+ Servername
Alias';
}
@@ -61,7 +61,7 @@
if(is_superadmin()) {
printf('%s ', $vhost_info['owner']);
}
- printf('http://%s ',
+ printf('%s ',
$vhost_info['server_name'], $vhost_info['server_name']);
if ($conf['cluster']) {
@@ -87,7 +87,7 @@
printf('%s ', $vhost_info['slave']);
}
- printf('%s ', preg_replace('/,/',' ',$vhost_info['server_alias']));
+ printf('%s ', preg_replace('/,/',' ',$vhost_info['server_alias']));
if ($conf['quota']) {
printf('%s ', $vhost_info['size']);
@@ -110,7 +110,7 @@
} else {
printf('ITK ', $vhost_info['owner']);
}
- printf(' - Supprimer ', $vhost_info['owner']);
+ printf('Supprimer ', $vhost_info['owner']);
printf('');
}
From 1ee7221b19ace00688a1f192f87974cebce0bdbc Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 16 May 2019 11:19:43 +0200
Subject: [PATCH 020/116] normalize text
---
inc/webadmin-edit.php | 12 ++++++------
tpl/webadmin-servername.tpl.php | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/inc/webadmin-edit.php b/inc/webadmin-edit.php
index 7e63681..7b0d99b 100644
--- a/inc/webadmin-edit.php
+++ b/inc/webadmin-edit.php
@@ -1,11 +1,11 @@
* @author Thomas Martin
@@ -68,10 +68,10 @@ if (isset($params[2]) && $params[2] == "delete") {
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
- if (! $bdd->del_serveralias($serveralias))
+ if (! $bdd->del_serveralias($serveralias))
print "La suppression a échouée. Veuillez contacter votre administrateur.
";
printf ('Alias %s est supprimé.
', $serveralias['alias']);
- } else
+ } else
print "La suppression a échouée. Veuillez contacter votre administrateur.
";
}
@@ -134,7 +134,7 @@ elseif (isset($params[2]) && $params[2] == "add") {
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'alias' => $form->getField('domain_alias')->getValue(),
);
-
+
$account_name=$serveralias['domain'];
$account = $bdd->get_account($account_name);
@@ -214,7 +214,7 @@ elseif (isset($params[2]) && $params[2] == "add") {
}
else {
print "";
- printf ('Echec dans la creation de l\'alias %s du domaine %s
', $serveralias['alias'], $serveralias['domain']);
+ printf ('Echec dans la creation de l\'alias %s
', $serveralias['alias']);
print ('L\'alias existe dans d\'autres vhosts.');
printf ('
Retour à la liste des alias
', $redirect_url);
print " ";
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index ac53cdd..ccd1911 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -13,7 +13,7 @@
?>
-Servernames
+Servername
Date: Thu, 16 May 2019 11:55:52 +0200
Subject: [PATCH 021/116] revert multiple virtualhosts mgmt for ITK
---
inc/webadmin-itk.php | 60 +++++++++++++++++-----------------------
scripts/web-add.sh | 25 ++++++++---------
tpl/webadmin-itk.tpl.php | 39 +++++++++++---------------
3 files changed, 52 insertions(+), 72 deletions(-)
diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php
index 673d46b..d47a972 100644
--- a/inc/webadmin-itk.php
+++ b/inc/webadmin-itk.php
@@ -18,23 +18,39 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
-if (isset($params[2]) && $params[2] != "") {
- $redirect_url = "/webadmin/" . $params[1] . "/itk/";
+if (isset($_GET['enable']) ) {
+ require_once EVOADMIN_BASE . '../evolibs/Form.php';
+
+ include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+
+ $servername = array (
+ 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+ );
+
+ $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
+ if ($enable_cmd_return == 0) {
+ print 'Sécurité ITK activée.';
+ printf ('Retour à la gestion ITK
', $_SERVER['REDIRECT_URL']);
+ }
+
+ include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+} elseif (isset($_GET['disable']) ) {
+
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$servername = array (
- 'domain' => $params[1],
- 'servername' => $params[3]
+ 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
);
- if ($params[2] == "enable") {
- $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+ $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
@@ -46,20 +62,10 @@ if (isset($params[2]) && $params[2] != "") {
elseif ($params[2] == "disable") {
$disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
- sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
-
- if ($disable_cmd_return == 0) {
- print 'Sécurité ITK désactivée';
- printf ('Retour à la gestion ITK
', $redirect_url);
- }
- }
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-}
-
-else {
+} else {
$domain = $params[1];
- $data_list = array();
// TODO: adapt for cluster mode
if ($conf['cluster']) {
@@ -83,33 +89,17 @@ else {
$alias_list = $bdd->list_serveralias($domain);
}
else {
-
- $cmd = 'web-add.sh list-servername ' . $domain;
-
- if(!is_superadmin()) {
- $cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
- }
- sudoexec($cmd, $data_output, $exec_return);
-
- # à revérifier (notamment gestion erreurs)
- if ($exec_return == 0) {
- foreach($data_output as $data_line) {
- $cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain;
+ $cmd_itk = 'web-add.sh list-user-itk ' . $domain;
sudoexec($cmd_itk, $data_output_itk, $exec_return_itk);
- # on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc.
- array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]);
- unset($data_output_itk); # reset variable pour éviter conflits
- }
- }
+ $user_itk = $data_output_itk[0];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
}
?>
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 37d1948..5a560c8 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1001,23 +1001,21 @@ op_checkoccurencename() {
}
op_listuseritk() {
- if [ $# -eq 2 ]; then
- domain=${1}
- configfile="$VHOST_PATH/${2}.conf"
+ if [ $# -eq 1 ]; then
+ configfile="$VHOST_PATH/${1}.conf"
- sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $2}' | uniq
+ awk '/AssignUserID/ {print $2}' "$configfile" | uniq
else
usage
fi
}
op_enableuseritk() {
- if [ $# -eq 2 ]; then
- domain=${1}
- configfile="$VHOST_PATH/${2}.conf"
- group=$(sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $3}' | uniq)
+ if [ $# -eq 1 ]; then
+ configfile="$VHOST_PATH/${1}.conf"
+ group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
- sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID $group/ AssignUserID www-$group/" "$configfile" --follow-symlinks
+ sed -i "s/^ *AssignUserID $group/ AssignUserID www-$group/" "$configfile" --follow-symlinks
configtest_out=$(apache2ctl configtest)
configtest_rc=$?
@@ -1033,12 +1031,11 @@ op_enableuseritk() {
}
op_disableuseritk() {
- if [ $# -eq 2 ]; then
- domain=${1}
- configfile="$VHOST_PATH"/"${2}".conf
- group=$(sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $3}' | uniq)
+ if [ $# -eq 1 ]; then
+ configfile="$VHOST_PATH"/"${1}".conf
+ group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
- sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID www-$group/ AssignUserID ${group}/" "$configfile" --follow-symlinks
+ sed -i "s/^ *AssignUserID www-$group/ AssignUserID ${group}/" "$configfile" --follow-symlinks
configtest_out=$(apache2ctl configtest)
configtest_rc=$?
diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php
index c856703..e5ca180 100644
--- a/tpl/webadmin-itk.tpl.php
+++ b/tpl/webadmin-itk.tpl.php
@@ -17,12 +17,11 @@
0) { ?>
+ if(!empty($user_itk)) { ?>
- Servername
Utilisateur
Action';
@@ -31,29 +30,23 @@
';
- printf('%s ',
- $data_list[$i]['servername']);
- printf('%s ',
- $data_list[$i]['user']);
- if (is_superadmin()) {
- if (strpos($data_list[$i]['user'], 'www') !== false) {
- $action = ['disable', 'Désactiver'];
- } else {
- $action = ['enable', 'Activer'];
- }
- // AssignUserID not set in the vhost, override previous action
- if (empty($data_list[$i]['user'])) {
- $action = ["", ""];
- }
+ print '';
+ printf('%s ',
+ $user_itk);
+ if (is_superadmin()) {
- printf(''.$action[1].' ',
- $domain, $action[0], $data_list[$i]['servername']);
- }
- print ' ';
- } ?>
+ if (strpos($user_itk, 'www') !== false) {
+ $action = ['disable', 'Désactiver'];
+ } else {
+ $action = ['enable', 'Activer'];
+ }
+
+ printf(''.$action[1].' ',
+ $domain, $action[0]);
+ }
+ print '';
+ ?>
Date: Thu, 16 May 2019 12:06:35 +0200
Subject: [PATCH 022/116] normalize add-alias with del-alias
---
scripts/web-add.sh | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5a560c8..3229072 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -866,7 +866,6 @@ op_listvhost() {
configlist="$VHOST_PATH/*";
fi
-
for configfile in $configlist; do
if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl|evoadmin)\\.conf$"; then
servername="$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | head -n 1)"
@@ -896,12 +895,23 @@ op_aliasadd() {
if [ $# -eq 2 ]; then
vhost="${1}.conf"
alias=$2
+ vhost_file="${VHOST_PATH}/${vhost}"
- [ -f $VHOST_PATH/"$vhost" ] && sed -i "/ServerName .*/a \\\tServerAlias $alias" "$VHOST_PATH"/"$vhost" --follow-symlinks
+ if [ -f "${vhost_file}" ]; then
+ sed -i "/ServerName .*/a \\\tServerAlias $alias" "${vhost_file}" --follow-symlinks
+ else
+ echo "VHost file \`${vhost_file}' not found'" >&2
+ return 1
+ fi
- apache2ctl configtest 2>/dev/null
- /etc/init.d/apache2 force-reload >/dev/null
+ configtest_out=$(apache2ctl configtest)
+ configtest_rc=$?
+ if [ "$configtest_rc" = "0" ]; then
+ /etc/init.d/apache2 force-reload >/dev/null
+ else
+ echo $configtest_out >&2
+ fi
else usage
fi
}
From ad452aad6ad30dd851c7bb1654f1e2b7859af649 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 16 May 2019 14:40:30 +0200
Subject: [PATCH 023/116] delete list-servername function
---
inc/webadmin-servername.php | 8 +++----
scripts/web-add.sh | 41 ++++++---------------------------
tpl/webadmin-servername.tpl.php | 19 ++++++++-------
3 files changed, 19 insertions(+), 49 deletions(-)
diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index db5b862..7141acc 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -197,17 +197,15 @@ if (isset($params[2]) && $params[2] == "edit") {
$alias_list = $bdd->list_serveralias($domain);
}
else {
-
- $cmd = 'web-add.sh list-servername ' . $domain;
+ $cmd = 'web-add.sh list-vhost ' . $domain;
if(!is_superadmin()) {
$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
}
sudoexec($cmd, $data_output, $exec_return);
- foreach($data_output as $data_line) {
- array_push($servername_list, $data_line);
- }
+ $data_vhost = explode(':', $data_output[0]);
+ $servername = $data_vhost[2];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3229072..e3d5df9 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -128,30 +128,26 @@ del-alias VHOST ALIAS
Del a ServerAlias from an Apache vhost
-list-servername LOGIN
-
- List ServerName(s) for user LOGIN
-
update-servername VHOST SERVERNAME OLD_SERVERNAME
Replace the OLD_SERVERNAME with the SERVERNAME for an Apache vhost
- Also apply to rules
+ Also apply to rewrite rules
check-occurence NAME
List all occurences of NAME in vhosts
-list-user-itk DOMAIN LOGIN
+list-user-itk LOGIN
- List the assigned ITK user for the DOMAIN specified
+ List the assigned ITK user for the LOGIN specified
-enable-user-itk DOMAIN LOGIN
+enable-user-itk LOGIN
- Enable the assigned ITK user for the DOMAIN specified
+ Enable the assigned ITK user for the LOGIN specified
-disable-user-itk DOMAIN LOGIN
+disable-user-itk LOGIN
- Disable the assigned ITK user for the DOMAIN specified
+ Disable the assigned ITK user for the LOGIN specified
setphpversion LOGIN VERSION
@@ -828,9 +824,6 @@ arg_processing() {
del-alias)
op_aliasdel "$@"
;;
- list-servername)
- op_listservername "$@"
- ;;
update-servername)
op_servernameupdate "$@"
;;
@@ -942,25 +935,6 @@ op_aliasdel() {
fi
}
-op_listservername() {
- if [ $# -eq 1 ]; then
- vhost_file="$VHOST_PATH/${1}.conf";
-
- if [ -f "${vhost_file}" ]; then
- servernames=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$vhost_file" | uniq)
-
- for servername in $servernames; do
- echo "$servername";
- done
- else
- echo "VHost file \`${vhost_file}' not found'" >&2
- return 1
- fi
- else
- usage
- fi
-}
-
op_servernameupdate() {
if [ $# -eq 3 ]; then
vhost="${1}.conf"
@@ -968,7 +942,6 @@ op_servernameupdate() {
old_servername=$3
vhost_file="${VHOST_PATH}/${vhost}"
- # Remplacement de toutes les directives ServerName, on assume qu'il s'agit du même pour chaque vhost du fichier
if [ -f "${vhost_file}" ]; then
sed -i "/^ *ServerName/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
sed -i "/^ *RewriteCond/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index ccd1911..50b87d3 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -17,7 +17,7 @@
0) { ?>
+ if(!empty($servername)) { ?>
@@ -30,15 +30,14 @@
';
- printf('%s ',
- $servername_list[$i]);
- if (is_superadmin())
- printf('Modifier ',
- $domain, $servername_list[$i]);
- print '';
- } ?>
+ print '';
+ printf('%s ',
+ $servername);
+ if (is_superadmin())
+ printf('Modifier ',
+ $domain, $servername);
+ print ' ';
+ ?>
Date: Fri, 17 May 2019 11:53:21 +0200
Subject: [PATCH 024/116] block non-standard vhost modification
---
htdocs/index.php | 35 +++++++++++++++++++++++------------
inc/webadmin.php | 11 +++++++++++
scripts/web-add.sh | 10 +++++++++-
tpl/webadmin.tpl.php | 16 ++++++++++------
4 files changed, 53 insertions(+), 19 deletions(-)
diff --git a/htdocs/index.php b/htdocs/index.php
index a801e52..8e951b3 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -48,30 +48,41 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
include_once EVOADMIN_BASE . '../inc/webadmin.php';
-} elseif (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
+} elseif (preg_match('#^/webadmin?#', $uri)) {
- include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
+ // Redirect to /webadmin in order to set $_SESSION['non_stanard']
+ if (!isset($_SESSION['non_standard']))
+ http_redirect('/webadmin');
-} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
+ // block the non-standard vhost modification
+ if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
+ http_redirect('/webadmin');
- include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
+ if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
-} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
+ include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
- include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
+ } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
-} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
+ include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
- include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
+ } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
-} elseif (preg_match('#^/webadmin/(.*)/delete/$#', $uri, $params)) {
+ include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
- include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+ } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
-} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+ include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
- include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+ } elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
+ include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
+
+ } elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
+
+ include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+
+ }
} elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/accounts.php';
diff --git a/inc/webadmin.php b/inc/webadmin.php
index ad3ec23..bc61a7b 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -30,6 +30,12 @@ if (!$conf['cluster']) {
/* Récupération de cette liste dans le tableau $vhost_list */
$vhost_list = array();
+
+ if (!isset($_SESSION['non_standard'])) {
+ $_SESSION['non_standard'] = array();
+ }
+
+
foreach($data_output as $data_line) {
$data_split = explode(':', $data_line);
@@ -72,6 +78,11 @@ if (!$conf['cluster']) {
$occupation = "";
}
+ // current vhost isn't standard and thus not manageable by evoadmin-web
+ if (!$data_split[9]) {
+ array_push($_SESSION['non_standard'], $data_split[0]);
+ }
+
array_push($vhost_list, array(
'owner' => $data_split[0],
'configid' => $data_split[1],
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e3d5df9..b4ca350 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -876,9 +876,17 @@ op_listvhost() {
else
is_enabled=0
fi
+
+ count_virtualhosts="$(grep "');
- printf('Alias - ', $vhost_info['owner']);
- printf('Servername - ', $vhost_info['owner']);
- if(is_multiphp()) {
- printf('PHP ', $vhost_info['owner']);
+ if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
+ printf('Alias - ', $vhost_info['owner']);
+ printf('Servername - ', $vhost_info['owner']);
+ if(is_multiphp()) {
+ printf('PHP - ', $vhost_info['owner']);
+ } else {
+ printf('ITK - ', $vhost_info['owner']);
+ }
+ printf('Supprimer ', $vhost_info['owner']);
} else {
- printf('ITK ', $vhost_info['owner']);
+ print 'VirtualHost non standard ';
}
- printf('Supprimer ', $vhost_info['owner']);
printf('');
}
From 44b4ac2f5e5ae6993ac25373840cee0a927b9f62 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Mon, 3 Jun 2019 16:44:14 +0200
Subject: [PATCH 025/116] add .idea folder to gitignore
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index 6e9dadb..7d7f61e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
conf/config.local.php
.vagrant
+.idea
From 634a18d1cb80e8d950c9b1cc3039e41ddafdea9b Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 5 Jun 2019 17:20:34 +0200
Subject: [PATCH 026/116] rebase master
---
htdocs/index.php | 8 +++---
inc/webadmin-itk.php | 49 +++++++++++++--------------------
inc/webadmin-servername.php | 20 +++++++-------
tpl/webadmin-itk.tpl.php | 2 +-
tpl/webadmin-servername.tpl.php | 2 +-
tpl/webadmin.tpl.php | 8 +++---
6 files changed, 39 insertions(+), 50 deletions(-)
diff --git a/htdocs/index.php b/htdocs/index.php
index 8e951b3..c2f5ff0 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -58,19 +58,19 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
http_redirect('/webadmin');
- if (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
+ if (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
- } elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
+ } elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
- } elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
+ } elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
- } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
+ } elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php
index d47a972..44a106d 100644
--- a/inc/webadmin-itk.php
+++ b/inc/webadmin-itk.php
@@ -18,28 +18,9 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
-if (isset($_GET['enable']) ) {
- require_once EVOADMIN_BASE . '../evolibs/Form.php';
+if (isset($params[2]) && $params[2] != "") {
- include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
-
- $servername = array (
- 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
- );
-
- $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
-
- if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
-
- if ($enable_cmd_return == 0) {
- print 'Sécurité ITK activée.';
- printf ('Retour à la gestion ITK
', $_SERVER['REDIRECT_URL']);
- }
-
- include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
-} elseif (isset($_GET['disable']) ) {
+ $redirect_url = "/webadmin/" . $params[1] . "/itk/";
require_once EVOADMIN_BASE . '../evolibs/Form.php';
@@ -47,23 +28,31 @@ if (isset($_GET['enable']) ) {
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$servername = array (
- 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+ 'domain' => $params[1],
);
- $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
+ if ($params[2] == "enable") {
+ $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
- sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
+ sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
- if ($enable_cmd_return == 0) {
- print 'Sécurité ITK activée.';
- printf ('Retour à la gestion ITK
', $redirect_url);
- }
+ if ($enable_cmd_return == 0) {
+ print 'Sécurité ITK activée.';
+ printf ('Retour à la gestion ITK
', $redirect_url);
+ }
}
elseif ($params[2] == "disable") {
- $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+ $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
+
+ sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
+
+ if ($disable_cmd_return == 0) {
+ print 'Sécurité ITK désactivée';
+ printf ('Retour à la gestion ITK
', $redirect_url);
+ }
+ }
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
-
} else {
$domain = $params[1];
diff --git a/inc/webadmin-servername.php b/inc/webadmin-servername.php
index 7141acc..8b58619 100644
--- a/inc/webadmin-servername.php
+++ b/inc/webadmin-servername.php
@@ -28,8 +28,8 @@ if (isset($params[2]) && $params[2] == "edit") {
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
- $form = new FormPage("Modification du ServerName", FALSE);
- $form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $params[3]);
+ $form = new FormPage("Modification du Servername", FALSE);
+ $form->addField('domain_servername', new DomainInputFormField("Servername", TRUE), $params[3]);
$form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $params[3]);
if (!empty($_POST)) {
@@ -126,22 +126,22 @@ if (isset($params[2]) && $params[2] == "edit") {
if ($exec_return == 0) {
//domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
print "";
- printf ('Le ServerName %s a bien été modifié
', $servername['servername']);
- printf ('Retour à la liste des ServerNames
', $redirect_url);
+ printf ('Le Servername %s a bien été modifié
', $servername['servername']);
+ printf ('Retour à la liste des Servernames
', $redirect_url);
print " ";
}
else {
print "";
- printf ('Echec dans la modification du ServerName %s
', $servername['servername']);
- printf ('Retour à la liste des ServerNames
', $redirect_url);
+ printf ('Echec dans la modification du Servername %s
', $servername['servername']);
+ printf ('Retour à la liste des Servernames
', $redirect_url);
print " ";
}
}
else {
print "";
- printf ('Echec dans la modification du ServerName %s
', $servername['servername']);
+ printf ('Echec dans la modification du Servername %s
', $servername['servername']);
print ('Le domaine existe déjà dans d\'autres vhosts.');
- printf ('
Retour à la liste des ServerNames
', $redirect_url);
+ printf ('Retour à la liste des Servernames
', $redirect_url);
print " ";
}
}
@@ -156,10 +156,10 @@ if (isset($params[2]) && $params[2] == "edit") {
print "";
}
} else {
- print "Modification du ServerName ";
+ print "Modification du Servername ";
print " ';
diff --git a/tpl/webadmin-servername.tpl.php b/tpl/webadmin-servername.tpl.php
index 50b87d3..f712236 100644
--- a/tpl/webadmin-servername.tpl.php
+++ b/tpl/webadmin-servername.tpl.php
@@ -34,7 +34,7 @@
printf('%s ',
$servername);
if (is_superadmin())
- printf('Modifier ',
+ printf('Modifier ',
$domain, $servername);
print '';
?>
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index b138e19..280b6e9 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -104,12 +104,12 @@
if (is_superadmin()) {
printf('');
if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
- printf('Alias - ', $vhost_info['owner']);
- printf('Servername - ', $vhost_info['owner']);
+ printf('Alias - ', $vhost_info['owner']);
+ printf('Servername - ', $vhost_info['owner']);
if(is_multiphp()) {
- printf('PHP - ', $vhost_info['owner']);
+ printf('PHP - ', $vhost_info['owner']);
} else {
- printf('ITK - ', $vhost_info['owner']);
+ printf('ITK - ', $vhost_info['owner']);
}
printf('Supprimer ', $vhost_info['owner']);
} else {
From 4a14333d410a925059a601edcc84523d38dc9986 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 14:51:34 +0200
Subject: [PATCH 027/116] first draft library letsencrypt
---
lib/letsencrypt.php | 56 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
create mode 100644 lib/letsencrypt.php
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
new file mode 100644
index 0000000..2bf96ac
--- /dev/null
+++ b/lib/letsencrypt.php
@@ -0,0 +1,56 @@
+ $domain) {
+ $curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
+
+ // setting cURL options
+ curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
+ curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
+ curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
+ curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
+ curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP, CURLPROTO_HTTPS);
+ curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
+
+ curl_multi_add_handle($curl_multi, $curl_handles[$key]);
+ }
+
+ do {
+ curl_multi_exec($curl_multi, $active);
+ } while ($active);
+
+ foreach ($curl_handles as $curl_handle) {
+ $returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
+ $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
+
+ if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+ array_push($checked_domains, $returned_http_url);
+ }
+ curl_multi_remove_handle($curl_multi, $curl_handle);
+ }
+ curl_multi_close($curl_multi);
+
+ return $checked_domains;
+ }
+}
From 12b907ea63119d9ec7148eeea30530b39e1b5e20 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 15:41:58 +0200
Subject: [PATCH 028/116] add checkDNSValidity function
---
lib/letsencrypt.php | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2bf96ac..38a03a8 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -8,6 +8,7 @@ class LetsEncrypt
{
const HTTP_OK = 200;
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/';
+
/**
* perform a cURL call on the remote resource
* the cURL call follows redirections and pushes the last valid URL to an array
@@ -45,6 +46,10 @@ class LetsEncrypt
$returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+ // retrieve the FQDN
+ $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '.', $returned_http_url);
+ $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
+
array_push($checked_domains, $returned_http_url);
}
curl_multi_remove_handle($curl_multi, $curl_handle);
@@ -53,4 +58,27 @@ class LetsEncrypt
return $checked_domains;
}
+
+ /**
+ * Query the corresponding IP for each domain
+ * @param Array $domains list of HTTP checked domains
+ * @return Array $valid_dns_domains list of valid domains
+ */
+ public function checkDNSValidity($domains)
+ {
+ $valid_dns_domains = array();
+
+ foreach ($domains as $domain) {
+ $dns_record_ipv4 = dns_get_record($domain, DNS_A);
+ $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
+
+ if ($dns_record_ipv4 || $dns_record_ipv6) {
+ // remove the last dot added for the FQDN syntax
+ $domain = rtrim($domain, '.');
+ array_push($valid_dns_domains, $domain);
+ }
+ }
+
+ return $valid_dns_domains;
+ }
}
From 4cde2338043d197def17ece4b28e14fd5dc77ba9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 18:15:30 +0200
Subject: [PATCH 029/116] regroup webadmin rules
---
htdocs/index.php | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/htdocs/index.php b/htdocs/index.php
index c2f5ff0..947c0b1 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -75,13 +75,19 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
} elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
-
+ //TODO: fix according to route naming convention
include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
+ } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?(check)?/?$#', $uri, $params)) {
+
+ include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
+
+ } else {
+ http_redirect('/webadmin');
}
} elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
From 2193307e14785e85a69bb73ec03ee91842a5300f Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 18:16:52 +0200
Subject: [PATCH 030/116] first draft webadmin-letsencrypt.php
---
inc/webadmin-letsencrypt.php | 66 ++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
create mode 100644 inc/webadmin-letsencrypt.php
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
new file mode 100644
index 0000000..4c1e4ab
--- /dev/null
+++ b/inc/webadmin-letsencrypt.php
@@ -0,0 +1,66 @@
+checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
+ $failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+
+ # debug à améliorer
+ echo 'The following domain(s) failed the HTTP challenge ';
+ foreach ($failed_domains_http as $failed_domain) {
+ echo $failed_domain . ' ';
+ }
+
+ // check DNS
+ if (!empty($checked_domains)) {
+ $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
+ $failed_domains_dns = array_diff($checked_domains, $valid_domains);
+
+ # debug à améliorer
+ echo 'The following domain(s) failed the DNS check ';
+ foreach ($failed_domains_dns as $failed_domain) {
+ echo $failed_domain . ' ';
+ }
+ }
+
+ include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+} else {
+ include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+}
From 6b8128e861ed4e3c707c7b896d4e69a638c083d2 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 18:18:09 +0200
Subject: [PATCH 031/116] move FQDN syntax to checkDNSValidity function
---
lib/letsencrypt.php | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 38a03a8..8ad886a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -46,8 +46,7 @@ class LetsEncrypt
$returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
- // retrieve the FQDN
- $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '.', $returned_http_url);
+ $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
array_push($checked_domains, $returned_http_url);
@@ -69,6 +68,8 @@ class LetsEncrypt
$valid_dns_domains = array();
foreach ($domains as $domain) {
+ //FQDN syntax
+ $domain .= '.';
$dns_record_ipv4 = dns_get_record($domain, DNS_A);
$dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
From 2fff30a6588fce203a9412ad7540bc3b824dbd8a Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 6 Jun 2019 18:20:27 +0200
Subject: [PATCH 032/116] first draft webadmin-letsencrypt tpl
---
tpl/webadmin-letsencrypt.tpl.php | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 tpl/webadmin-letsencrypt.tpl.php
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
new file mode 100644
index 0000000..0800a31
--- /dev/null
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -0,0 +1,20 @@
+Gestion Let's Encrypt
+
+ 0) {
+ ?>
+
+Liste des domaines à intégrer dans le certificat :
+
+ ' . $domain . '';
+ }
+ ?>
+
+
+
+ Aucun domaine.";
+}
From b44a70f089af1eeff814792b7c91a0f973c38d89 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 10:43:45 +0200
Subject: [PATCH 033/116] fix CURLOPT_REDIR_PROTOCOLS values
---
lib/letsencrypt.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8ad886a..8450394 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -31,7 +31,7 @@ class LetsEncrypt
curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
- curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP, CURLPROTO_HTTPS);
+ curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
curl_multi_add_handle($curl_multi, $curl_handles[$key]);
From 4a137ae821b3d3f274dc71477dc6709d33112892 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 11:46:01 +0200
Subject: [PATCH 034/116] add h3 error styling
---
htdocs/inc/css/main.css | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/htdocs/inc/css/main.css b/htdocs/inc/css/main.css
index 7d1195e..47bdd6c 100644
--- a/htdocs/inc/css/main.css
+++ b/htdocs/inc/css/main.css
@@ -30,6 +30,10 @@ h1#top {
margin-bottom: 10px;
}
+h3.form-error {
+ color: red;
+}
+
div#disclaimer {
margin-top: 30px;
}
@@ -163,4 +167,3 @@ form#form-add legend {
form#form-add p {
text-align: left;
}
-
From 58dda79c6aa8d4af6f9d6689aef501666b748eda Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 11:46:29 +0200
Subject: [PATCH 035/116] add letsencrypt link in webadmin page
---
htdocs/index.php | 2 +-
tpl/webadmin.tpl.php | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/htdocs/index.php b/htdocs/index.php
index 947c0b1..5e90a4e 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -82,7 +82,7 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
- } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?(check)?/?$#', $uri, $params)) {
+ } elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 280b6e9..98b02c8 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,6 +111,7 @@
} else {
printf('ITK - ', $vhost_info['owner']);
}
+ printf('Let\'s Encrypt - ', $vhost_info['owner']);
printf('Supprimer ', $vhost_info['owner']);
} else {
print 'VirtualHost non standard ';
From 320a229d4f5738cf18a08a1069e8852e45f2ef01 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 11:49:11 +0200
Subject: [PATCH 036/116] separate view and controller logic
---
inc/webadmin-letsencrypt.php | 31 +++++--------------
tpl/webadmin-letsencrypt.tpl.php | 52 ++++++++++++++++++++++++--------
2 files changed, 47 insertions(+), 36 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 4c1e4ab..a0ba620 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -29,38 +29,23 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
$_SESSION['letsencrypt-domains'] = $domains;
}
-if (isset($params[2]) && $params[2] == "check") {
- include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+if (isset($_POST['submit'])) {
$letsencrypt = new letsencryt();
// check HTTP
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
$failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
- # debug à améliorer
- echo 'The following domain(s) failed the HTTP challenge ';
- foreach ($failed_domains_http as $failed_domain) {
- echo $failed_domain . ' ';
- }
-
- // check DNS
- if (!empty($checked_domains)) {
+ if (empty($failed_domains_http) && !empty($checked_domains)) {
+ // check DNS
$valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
$failed_domains_dns = array_diff($checked_domains, $valid_domains);
-
- # debug à améliorer
- echo 'The following domain(s) failed the DNS check ';
- foreach ($failed_domains_dns as $failed_domain) {
- echo $failed_domain . ' ';
- }
}
-
- include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} else {
- include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+ // page de base
}
+include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
+include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 0800a31..0b3bc43 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -1,20 +1,46 @@
Gestion Let's Encrypt
0) {
- ?>
+if (isset($_POST['submit'])) {
+ if (count($failed_domains_http) > 0) {
+ echo '';
-Liste des domaines à intégrer dans le certificat :
-
- ' . $domain . '';
+ echo '';
+ echo 'Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+ Merci de vérifier que le dossier /.well-known/acme-challenge/
est accessible.';
+ echo '
';
+
+ echo '';
+ foreach ($failed_domains_http as $failed_domain) {
+ echo $failed_domain . " ";
+ }
+ echo '
';
+ } elseif (count($failed_domains_dns) > 0) {
+ echo '';
+
+ echo '';
+ echo 'La vérification DNS a échoué pour les domaines ci-dessous.
+ Merci de vérifier les enregistrements de type A et AAAA.';
+ echo '
';
+
+ foreach ($failed_domains_dns as $failed_domain) {
+ echo $failed_domain . " ";
+ }
+ } else {
+ echo "all checks succeeded";
}
- ?>
-
-
-
- Aucun domaine.";
+ echo "Les domaines suivants seront intégrés au certificat :
";
+ if (count($_SESSION['letsencrypt-domains']) > 0) {
+ echo '';
+ foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+ echo $domain . ' ';
+ }
+ echo '
';
+ ?>
+
+
Date: Fri, 7 Jun 2019 14:10:07 +0200
Subject: [PATCH 037/116] add manage-http-challenge-file function
---
scripts/web-add.sh | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index b4ca350..27b874c 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -156,6 +156,11 @@ setphpversion LOGIN VERSION
setquota LOGIN QUOTA_SOFT:QUOTA_HARD
Change quotas for LOGIN
+
+manage-http-challenge-file [CREATE | DELETE]
+
+ Create or delete a dummy file for the Let's Encrypt HTTP challenge
+ The default directory is /var/lib/letsencrypt/.well-known/
EOT
}
@@ -845,6 +850,9 @@ arg_processing() {
setquota)
op_setquota "$@"
;;
+ manage-http-challenge-file)
+ op_managehttpchallengefile "$@"
+ ;;
*)
usage
;;
@@ -852,6 +860,22 @@ arg_processing() {
fi
}
+op_managehttpchallengefile() {
+ if [ $# -eq 1 ]; then
+ file="/var/lib/letsencrypt/.well-known/123456789"
+ action=${1};
+
+ if [ "$action" = "create" ]; then
+ touch "$file"
+ chmod 755 "$file"
+ elif [ "$action" = "delete" ]; then
+ rm "$file"
+ else usage
+ fi
+ else usage
+ fi
+}
+
op_listvhost() {
if [ $# -eq 1 ]; then
configlist="$VHOST_PATH/${1}.conf";
From bd6d70fbfe7ce36205f5d5f7b11f6389d73bfc10 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 15:22:42 +0200
Subject: [PATCH 038/116] change http challenge filename
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 27b874c..05fdada 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -862,7 +862,7 @@ arg_processing() {
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
- file="/var/lib/letsencrypt/.well-known/123456789"
+ file="/var/lib/letsencrypt/.well-known/acme-challenge"
action=${1};
if [ "$action" = "create" ]; then
From f6cfe14cdcd1d4b9b654ca75e561ca79a1a66721 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 15:23:39 +0200
Subject: [PATCH 039/116] add createFileHttpChallenge and
deleteFileHttpChallenge functions
---
lib/letsencrypt.php | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8450394..7b5c41a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -7,7 +7,25 @@ namespace lib;
class LetsEncrypt
{
const HTTP_OK = 200;
- const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/';
+ const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
+
+ /**
+ * create the file used to test the HTTP challenge
+ */
+ private function createFileHttpChallenge()
+ {
+ $cmd = 'web-add.sh manage-http-challenge-file create';
+ sudoexec($cmd, $data_output, $exec_return);
+ }
+
+ /**
+ * delete the file used to test the HTTP challenge
+ */
+ private function deleteFileHttpChallenge()
+ {
+ $cmd = 'web-add.sh manage-http-challenge-file delete';
+ sudoexec($cmd, $data_output, $exec_return);
+ }
/**
* perform a cURL call on the remote resource
@@ -17,6 +35,8 @@ class LetsEncrypt
*/
public function checkRemoteResourceAvailability($domains)
{
+ $this->createFileHttpChallenge();
+
$curl_multi = curl_multi_init();
$curl_handles = array();
$checked_domains = array();
@@ -55,6 +75,8 @@ class LetsEncrypt
}
curl_multi_close($curl_multi);
+ $this->deleteFileHttpChallenge();
+
return $checked_domains;
}
From 15faf3dfdc7f168adbdfacc76539f9b1993734b4 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 15:24:38 +0200
Subject: [PATCH 040/116] add isEvoacmeInstalled function
---
lib/letsencrypt.php | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 7b5c41a..d640d01 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -104,4 +104,20 @@ class LetsEncrypt
return $valid_dns_domains;
}
+
+ /**
+ * check the presence of make-csr and evoacme binaries
+ * @return boolean
+ */
+ public function isEvoacmeInstalled()
+ {
+ $output_make_csr = shell_exec("which make-csr");
+ $output_evoacme = shell_exec("which evoacme");
+
+ if (empty($output_make_csr) || empty($output_evoacme)) {
+ return false;
+ }
+
+ return true;
+ }
}
From d7f0a5e36c0f3cf4bce1696102ea298af9c3b0c8 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 15:25:15 +0200
Subject: [PATCH 041/116] change error handling for let's encrypt checks
---
inc/webadmin-letsencrypt.php | 40 ++++++++++++++++++++++++++------
tpl/webadmin-letsencrypt.tpl.php | 32 +++++++------------------
2 files changed, 42 insertions(+), 30 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index a0ba620..2d78300 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -34,18 +34,44 @@ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
if (isset($_POST['submit'])) {
$letsencrypt = new letsencryt();
+ $error_message = '';
- // check HTTP
- $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
- $failed_domains_http = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+ while (true) {
+ // check domains list
+ if (empty($_SESSION['letsencrypt-domains'])) {
+ $error_message = "Erreur : la liste des domaines est vide.";
+ break;
+ }
+
+ // check if evoacme is installed
+ $binaries_installed = $letsencrypt->isEvoacmeInstalled();
+ if (!$binaries_installed) {
+ $error_message = "Erreur : les binaires Evoacme ne sont pas installés.
+ Veuillez contacter un administrateur.";
+ break;
+ }
+
+ // check HTTP
+ $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
+ $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
+ if (!empty($failed_domains)) {
+ $error_message = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+ Merci de vérifier que le dossier /.well-known/
est accessible.";
+ break;
+ }
- if (empty($failed_domains_http) && !empty($checked_domains)) {
// check DNS
$valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
- $failed_domains_dns = array_diff($checked_domains, $valid_domains);
+ $failed_domains = array_diff($checked_domains, $valid_domains);
+ if (!empty($failed_domains)) {
+ $error_message = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
+ Merci de vérifier les enregistrements de type A et AAAA.";
+ break;
+ }
+
+ break;
}
-} else {
- // page de base
}
+
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 0b3bc43..39a833c 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,32 +2,18 @@
0) {
- echo '';
+ if (!empty($error_message)) {
+ echo '' . $error_message . ' ';
- echo '';
- echo 'Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
- Merci de vérifier que le dossier /.well-known/acme-challenge/
est accessible.';
- echo '
';
-
- echo '';
- foreach ($failed_domains_http as $failed_domain) {
- echo $failed_domain . " ";
- }
- echo '
';
- } elseif (count($failed_domains_dns) > 0) {
- echo '';
-
- echo '';
- echo 'La vérification DNS a échoué pour les domaines ci-dessous.
- Merci de vérifier les enregistrements de type A et AAAA.';
- echo '
';
-
- foreach ($failed_domains_dns as $failed_domain) {
- echo $failed_domain . " ";
+ if (count($failed_domains) > 0) {
+ echo '';
+ foreach ($failed_domains as $failed_domain) {
+ echo $failed_domain . " ";
+ }
+ echo '
';
}
} else {
- echo "all checks succeeded";
+ echo 'checks succeeded.';
}
} else {
echo "Les domaines suivants seront intégrés au certificat :
";
From 2737edbc11117ff9a5ad6c8471fb8eead47a28da Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 7 Jun 2019 15:25:34 +0200
Subject: [PATCH 042/116] update let's encrypt button name
---
tpl/webadmin-letsencrypt.tpl.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 39a833c..d95698e 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -25,7 +25,7 @@ if (isset($_POST['submit'])) {
echo '';
?>
Date: Wed, 3 Jul 2019 18:18:27 +0200
Subject: [PATCH 043/116] retrieve SSL cert and parse it, check the issuer, the
expiration date and the SAN
---
lib/letsencrypt.php | 64 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index d640d01..2862320 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -120,4 +120,68 @@ class LetsEncrypt
return true;
}
+
+ /**
+ * Retrieve the SSL certificate from the URL
+ * @param string $url
+ * @return Array|false $cont list of parameters of the certificate, or false
+ */
+ public function getCertificate($url)
+ {
+ $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
+ $read = fopen($url, "rb", false, $stream);
+ $cont = stream_context_get_params($read);
+
+ return $cont;
+ }
+
+ /**
+ * Parse the certificat arguments and extract data
+ * @param Array $certificateParameters certificat arguments
+ * @return Array $infosCert contains only the issuer, domains and expiration date
+ */
+ public function parseCertificate($certificateParameters)
+ {
+ $infosCert = array();
+ $parsedParameters = openssl_x509_parse($certificateParameters["options"]["ssl"]["peer_certificate"]);
+ $issuer = $parsedParameters["issuer"]["O"];
+ $includedDomains = $parsedParameters["extensions"]["subjectAltName"];
+ $validUntil = $parsedParameters["validTo_time_t"];
+
+ array_push($infosCert, $issuer);
+ array_push($infosCert, $includedDomains);
+ array_push($infosCert, $validUntil);
+
+ return $infosCert;
+ }
+
+ /**
+ * Check wether the certificat is issued by Let's Encrypt or not
+ * @param string $issuer name of the certificat issuer
+ * @return boolean
+ */
+ public function isCertIssuedByLetsEncrypt($issuer)
+ {
+ return ($issuer === "Let's Encrypt") ? true : false;
+ }
+
+ /**
+ * Check wether the certificat is valid or not
+ * @param string $timestampCertValidUntil certificat expiration date in timestamp
+ * @return boolean
+ */
+ public function isCertValid($timestampCertValidUntil)
+ {
+ $currentDate = time();
+
+ return ($timestampCertValidUntil > $currentDate) ? true : false;
+ }
+
+ public function isDomainIncludedInCert($domainRequested, $san)
+ {
+ $san = preg_replace('/DNS:| DNS:/', '', $san);
+ $sanArray = explode(',', $san);
+
+ return (in_array($domainRequested, $sanArray)) ? true : false;
+ }
}
From 3b9a53425331fe996abb3ccd01ab038532696674 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 15:51:58 +0200
Subject: [PATCH 044/116] filter empty items from session variable of domains
---
inc/webadmin-letsencrypt.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 2d78300..f8450a7 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -26,7 +26,7 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
array_push($domains, $alias);
}
- $_SESSION['letsencrypt-domains'] = $domains;
+ $_SESSION['letsencrypt-domains'] = array_filter($domains);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
From 43318dc09a9f988553fb0a88cc266f510f4e69b3 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 15:52:55 +0200
Subject: [PATCH 045/116] add https prefix to getCertificate method
---
lib/letsencrypt.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2862320..2550d0a 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -123,13 +123,13 @@ class LetsEncrypt
/**
* Retrieve the SSL certificate from the URL
- * @param string $url
+ * @param string $domain
* @return Array|false $cont list of parameters of the certificate, or false
*/
- public function getCertificate($url)
+ public function getCertificate($domain)
{
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
- $read = fopen($url, "rb", false, $stream);
+ $read = fopen("https://" . $domain , "rb", false, $stream);
$cont = stream_context_get_params($read);
return $cont;
From 1fc8a3e322414502d50d6ae13f490ef9b1d24dd9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 15:53:35 +0200
Subject: [PATCH 046/116] add keys to return array for parseCertificate method
---
lib/letsencrypt.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 2550d0a..cd0ca65 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -148,9 +148,9 @@ class LetsEncrypt
$includedDomains = $parsedParameters["extensions"]["subjectAltName"];
$validUntil = $parsedParameters["validTo_time_t"];
- array_push($infosCert, $issuer);
- array_push($infosCert, $includedDomains);
- array_push($infosCert, $validUntil);
+ $infosCert["issuer"] = $issuer;
+ $infosCert["includedDomains"] = $includedDomains;
+ $infosCert["validUntil"] = $validUntil;
return $infosCert;
}
From c4a6b1f069ea5769bfd5dfb25a1ed721f646613d Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 15:55:10 +0200
Subject: [PATCH 047/116] errors handling for SSL check with the issuer,
validity date and included domains
---
inc/webadmin-letsencrypt.php | 58 ++++++++++++++++++++++++++++++++----
1 file changed, 53 insertions(+), 5 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index f8450a7..dec4b55 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -34,28 +34,76 @@ include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
if (isset($_POST['submit'])) {
$letsencrypt = new letsencryt();
- $error_message = '';
+ $errorMessage = '';
+ $warningMessage = '';
while (true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
- $error_message = "Erreur : la liste des domaines est vide.";
+ $errorMessage = "Erreur : la liste des domaines est vide.";
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
- $error_message = "Erreur : les binaires Evoacme ne sont pas installés.
+ $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
break;
}
+ // Check existing SSL certificate
+ $domainsIncluded = array();
+ foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+ $existingSSLCertificate = $letsencrypt->getCertificate($domain);
+ if (is_bool($existingSSLCertificate)) {
+ continue;
+ }
+ $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
+
+ // check if LE is the certificate issuer
+ $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
+ if (!$isIssuerValid) {
+ $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
+ break 2; // break the foreach and the while
+ }
+
+ // check if the domain is already in the certificate
+ $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
+ if ($isDomainIncluded) {
+ array_push($domainsIncluded, $domain);
+ continue; // break only the current foreach iteration
+ }
+
+ // check wether the certificate is valid or expired
+ $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
+ if (!$îsCertValid) {
+ $warningMessage = "Attention : le certificat existant n'est plus valide.
+ Souhaitez-vous le renouveller ?";
+ break 2;
+ }
+ }
+
+ // contains all the domains included in the existing certificate
+ if (!empty($domainsIncluded)) {
+ $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
+
+ if (empty($domainsNotIncluded)) {
+ $errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
+ break;
+ }
+
+ $warningMessage = "Attention : le certificat existant couvre déjà certains domaines.
+ Souhaitez-vous le renouveller ?";
+
+ break;
+ }
+
// check HTTP
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
if (!empty($failed_domains)) {
- $error_message = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
+ $errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
Merci de vérifier que le dossier /.well-known/
est accessible.";
break;
}
@@ -64,7 +112,7 @@ if (isset($_POST['submit'])) {
$valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
$failed_domains = array_diff($checked_domains, $valid_domains);
if (!empty($failed_domains)) {
- $error_message = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
+ $errorMessage = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
Merci de vérifier les enregistrements de type A et AAAA.";
break;
}
From 3ab7a010779c05f1420ed0b28423f76dd4bfa3aa Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 15:55:38 +0200
Subject: [PATCH 048/116] new warning rule with orange color for span element
---
htdocs/inc/css/main.css | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/htdocs/inc/css/main.css b/htdocs/inc/css/main.css
index 47bdd6c..39748c8 100644
--- a/htdocs/inc/css/main.css
+++ b/htdocs/inc/css/main.css
@@ -139,6 +139,11 @@ span.form-error {
margin-left: 4px;
}
+span.form-warning {
+ color: #E84D0C;
+ margin-left: 4px;
+}
+
span.form-mandatory {
color: red;
}
From 1cf62beb552e2daa270260d80f19e58ed7e47493 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 4 Jul 2019 18:00:59 +0200
Subject: [PATCH 049/116] retrieve the correct aliases and servername from a
specified vhost
---
inc/webadmin-letsencrypt.php | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index dec4b55..2859aab 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -7,11 +7,7 @@ use lib\LetsEncrypt as letsencryt;
// store domain and aliases in session
if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-domains'])) {
$domain = $params[1];
- $cmd = 'web-add.sh list-vhost';
-
- if (!is_superadmin()) {
- $cmd = sprintf('%s %s', $cmd, $domain);
- }
+ $cmd = 'web-add.sh list-vhost ' . $domain;
sudoexec($cmd, $data_output, $exec_return);
From 1b4231e1a93588c0d6255b77fa2c064da1962fca Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Tue, 9 Jul 2019 18:07:47 +0200
Subject: [PATCH 050/116] make-csr function and confirmation button when
warning is displayed
---
inc/webadmin-letsencrypt.php | 23 ++++++---
lib/letsencrypt.php | 89 +++++++++++++++++---------------
scripts/web-add.sh | 36 +++++++++++--
tpl/webadmin-letsencrypt.tpl.php | 18 +++++--
4 files changed, 110 insertions(+), 56 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 2859aab..ff85b37 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -52,6 +52,7 @@ if (isset($_POST['submit'])) {
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
+ // if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
continue;
}
@@ -73,7 +74,7 @@ if (isset($_POST['submit'])) {
// check wether the certificate is valid or expired
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
- if (!$îsCertValid) {
+ if (!$îsCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
Souhaitez-vous le renouveller ?";
break 2;
@@ -81,7 +82,7 @@ if (isset($_POST['submit'])) {
}
// contains all the domains included in the existing certificate
- if (!empty($domainsIncluded)) {
+ if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
@@ -96,11 +97,11 @@ if (isset($_POST['submit'])) {
}
// check HTTP
- $checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
- $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
- if (!empty($failed_domains)) {
- $errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
- Merci de vérifier que le dossier /.well-known/
est accessible.";
+ $isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
+
+ if (!$isRemoteResourceAvailable) {
+ $errorMessage = "Erreur : Le challenge HTTP a échoué.
+ Merci de vérifier que le dossier /.well-known/evoacme-challenge/
est accessible.";
break;
}
@@ -115,6 +116,14 @@ if (isset($_POST['submit'])) {
break;
}
+
+ // make csr
+ $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
+
+ // evoacme TEST ou DRY RUN
+ // evoacme
+ // modifier configuration vhosts
+ // reload service web
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index cd0ca65..b355505 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -7,7 +7,7 @@ namespace lib;
class LetsEncrypt
{
const HTTP_OK = 200;
- const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
+ const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
/**
* create the file used to test the HTTP challenge
@@ -28,56 +28,63 @@ class LetsEncrypt
}
/**
- * perform a cURL call on the remote resource
- * the cURL call follows redirections and pushes the last valid URL to an array
- * @param Array $domains list of domains
- * @return Array $checked_domains list of checked domains
+ * generate a CSR
+ * @param string $vhost
+ * @param Array $domains
+ * @return boolean
*/
- public function checkRemoteResourceAvailability($domains)
+ public function makeCsr($vhost, $domains)
+ {
+ $domains = implode(' ', $domains);
+ $cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
+
+ sudoexec($cmd ,$data_output, $exec_return);
+
+ if ($exec_return == 0) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * perform a cURL call on the remote resource
+ * the cURL call follows redirections
+ * @param Array $domains list of domains
+ * @return boolean
+ */
+ public function checkRemoteResourceAvailability($domain)
{
$this->createFileHttpChallenge();
- $curl_multi = curl_multi_init();
- $curl_handles = array();
- $checked_domains = array();
+ $curl_handler = curl_init();
- foreach ($domains as $key => $domain) {
- $curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
+ // setting cURL options
+ curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
+ curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
+ curl_setopt($curl_handler, CURLOPT_HEADER, true);
+ curl_setopt($curl_handler, CURLOPT_NOBODY, true);
+ curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
+ curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
+ curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
- // setting cURL options
- curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
- curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
- curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
- curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
- curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
- curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
+ curl_exec($curl_handler);
- curl_multi_add_handle($curl_multi, $curl_handles[$key]);
- }
-
- do {
- curl_multi_exec($curl_multi, $active);
- } while ($active);
-
- foreach ($curl_handles as $curl_handle) {
- $returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
- $returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
-
- if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
- $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
- $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
-
- array_push($checked_domains, $returned_http_url);
- }
- curl_multi_remove_handle($curl_multi, $curl_handle);
- }
- curl_multi_close($curl_multi);
+ $returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
+ $returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
$this->deleteFileHttpChallenge();
- return $checked_domains;
+ if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
+ $returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
+ $returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
+
+ return true;
+ }
+
+ return false;
}
/**
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 05fdada..bd4571b 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -853,6 +853,9 @@ arg_processing() {
manage-http-challenge-file)
op_managehttpchallengefile "$@"
;;
+ generate-csr)
+ op_makecsr "$@"
+ ;;
*)
usage
;;
@@ -860,16 +863,41 @@ arg_processing() {
fi
}
+op_makecsr() {
+ if [ $# -gt 1 ]; then
+ vhost="$1"
+ domains=""
+
+ # remove the first argument to keep only the domains
+ shift 1
+
+ for domain in "$@"; do
+ domains="${domains:+${domains} }${domain}"
+ done
+
+ # pipe the domains to make-csr because we don't have STDIN
+ echo "$domains" | make-csr "$vhost"
+ else usage
+ fi
+}
+
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
- file="/var/lib/letsencrypt/.well-known/acme-challenge"
+ folder="/var/lib/letsencrypt/.well-known/acme-challenge"
+ file="testfile"
+
action=${1};
if [ "$action" = "create" ]; then
- touch "$file"
- chmod 755 "$file"
+ if [ ! -d "$folder" ]; then
+ mkdir "$folder"
+ fi
+ if [ ! -f "$folder/$file" ]; then
+ touch "$folder/$file"
+ fi
+ chmod -R 755 "$folder"
elif [ "$action" = "delete" ]; then
- rm "$file"
+ rm -r "$folder"
else usage
fi
else usage
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index d95698e..9d7c881 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,8 +2,8 @@
' . $error_message . '';
+ if (!empty($errorMessage)) {
+ echo '' . $errorMessage . ' ';
if (count($failed_domains) > 0) {
echo '';
@@ -12,8 +12,18 @@ if (isset($_POST['submit'])) {
}
echo '
';
}
+ } elseif (!empty($warningMessage)) {
+ echo '' . $warningMessage . ' '; ?>
+
+ Les domaines suivants seront intégrés au certificat : ";
@@ -24,7 +34,7 @@ if (isset($_POST['submit'])) {
}
echo '';
?>
-
Date: Wed, 10 Jul 2019 16:56:13 +0200
Subject: [PATCH 051/116] check if the domain IP correspond to the server IP
---
lib/letsencrypt.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index b355505..8040441 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -95,6 +95,7 @@ class LetsEncrypt
public function checkDNSValidity($domains)
{
$valid_dns_domains = array();
+ $serverIP = exec("ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\\1/p'");
foreach ($domains as $domain) {
//FQDN syntax
@@ -102,7 +103,7 @@ class LetsEncrypt
$dns_record_ipv4 = dns_get_record($domain, DNS_A);
$dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
- if ($dns_record_ipv4 || $dns_record_ipv6) {
+ if ($dns_record_ipv4[0]['ip'] === $serverIP || $dns_record_ipv6[0]['ip'] === $serverIP) {
// remove the last dot added for the FQDN syntax
$domain = rtrim($domain, '.');
array_push($valid_dns_domains, $domain);
From 37e5ca6484ab6dd61746a6e049150e23c18be806 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 10 Jul 2019 16:56:50 +0200
Subject: [PATCH 052/116] generate-ssl-certificate and update-ssl-configuration
methods for web-add.sh
---
scripts/web-add.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index bd4571b..2c9c9e6 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -161,6 +161,20 @@ manage-http-challenge-file [CREATE | DELETE]
Create or delete a dummy file for the Let's Encrypt HTTP challenge
The default directory is /var/lib/letsencrypt/.well-known/
+
+generate-csr LOGIN DOMAINS
+
+ Generate the request for the Let's Encrypt certificate
+
+generate-ssl-certificate LOGIN [TRUE | FALSE]
+
+ Generate the Let's Encrypt certificate
+ Run in TEST mode if TRUE
+
+update-ssl-vhost-configuration LOGIN
+
+ Add the 443 port to the vhost configuration and reload the service
+
EOT
}
@@ -856,6 +870,12 @@ arg_processing() {
generate-csr)
op_makecsr "$@"
;;
+ generate-ssl-certificate)
+ op_generatesslcertificate "$@"
+ ;;
+ update-ssl-vhost-configuration)
+ op_updatesslvhost "$@"
+ ;;
*)
usage
;;
@@ -881,6 +901,38 @@ op_makecsr() {
fi
}
+op_generatesslcertificate() {
+ if [ $# -gt 1 ]; then
+ vhost="$1"
+ test_mode="$2"
+
+ if [ "$test_mode" = "false" ]; then
+ evoacme "$vhost"
+ else
+ TEST=1 evoacme "$vhost"
+ fi
+ else usage
+ fi
+}
+
+op_updatesslvhost() {
+ if [ $# -eq 1 ]; then
+ vhostfile="/etc/apache2/sites-enabled/$1.conf"
+
+ sed -i "s/:80>/:80 *:443>/" "$vhostfile"
+
+ configtest_out=$(apache2ctl configtest)
+ configtest_rc=$?
+
+ if [ "$configtest_rc" = "0" ]; then
+ /etc/init.d/apache2 force-reload >/dev/null
+ else
+ echo $configtest_out >&2
+ fi
+ else usage
+ fi
+}
+
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
folder="/var/lib/letsencrypt/.well-known/acme-challenge"
From 839efa6fe90bd43f19c78b90427c9650e427a3cc Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 10 Jul 2019 16:57:34 +0200
Subject: [PATCH 053/116] generateSSLCertificate and setSSLPortVhost methods
added
---
inc/webadmin-letsencrypt.php | 53 ++++++++++++++++++++++++++++--------
lib/letsencrypt.php | 39 +++++++++++++++++++++++++-
2 files changed, 79 insertions(+), 13 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index ff85b37..598eb01 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -106,24 +106,53 @@ if (isset($_POST['submit'])) {
}
// check DNS
- $valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
- $failed_domains = array_diff($checked_domains, $valid_domains);
+ $valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']);
+
+ $failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
if (!empty($failed_domains)) {
- $errorMessage = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
- Merci de vérifier les enregistrements de type A et AAAA.";
+ $errorMessage = "Erreur : La vérification DNS a échoué.
+ Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
+ break;
+ }
+
+ // make csr
+ $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
+
+ if (!$isCsrGenerated) {
+ $errorMessage = "Erreur : La génération de demande de certificat a échoué.
+ Merci de contacter un administrateur pour continuer.";
+ break;
+ }
+
+ // evoacme TEST
+ $testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
+
+ if (!$testGenerateCert) {
+ $errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.
+ Merci de contacter un administrateur pour continuer.";
+ break;
+ }
+
+ // evoacme
+ // $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
+ $generateCert = $letsencrypt->generateSSLCertificate($params[1]);
+
+ if (!$generateCert) {
+ $errorMessage = "Erreur : La génération de certificat a échoué.
+ Merci de contacter un administrateur pour continuer.";
+ break;
+ }
+
+ $updatedVhostConfig = $letsencrypt->setSSLPortVhost($params[1]);
+
+ if (!$updatedVhostConfig) {
+ $errorMessage = "Erreur : La modification de la configuration de l'hôte virtuel a échoué.
+ Merci de contacter un administrateur pour continuer.";
break;
}
break;
}
-
- // make csr
- $isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
-
- // evoacme TEST ou DRY RUN
- // evoacme
- // modifier configuration vhosts
- // reload service web
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 8040441..82e11b4 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -38,7 +38,44 @@ class LetsEncrypt
$domains = implode(' ', $domains);
$cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
- sudoexec($cmd ,$data_output, $exec_return);
+ sudoexec($cmd, $data_output, $exec_return);
+
+ if ($exec_return == 0) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Generate a SSL certificate
+ * @param string $vhost
+ * @param boolean $test generate in TEST mode or not
+ * @return boolean
+ */
+ public function generateSSLCertificate($vhost, $test = true)
+ {
+ $cmd = 'web-add.sh generate-ssl-certificate ' . $vhost . ' ' . ($test ? "true" : "false");
+
+ sudoexec($cmd, $data_output, $exec_return);
+
+ if ($exec_return == 0) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * add the 443 port to the vhost configuration
+ * @param string $vhost
+ * @return boolean
+ */
+ public function setSSLPortVhost($vhost)
+ {
+ $cmd = 'web-add.sh update-ssl-vhost-configuration ' . $vhost;
+
+ sudoexec($cmd, $data_output, $exec_return);
if ($exec_return == 0) {
return true;
From 8fe671097d2ba6201df3b9295f7120fb1a0cc35f Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 10 Jul 2019 16:59:36 +0200
Subject: [PATCH 054/116] tweak success message for cert installation
---
lib/letsencrypt.php | 2 +-
tpl/webadmin-letsencrypt.tpl.php | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 82e11b4..86cade5 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -174,7 +174,7 @@ class LetsEncrypt
public function getCertificate($domain)
{
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
- $read = fopen("https://" . $domain , "rb", false, $stream);
+ $read = fopen("https://" . $domain, "rb", false, $stream);
$cont = stream_context_get_params($read);
return $cont;
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 9d7c881..641820e 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -21,9 +21,8 @@ if (isset($_POST['submit'])) {
Les domaines suivants seront intégrés au certificat : ";
From 27b449fd98b49d3bcac13b72d9f882bd5acdf664 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 11 Jul 2019 14:19:09 +0200
Subject: [PATCH 055/116] check that the non_standard domain is not already in
the session variable
---
inc/webadmin.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inc/webadmin.php b/inc/webadmin.php
index bc61a7b..6e91a93 100644
--- a/inc/webadmin.php
+++ b/inc/webadmin.php
@@ -79,7 +79,7 @@ if (!$conf['cluster']) {
}
// current vhost isn't standard and thus not manageable by evoadmin-web
- if (!$data_split[9]) {
+ if (!$data_split[9] && (!in_array($data_split[0], $_SESSION['non_standard']))) {
array_push($_SESSION['non_standard'], $data_split[0]);
}
From 78d0293b440947593bbfa34f100885928768f411 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 11 Jul 2019 15:24:17 +0200
Subject: [PATCH 056/116] create the acme-challenge subfolder correctly for the
HTTP challenge
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2c9c9e6..43f4437 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -942,7 +942,7 @@ op_managehttpchallengefile() {
if [ "$action" = "create" ]; then
if [ ! -d "$folder" ]; then
- mkdir "$folder"
+ mkdir -p "$folder"
fi
if [ ! -f "$folder/$file" ]; then
touch "$folder/$file"
From 4eaf3ad6d1d4c9133a72e90fd539318233f87744 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 11 Jul 2019 16:54:21 +0200
Subject: [PATCH 057/116] fix acme-challenge subfolder creation
---
scripts/web-add.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 43f4437..d16c47e 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -935,17 +935,17 @@ op_updatesslvhost() {
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
- folder="/var/lib/letsencrypt/.well-known/acme-challenge"
+ folder="/var/lib/letsencrypt/.well-known"
file="testfile"
action=${1};
if [ "$action" = "create" ]; then
if [ ! -d "$folder" ]; then
- mkdir -p "$folder"
+ mkdir -p "$folder/acme-challenge"
fi
- if [ ! -f "$folder/$file" ]; then
- touch "$folder/$file"
+ if [ ! -f "$folder/acme-challenge/$file" ]; then
+ touch "$folder/acme-challenge/$file"
fi
chmod -R 755 "$folder"
elif [ "$action" = "delete" ]; then
From c218aebaaefad7dbcdb58f5f9b1a1e82e5ec229b Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Mon, 15 Jul 2019 17:06:50 +0200
Subject: [PATCH 058/116] bugfixes for the evoacme part
---
inc/webadmin-letsencrypt.php | 3 +--
scripts/web-add.sh | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 598eb01..9237b23 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -134,8 +134,7 @@ if (isset($_POST['submit'])) {
}
// evoacme
- // $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
- $generateCert = $letsencrypt->generateSSLCertificate($params[1]);
+ $generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
if (!$generateCert) {
$errorMessage = "Erreur : La génération de certificat a échoué.
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index d16c47e..9c81165 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -909,7 +909,7 @@ op_generatesslcertificate() {
if [ "$test_mode" = "false" ]; then
evoacme "$vhost"
else
- TEST=1 evoacme "$vhost"
+ DRY_RUN=1 evoacme "$vhost"
fi
else usage
fi
@@ -917,7 +917,7 @@ op_generatesslcertificate() {
op_updatesslvhost() {
if [ $# -eq 1 ]; then
- vhostfile="/etc/apache2/sites-enabled/$1.conf"
+ vhostfile="/etc/apache2/sites-available/$1.conf"
sed -i "s/:80>/:80 *:443>/" "$vhostfile"
From 283f76540af1bddebb18a45b7bc8ba06c7ad2d9a Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Mon, 15 Jul 2019 17:08:47 +0200
Subject: [PATCH 059/116] uses stream_socket_client instead of fopen
---
lib/letsencrypt.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 86cade5..99de7f9 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -174,9 +174,9 @@ class LetsEncrypt
public function getCertificate($domain)
{
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
- $read = fopen("https://" . $domain, "rb", false, $stream);
+ $read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
$cont = stream_context_get_params($read);
-
+
return $cont;
}
From 7d026c907b2191260f302e3b2d3a21e405b85eed Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Mon, 15 Jul 2019 17:44:41 +0200
Subject: [PATCH 060/116] add optional SSL configuration by default in vhost
---
scripts/vhost | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/vhost b/scripts/vhost
index 6ec1cc4..0b2b0d1 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -7,6 +7,9 @@
# Repertoire principal
DocumentRoot HOME_DIR/XXX/www/
+ # SSL
+ IncludeOptional /etc/apache2/ssl/XXX.conf
+
# Propriete du repertoire
#Options +Indexes +SymLinksIfOwnerMatch
From c5c1648a58636b94f0b624af8810267b257b9aa9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 17 Jul 2019 15:38:59 +0200
Subject: [PATCH 061/116] delete previous cert if it already exists before
invoking evoacme
---
scripts/web-add.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9c81165..9c174a4 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -907,6 +907,9 @@ op_generatesslcertificate() {
test_mode="$2"
if [ "$test_mode" = "false" ]; then
+ if [ -L /etc/letsencrypt/$vhost/live ]; then
+ rm /etc/letsencrypt/$vhost/live
+ fi
evoacme "$vhost"
else
DRY_RUN=1 evoacme "$vhost"
From 4b5a020993519b54db6e7bdcb9fa22c5b53522cb Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 17 Jul 2019 17:11:52 +0200
Subject: [PATCH 062/116] port 443 by default in vhost template
---
scripts/vhost | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/vhost b/scripts/vhost
index 0b2b0d1..970807f 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -1,4 +1,4 @@
-
+
# FQDN principal
ServerName SERVERNAME
From f3fa182dc713fd3c3b5f43a1f8d70ce70543c15a Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 17 Jul 2019 17:20:32 +0200
Subject: [PATCH 063/116] delete methods updating the vhost after cert
installation is completed
---
inc/webadmin-letsencrypt.php | 8 --------
lib/letsencrypt.php | 18 ------------------
scripts/web-add.sh | 25 -------------------------
3 files changed, 51 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index 9237b23..b33bf87 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -142,14 +142,6 @@ if (isset($_POST['submit'])) {
break;
}
- $updatedVhostConfig = $letsencrypt->setSSLPortVhost($params[1]);
-
- if (!$updatedVhostConfig) {
- $errorMessage = "Erreur : La modification de la configuration de l'hôte virtuel a échoué.
- Merci de contacter un administrateur pour continuer.";
- break;
- }
-
break;
}
}
diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index 99de7f9..8c0d2d4 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -66,24 +66,6 @@ class LetsEncrypt
return false;
}
- /**
- * add the 443 port to the vhost configuration
- * @param string $vhost
- * @return boolean
- */
- public function setSSLPortVhost($vhost)
- {
- $cmd = 'web-add.sh update-ssl-vhost-configuration ' . $vhost;
-
- sudoexec($cmd, $data_output, $exec_return);
-
- if ($exec_return == 0) {
- return true;
- }
-
- return false;
- }
-
/**
* perform a cURL call on the remote resource
* the cURL call follows redirections
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9c174a4..933c214 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -171,10 +171,6 @@ generate-ssl-certificate LOGIN [TRUE | FALSE]
Generate the Let's Encrypt certificate
Run in TEST mode if TRUE
-update-ssl-vhost-configuration LOGIN
-
- Add the 443 port to the vhost configuration and reload the service
-
EOT
}
@@ -873,9 +869,6 @@ arg_processing() {
generate-ssl-certificate)
op_generatesslcertificate "$@"
;;
- update-ssl-vhost-configuration)
- op_updatesslvhost "$@"
- ;;
*)
usage
;;
@@ -918,24 +911,6 @@ op_generatesslcertificate() {
fi
}
-op_updatesslvhost() {
- if [ $# -eq 1 ]; then
- vhostfile="/etc/apache2/sites-available/$1.conf"
-
- sed -i "s/:80>/:80 *:443>/" "$vhostfile"
-
- configtest_out=$(apache2ctl configtest)
- configtest_rc=$?
-
- if [ "$configtest_rc" = "0" ]; then
- /etc/init.d/apache2 force-reload >/dev/null
- else
- echo $configtest_out >&2
- fi
- else usage
- fi
-}
-
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
folder="/var/lib/letsencrypt/.well-known"
From b339ca0fb9526b0ef4a96afb51b616adacce68f6 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Fri, 19 Jul 2019 14:38:24 +0200
Subject: [PATCH 064/116] display included and non included domain(s) before
the cert renew
---
inc/webadmin-letsencrypt.php | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index b33bf87..dce6864 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -90,8 +90,18 @@ if (isset($_POST['submit'])) {
break;
}
- $warningMessage = "Attention : le certificat existant couvre déjà certains domaines.
- Souhaitez-vous le renouveller ?";
+ $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) : ";
+
+ foreach ($domainsIncluded as $domainIncluded) {
+ $warningMessage .= $domainIncluded . " ";
+ }
+
+ $warningMessage .= "En confirmant le renouvellement, vous allez ajouter : ";
+
+ foreach ($domainsNotIncluded as $domainNotIncluded) {
+ $warningMessage .= $domainNotIncluded . " ";
+ }
+
break;
}
From 5cd4cff029ad02365be62a904074eadc6632a7d9 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Wed, 24 Jul 2019 16:25:16 +0200
Subject: [PATCH 065/116] remove matching letsencrypt folder when deleting an
account
---
scripts/web-add.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 933c214..876209a 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -765,6 +765,11 @@ op_del() {
sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
nginx -t
fi
+
+ if [ -d /etc/letsencrypt/"$login" ]; then
+ rm -r /etc/letsencrypt/"$login"
+ fi
+
set +x
if [ -n "$dbname" ]; then
From 3736f7ec328bd781d9ef9647a38bf219c20b03a2 Mon Sep 17 00:00:00 2001
From: Nicolas Roman
Date: Thu, 25 Jul 2019 11:37:57 +0200
Subject: [PATCH 066/116] display expiration date of cert and included domains
directly when clicking the letsencrypt link
---
inc/webadmin-letsencrypt.php | 158 ++++++++++++++++---------------
tpl/webadmin-letsencrypt.tpl.php | 42 +++++---
2 files changed, 109 insertions(+), 91 deletions(-)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index dce6864..b17959b 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -28,84 +28,12 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+$letsencrypt = new letsencryt();
+$errorMessage = '';
+$warningMessage = '';
+
if (isset($_POST['submit'])) {
- $letsencrypt = new letsencryt();
- $errorMessage = '';
- $warningMessage = '';
-
while (true) {
- // check domains list
- if (empty($_SESSION['letsencrypt-domains'])) {
- $errorMessage = "Erreur : la liste des domaines est vide.";
- break;
- }
-
- // check if evoacme is installed
- $binaries_installed = $letsencrypt->isEvoacmeInstalled();
- if (!$binaries_installed) {
- $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
- Veuillez contacter un administrateur.";
- break;
- }
-
- // Check existing SSL certificate
- $domainsIncluded = array();
- foreach ($_SESSION['letsencrypt-domains'] as $domain) {
- $existingSSLCertificate = $letsencrypt->getCertificate($domain);
- // if no certificate is present (false returned) for this domain, go to the next domain
- if (is_bool($existingSSLCertificate)) {
- continue;
- }
- $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
-
- // check if LE is the certificate issuer
- $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
- if (!$isIssuerValid) {
- $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
- break 2; // break the foreach and the while
- }
-
- // check if the domain is already in the certificate
- $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
- if ($isDomainIncluded) {
- array_push($domainsIncluded, $domain);
- continue; // break only the current foreach iteration
- }
-
- // check wether the certificate is valid or expired
- $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
- if (!$îsCertValid && !isset($_POST['force_renew'])) {
- $warningMessage = "Attention : le certificat existant n'est plus valide.
- Souhaitez-vous le renouveller ?";
- break 2;
- }
- }
-
- // contains all the domains included in the existing certificate
- if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
- $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
-
- if (empty($domainsNotIncluded)) {
- $errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
- break;
- }
-
- $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) : ";
-
- foreach ($domainsIncluded as $domainIncluded) {
- $warningMessage .= $domainIncluded . " ";
- }
-
- $warningMessage .= "En confirmant le renouvellement, vous allez ajouter : ";
-
- foreach ($domainsNotIncluded as $domainNotIncluded) {
- $warningMessage .= $domainNotIncluded . " ";
- }
-
-
- break;
- }
-
// check HTTP
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
@@ -154,6 +82,84 @@ if (isset($_POST['submit'])) {
break;
}
+} else {
+ $validUntil = '';
+
+ while(true) {
+ // check domains list
+ if (empty($_SESSION['letsencrypt-domains'])) {
+ $errorMessage = "Erreur : la liste des domaines est vide.";
+ break;
+ }
+
+ // check if evoacme is installed
+ $binaries_installed = $letsencrypt->isEvoacmeInstalled();
+ if (!$binaries_installed) {
+ $errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
+ Veuillez contacter un administrateur.";
+ break;
+ }
+
+ // Check existing SSL certificate
+ $domainsIncluded = array();
+ foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+ $existingSSLCertificate = $letsencrypt->getCertificate($domain);
+ // if no certificate is present (false returned) for this domain, go to the next domain
+ if (is_bool($existingSSLCertificate)) {
+ continue;
+ }
+ $parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
+
+ // check if LE is the certificate issuer
+ $isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
+ if (!$isIssuerValid) {
+ $errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
+ break 2; // break the foreach and the while
+ }
+
+ // check wether the certificate is valid or expired
+
+ $isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
+ if (!$isCertValid && !isset($_POST['force_renew'])) {
+ $warningMessage = "Attention : le certificat existant n'est plus valide.
+ Souhaitez-vous le renouveller ?";
+ break 2;
+ } else {
+ $validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
+ }
+
+ // check if the domain is already in the certificate
+ $isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
+ if ($isDomainIncluded) {
+ array_push($domainsIncluded, $domain);
+ continue; // break only the current foreach iteration
+ }
+ }
+
+ // contains all the domains included in the existing certificate
+ if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
+ $domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
+
+ if (empty($domainsNotIncluded)) {
+ $errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
+ break;
+ }
+
+ $warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " : ";
+
+ foreach ($domainsIncluded as $domainIncluded) {
+ $warningMessage .= $domainIncluded . " ";
+ }
+
+ $warningMessage .= "En confirmant le renouvellement, vous allez ajouter : ";
+
+ foreach ($domainsNotIncluded as $domainNotIncluded) {
+ $warningMessage .= $domainNotIncluded . " ";
+ }
+
+ break;
+ }
+ }
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
diff --git a/tpl/webadmin-letsencrypt.tpl.php b/tpl/webadmin-letsencrypt.tpl.php
index 641820e..266ae2d 100644
--- a/tpl/webadmin-letsencrypt.tpl.php
+++ b/tpl/webadmin-letsencrypt.tpl.php
@@ -2,6 +2,20 @@
' . $errorMessage . '';
+
+ if (count($failed_domains) > 0) {
+ echo '';
+ foreach ($failed_domains as $failed_domain) {
+ echo $failed_domain . " ";
+ }
+ echo '
';
+ }
+ } else {
+ echo "Votre certificat SSL a bien été installé !";
+ }
+} else {
if (!empty($errorMessage)) {
echo '' . $errorMessage . ' ';
@@ -17,25 +31,23 @@ if (isset($_POST['submit'])) {
Les domaines suivants seront intégrés au certificat : ";
- if (count($_SESSION['letsencrypt-domains']) > 0) {
- echo '';
- foreach ($_SESSION['letsencrypt-domains'] as $domain) {
- echo $domain . ' ';
+ echo "
Les domaines suivants seront intégrés au certificat :
";
+ if (count($_SESSION['letsencrypt-domains']) > 0) {
+ echo '';
+ foreach ($_SESSION['letsencrypt-domains'] as $domain) {
+ echo $domain . ' ';
+ }
+ echo '
';
+ ?>
+
+ ';
- ?>
-
-
Date: Wed, 21 Aug 2019 12:05:37 +0200
Subject: [PATCH 067/116] Fix IncludeOptional that can throw syntax errors in
some cases.
With Apache < 2.4.30, IncludeOptional will throw syntax errors if the
file designated without any pattern globbing is absent.
We circumvent that with a silly pattern.
---
scripts/vhost | 7 ++++---
scripts/web-add.sh | 3 +++
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/scripts/vhost b/scripts/vhost
index 970807f..d5b8f4a 100644
--- a/scripts/vhost
+++ b/scripts/vhost
@@ -8,8 +8,10 @@
DocumentRoot HOME_DIR/XXX/www/
# SSL
- IncludeOptional /etc/apache2/ssl/XXX.conf
-
+ # Apache < 2.4.30 (Jessie, Stretch) va générer une erreur si le fichier
+ # désigné sans regex n'existe pas. On contourne ça avec [f] à place de f
+ IncludeOptional /etc/apache2/ssl/XXX.con[f]
+
# Propriete du repertoire
#Options +Indexes +SymLinksIfOwnerMatch
@@ -67,4 +69,3 @@
#php_value default_charset ISO-8859-15
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"
-
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 876209a..811314d 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -438,6 +438,9 @@ EOT
random=$RANDOM
if [ "$WEB_SERVER" == "apache" ]; then
+ # On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
+ mkdir -p /etc/apache2/ssl
+
vhostfile="/etc/apache2/sites-available/${in_login}.conf"
sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
From 9523fff65810bf8e6f987076fcc47d7f392d2aa1 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 26 Aug 2019 11:20:44 +0200
Subject: [PATCH 068/116] Fix op_checkoccurencename() in web-add.sh
Ensure that we can add foo.net while having www.foo.net somewhere in out
config files
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 811314d..3d778d0 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
fi
done
- echo "$servernames" "$aliases" | grep -w "$name"
+ echo "$servernames" "$aliases" | grep -wE "\s$name"
else
usage
fi
From 6438732ea4712bc721457dd31d46beb69b0d2908 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Fri, 6 Sep 2019 16:26:14 +0200
Subject: [PATCH 069/116] Add missing break....
---
inc/webadmin-letsencrypt.php | 2 ++
1 file changed, 2 insertions(+)
diff --git a/inc/webadmin-letsencrypt.php b/inc/webadmin-letsencrypt.php
index b17959b..c3363fd 100644
--- a/inc/webadmin-letsencrypt.php
+++ b/inc/webadmin-letsencrypt.php
@@ -159,6 +159,8 @@ if (isset($_POST['submit'])) {
break;
}
+
+ break;
}
}
From 283d0bccad8a875d0c6120ae5cf0532d99c3180f Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Wed, 2 Oct 2019 17:40:01 +0200
Subject: [PATCH 070/116] Fix op_checkoccurencename() in web-add.sh (again)
I had it wrong in 9523fff65810bf8e6f987076fcc47d7f392d2aa1 :/
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3d778d0..e2b449c 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
fi
done
- echo "$servernames" "$aliases" | grep -wE "\s$name"
+ echo "$servernames" "$aliases" | grep -E "\b$name"
else
usage
fi
From 234ac67634701d0a6be0ccaaefa7f2cefa8400be Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 14 Oct 2019 10:21:05 +0200
Subject: [PATCH 071/116] Fix op_checkoccurencename() in web-add.sh (again)
I had it wrong (again) in 283d0bccad8a875d0c6120ae5cf0532d99c3180f :-(
https://www.youtube.com/watch?v=TMy6X5cQul8
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e2b449c..ac637a6 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -1075,7 +1075,7 @@ op_checkoccurencename() {
fi
done
- echo "$servernames" "$aliases" | grep -E "\b$name"
+ echo "$servernames" "$aliases" | grep -E "(^|\s)$name(\s|$)"
else
usage
fi
From e2acb4e9d1730bb1e3c4b32fd4a1c3755a49e76b Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Wed, 10 Feb 2021 15:21:04 +0100
Subject: [PATCH 072/116] web-add.sh - Add .conf at the config name for
a2ensite/a2dissite
Fixes #70
---
scripts/web-add.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ac637a6..cd8ca96 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -466,7 +466,7 @@ EOT
sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
fi
- a2ensite "$in_login" >/dev/null
+ a2ensite "${in_login}.conf" >/dev/null
step_ok "Configuration d'Apache"
@@ -741,7 +741,7 @@ op_del() {
fi
if [ "$WEB_SERVER" == "apache" ]; then
- a2dissite "$login"
+ a2dissite "${login}.conf"
rm /etc/apache2/sites-available/"$login.conf"
rm /etc/awstats/awstats."$login.conf"
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
@@ -1351,7 +1351,7 @@ op_checkvhosts() {
do
vhost_name=$(basename "$ln_path")
fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
- fix_ln="a2ensite $vhost_name"
+ fix_ln="a2ensite ${vhost_name}.conf"
if [[ -z "$apply" ]]; then
echo "Suggested fixes for $vhost_name:"
From 2906ba47f1827e49922329bad7d2cd6144dc6074 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 22 Feb 2021 16:12:21 +0100
Subject: [PATCH 073/116] Add (random) status path php
---
scripts/web-add.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cd8ca96..cbf7e0d 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -426,6 +426,8 @@ group = ${in_login}
listen = ${phpfpm_socket_path}
listen.owner = ${in_login}
listen.group = ${in_login}
+
+pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 10s
From 4f8b0b19fe896c6614f9f3bbbbfad494075543b0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 22 Feb 2021 16:22:31 +0100
Subject: [PATCH 074/116] generate longer password by default
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cbf7e0d..e86371b 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -187,7 +187,7 @@ EOT
}
gen_random_passwd() {
- apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
+ apg -c /dev/urandom -MNCL -n1 -m18 -E oOlL10
}
validate_login() {
From 7499f0222e93d5f0acfa7f0be6369cbd67a8ebe6 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Tue, 23 Feb 2021 11:07:29 +0100
Subject: [PATCH 075/116] Reorder lines in template fpm config for better
readability
---
scripts/web-add.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e86371b..5f51ec2 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -427,10 +427,11 @@ listen = ${phpfpm_socket_path}
listen.owner = ${in_login}
listen.group = ${in_login}
-pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
pm = ondemand
+pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
pm.max_children = 10
pm.process_idle_timeout = 10s
+
php_admin_value[error_log] = /home/${in_login}/log/php.log
EOT
step_ok "Création du pool FPM ${php_version}"
From 372b00101d7c98056c290ad229ef866dbf679ec8 Mon Sep 17 00:00:00 2001
From: Tristan PILAT
Date: Thu, 15 Apr 2021 11:11:55 +0200
Subject: [PATCH 076/116] web-add.sh script now handles php 7.4 containers
---
scripts/web-add.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5f51ec2..6150828 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -414,6 +414,8 @@ create_www_account() {
pool_path="/etc/php/7.0/fpm/pool.d/"
elif [ "$php_version" = "73" ]; then
pool_path="/etc/php/7.3/fpm/pool.d/"
+ elif [ "$php_version" = "74" ]; then
+ pool_path="/etc/php/7.4/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
@@ -581,6 +583,9 @@ EOT
elif [ "$php_version" = "73" ]; then
initscript_path="/etc/init.d/php7.3-fpm"
binary="php-fpm7.3"
+ elif [ "$php_version" = "74" ]; then
+ initscript_path="/etc/init.d/php7.4-fpm"
+ binary="php-fpm7.4"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
@@ -756,6 +761,9 @@ op_del() {
elif [ "$php_version" = "73" ]; then
phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
initscript_path="/etc/init.d/php7.3-fpm"
+ elif [ "$php_version" = "74" ]; then
+ phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
+ initscript_path="/etc/init.d/php7.4-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
From ae304980302dfb1c3b55b367343f17a6eb4b15d6 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Wed, 28 Apr 2021 16:21:29 +0200
Subject: [PATCH 077/116] set a uid for the user at login for ftp filtering
---
inc/auth.php | 1 +
1 file changed, 1 insertion(+)
diff --git a/inc/auth.php b/inc/auth.php
index 4f709d9..4e55b2d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -20,6 +20,7 @@ if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
if (hash("sha256",$password) == $conf['logins'][$username]) {
$_SESSION['auth']=1;
$_SESSION['user']=$username;
+ $_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534;
$_SESSION['error']='';
} else {
$_SESSION['auth']=0;
From e3dc97d6d4b2e262cd046d83790268799842645f Mon Sep 17 00:00:00 2001
From: Brice Waegeneire
Date: Wed, 22 Sep 2021 10:31:49 +0200
Subject: [PATCH 078/116] delete users even though it has some processes
running
---
scripts/web-add-nginx.sh | 2 +-
scripts/web-add.sh | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/web-add-nginx.sh b/scripts/web-add-nginx.sh
index 21e1972..a89f3e3 100755
--- a/scripts/web-add-nginx.sh
+++ b/scripts/web-add-nginx.sh
@@ -388,7 +388,7 @@ op_del() {
set -x
deluser www-data $login
- userdel $login
+ userdel -f $login
groupdel $login
sed -i.bak "/^$login:/d" /etc/aliases
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 6150828..a4461b4 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -725,9 +725,9 @@ op_del() {
set -x
if [ "$WEB_SERVER" == "apache" ]; then
- userdel www-"$login"
+ userdel -f www-"$login"
fi
- userdel "$login"
+ userdel -f "$login"
for php_version in "${PHP_VERSIONS[@]}"; do
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
lxc-attach -n php"${php_version}" -- userdel -f "$login"
From 360929ee96b68022ee44529e64522b2b5eb79c89 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire
Date: Tue, 5 Oct 2021 10:06:14 +0200
Subject: [PATCH 079/116] web-add.sh script now handles php 8.0 containers
---
scripts/web-add.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index a4461b4..7370546 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -764,6 +764,9 @@ op_del() {
elif [ "$php_version" = "74" ]; then
phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
initscript_path="/etc/init.d/php7.4-fpm"
+ elif [ "$php_version" = "80" ]; then
+ phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
+ initscript_path="/etc/init.d/php8.0-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
From 0709747a1ebd61c6d101167831774571b25cdd68 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire
Date: Tue, 5 Oct 2021 10:13:12 +0200
Subject: [PATCH 080/116] web-add.sh script now handles php 8.0 containers
---
scripts/web-add.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 7370546..e71da64 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -416,6 +416,8 @@ create_www_account() {
pool_path="/etc/php/7.3/fpm/pool.d/"
elif [ "$php_version" = "74" ]; then
pool_path="/etc/php/7.4/fpm/pool.d/"
+ elif [ "$php_version" = "80" ]; then
+ pool_path="/etc/php/8.0/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
@@ -586,6 +588,9 @@ EOT
elif [ "$php_version" = "74" ]; then
initscript_path="/etc/init.d/php7.4-fpm"
binary="php-fpm7.4"
+ elif [ "$php_version" = "80" ]; then
+ initscript_path="/etc/init.d/php8.0-fpm"
+ binary="php-fpm8.0"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
From 5cd6a6f0463b153c2e190bceca3ab5de61df9b62 Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)"
Date: Thu, 2 Dec 2021 10:16:12 +0100
Subject: [PATCH 081/116] Test if user www-login exists before deleting (else,
the deletion fails)
---
scripts/web-add.sh | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e71da64..5647f71 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -730,11 +730,15 @@ op_del() {
set -x
if [ "$WEB_SERVER" == "apache" ]; then
- userdel -f www-"$login"
+ if id www-"$login" &> /dev/null; then
+ userdel -f www-"$login"
+ fi
fi
userdel -f "$login"
for php_version in "${PHP_VERSIONS[@]}"; do
- lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+ if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
+ lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+ fi
lxc-attach -n php"${php_version}" -- userdel -f "$login"
done
sed -i.bak "/^$login:/d" /etc/aliases
From d6c39be117defbe549bc4a3fd28eeb92531e27be Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)"
Date: Thu, 23 Dec 2021 15:51:55 +0100
Subject: [PATCH 082/116] =?UTF-8?q?#62716=20:=20Corrections=20et=20am?=
=?UTF-8?q?=C3=A9liorations=20ftpadmin.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
scripts/ftpadmin.sh | 42 ++++++++++++++++++++++--------------------
1 file changed, 22 insertions(+), 20 deletions(-)
diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index 064a00f..bc71876 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -59,30 +59,32 @@ log_msg() {
get_user_login_by_UID() {
uid=$1
- grep "$uid" /etc/passwd | awk -F : "{if (\$3==$uid) print \$1}"
+ grep "$uid" /etc/passwd | awk -F : '{if ($3==$uid) print $1}'
}
list_accounts_by_UID() {
- uid=$1
+ uid=$1
+
+ # Remove # and empty lines
+ ftp_users=$(grep -v -E '^[[:blank:]]*(#.*)*$' "$VPASSWD_PATH")
- while IFS=$'\n' read -r line;
- do
- line_uid="$(echo "$line" | cut -d":" -f3)"
-
- if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
- username="$(get_user_login_by_UID "$line_uid")"
- account="$(echo "$line" | cut -d":" -f1)"
- path="$(echo "$line" | cut -d":" -f6)"
- size="$(du -s "$path" | cut -f 1)"
- #modif="$(cat $path/.lastmodified)"
- # Passage en minuscule ?
- #account="$(echo $account | tr '[A-Z]' '[a-z]')"
- #path="$(echo $path | tr '[A-Z]' '[a-z]')"
-
- echo "$username:$account:$path:$size${modif:+:$modif}"
-
- fi
- done < "$VPASSWD_PATH"
+ for line in $ftp_users; do
+ line_uid="$(echo "$line" | cut -d":" -f3)"
+
+ if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
+ username=$(get_user_login_by_UID "$line_uid")
+ account=$(echo "$line" | cut -d":" -f1)
+ path=$(echo "$line" | cut -d":" -f6)
+ size="inconnue"
+ # Check output of daily "du" cron job
+ # (set by ansible-roles/packweb-apache/tasks/main.yml)
+ if [ -r "$path/.size" ]; then
+ size=$(cat "$path/.size")
+ fi
+ #modif="$(cat $path/.lastmodified)"
+ echo "$username:$account:$path:$size${modif:+:$modif}"
+ fi
+ done
}
add_account() {
From ef5bbbeba75f46903e2e69402983c556d2f9bffb Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Thu, 17 Feb 2022 10:40:00 +0100
Subject: [PATCH 083/116] Fix behaviour when there is only one php version
closes #74
---
inc/accounts.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/inc/accounts.php b/inc/accounts.php
index d84da98..95980ab 100644
--- a/inc/accounts.php
+++ b/inc/accounts.php
@@ -53,7 +53,7 @@ function web_add($form, $admin_mail) {
}
}
- if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
+ if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
}
@@ -347,7 +347,7 @@ if ($conf['bindadmin']) {
$form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX ?", FALSE));
}
-if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
+if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
}
From f2f115608aff56e03236114f79e3d7de2a8eda21 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Thu, 17 Feb 2022 11:12:55 +0100
Subject: [PATCH 084/116] Dump & remove user crontab on account deletion
closes #37
---
scripts/web-add.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5647f71..2023000 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -729,6 +729,10 @@ op_del() {
fi
set -x
+ # Crontab dump needs to be done **before** user deletion
+ crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
+ crontab -r -u "$login"
+
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
userdel -f www-"$login"
From d63046b22700ebf6b6383852175592e9a8ec3959 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire
Date: Tue, 22 Feb 2022 15:16:22 +0100
Subject: [PATCH 085/116] Add support for php8.1
---
scripts/web-add.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2023000..9eb47ea 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -418,6 +418,8 @@ create_www_account() {
pool_path="/etc/php/7.4/fpm/pool.d/"
elif [ "$php_version" = "80" ]; then
pool_path="/etc/php/8.0/fpm/pool.d/"
+ elif [ "$php_version" = "81" ]; then
+ pool_path="/etc/php/8.1/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
@@ -591,6 +593,9 @@ EOT
elif [ "$php_version" = "80" ]; then
initscript_path="/etc/init.d/php8.0-fpm"
binary="php-fpm8.0"
+ elif [ "$php_version" = "81" ]; then
+ initscript_path="/etc/init.d/php8.1-fpm"
+ binary="php-fpm8.1"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
@@ -780,6 +785,9 @@ op_del() {
elif [ "$php_version" = "80" ]; then
phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
initscript_path="/etc/init.d/php8.0-fpm"
+ elif [ "$php_version" = "81" ]; then
+ phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
+ initscript_path="/etc/init.d/php8.1-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
From 93629b51fb07694469f468981e3545b9a898b03e Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)"
Date: Wed, 11 May 2022 14:39:00 +0200
Subject: [PATCH 086/116] Fix bug introduced in f2f115608a (op del fails when
user has no crontab)
---
scripts/web-add.sh | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9eb47ea..1e1ea00 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -735,8 +735,10 @@ op_del() {
set -x
# Crontab dump needs to be done **before** user deletion
- crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
- crontab -r -u "$login"
+ if crontab -l -u "$login"; then
+ crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
+ crontab -r -u "$login"
+ fi
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
From 96ffc58cc4f083b9355384b1a0c0ec4938c264e5 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Fri, 1 Jul 2022 16:13:49 +0200
Subject: [PATCH 087/116] Clear some warnings about undefined vars
---
evolibs/Form.php | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/evolibs/Form.php b/evolibs/Form.php
index 772c572..74aea53 100644
--- a/evolibs/Form.php
+++ b/evolibs/Form.php
@@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField {
class DomainInputFormField extends FormField {
protected $mandatory = NULL;
- protected $textsize = NULL;
+ //protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
parent::__construct($label);
$this->mandatory = $mandatory;
$this->hidden = $hidden;
- $this->textsize = $textsize;
+ //$this->textsize = $textsize;
}
public function verify($set_error) {
@@ -491,7 +491,7 @@ class DomainInputFormField extends FormField {
else
$input .= ' name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
- $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
+ //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
@@ -516,12 +516,12 @@ class DomainInputFormField extends FormField {
class DomainListInputFormField extends FormField {
protected $mandatory = NULL;
- protected $textsize = NULL;
+ //protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE) {
parent::__construct($label);
$this->mandatory = $mandatory;
- $this->textsize = $textsize;
+ //$this->textsize = $textsize;
}
public function verify($set_error) {
@@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField {
$input = '';
$input .= ' name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
- $input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
+ //$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
From 143af653572e3aefa52ff248d02b657209a07849 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 4 Jul 2022 14:34:41 +0200
Subject: [PATCH 088/116] Hotfix for web interface to behave correctly
---
conf/config.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/config.php b/conf/config.php
index 146f86d..19e17c5 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -28,7 +28,7 @@ $oriconf['known_host'] = '/home/evoadmin/www/known_host';
$oriconf['ftpadmin'] = FALSE;
$oriconf['bindadmin'] = FALSE;
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
-$oriconf['php_versions'] = array();
+// $oriconf['php_versions'] = array();
$oriconf['quota'] = FALSE;
$oriconf['dbadmin'] = FALSE;
From d746aa445ee8ccedb40b610b5b70a8b7947c6d40 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Tue, 5 Jul 2022 11:25:37 +0200
Subject: [PATCH 089/116] Change in the login mechanism
Now use passwords hashed & salted. Validate with PHP's password_verify() function
Password hashes can be generated with :
* mkpasswd --method=sha-512
* PHP's password_hash()
---
conf/config.php | 27 ++++++++++-----------
inc/auth.php | 62 +++++++++++++++++++++++------------------------
tpl/auth.tpl.php | 63 +++++++++++++++++++++++++-----------------------
3 files changed, 77 insertions(+), 75 deletions(-)
diff --git a/conf/config.php b/conf/config.php
index 19e17c5..7366627 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -8,36 +8,35 @@
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
- * @author Gregory Colpart
- * @author Thomas Martin
- * @author Sebastien Palma
+ * @author Gregory Colpart
+ * @author Thomas Martin
+ * @author Sebastien Palma
* @version 1.0
*/
-// Email pour les notifications
$oriconf['admin']['mail'] = 'admin@example.com';
$oriconf['techmail'] = 'jdoe@example.com';
-$oriconf['debug'] = FALSE;
+$oriconf['debug'] = false;
$oriconf['superadmin'] = array('superadmin');
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
-$oriconf['cluster'] = FALSE;
+$oriconf['cluster'] = false;
$oriconf['servers'] = array('servers');
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
-$oriconf['ftpadmin'] = FALSE;
-$oriconf['bindadmin'] = FALSE;
-// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
+$oriconf['ftpadmin'] = false;
+$oriconf['bindadmin'] = false;
+// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
// $oriconf['php_versions'] = array();
-$oriconf['quota'] = FALSE;
-$oriconf['dbadmin'] = FALSE;
+$oriconf['quota'] = false;
+$oriconf['dbadmin'] = false;
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
-// auth (sha256 hashs)
+// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
$oriconf['logins'] = array();
-//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
-//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
+//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
+//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';
diff --git a/inc/auth.php b/inc/auth.php
index 4e55b2d..51ee5a4 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -1,44 +1,44 @@
- * @author Thomas Martin
- * @author Sebastien Palma
+ * @author Evolix
+ * @author Gregory Colpart
+ * @author Thomas Martin
+ * @author Sebastien Palma
+ * @author and others.
* @version 1.0
*/
-if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
- $username=$_POST['login'];
- $password=$_POST['passw'];
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
+ $input_username = $_POST['login'];
+ $input_password = $_POST['passw'];
- if (hash("sha256",$password) == $conf['logins'][$username]) {
- $_SESSION['auth']=1;
- $_SESSION['user']=$username;
- $_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534;
- $_SESSION['error']='';
- } else {
- $_SESSION['auth']=0;
- $_SESSION['user']='';
- $_SESSION['error']=1;
- }
- http_redirect('/');
+ if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
+ $_SESSION['auth'] = true;
+ $_SESSION['user'] = $input_username;
+ $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+ unset($_SESSION['error']);
+
+ } else {
+ $_SESSION['auth'] = false;
+ $_SESSION['user'] = '';
+ $_SESSION['error'] = true;
+ }
+
+ http_redirect('/');
} else {
-if(!empty($_SESSION['error'])) {
- $error=$_SESSION['error'];
-}
-
- include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
- include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+ if (!empty($_SESSION['error'])) {
+ $error = $_SESSION['error'];
+ unset($_SESSION['error']);
+ }
+
+ include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
+ include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
-
-?>
diff --git a/tpl/auth.tpl.php b/tpl/auth.tpl.php
index dceb185..76c27c1 100644
--- a/tpl/auth.tpl.php
+++ b/tpl/auth.tpl.php
@@ -1,43 +1,46 @@
- * @author Thomas Martin
- * @author Sebastien Palma
+ * @author Evolix
+ * @author Gregory Colpart
+ * @author Thomas Martin
+ * @author Sebastien Palma
+ * @author and others.
* @version 1.0
*/
?>
-
+Evoadmin : Connexion
+
From 66ceacd918dbaddb2936f2cfadce96eaa9c5e062 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Thu, 7 Jul 2022 11:22:47 +0200
Subject: [PATCH 090/116] Make the change on the login mechanism compatible
with old configurations
---
inc/auth.php | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/inc/auth.php b/inc/auth.php
index 51ee5a4..791bca1 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -16,7 +16,14 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$input_username = $_POST['login'];
$input_password = $_POST['passw'];
- if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
+ if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
+ $_SESSION['auth'] = true;
+ $_SESSION['user'] = $input_username;
+ $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+ unset($_SESSION['error']);
+
+ } elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
+ // Compatibility mode for previous installs (sha256)
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
From fb78d2a9ed52f3ccb7580872567379f141b10f84 Mon Sep 17 00:00:00 2001
From: David Prevot
Date: Tue, 19 Jul 2022 14:18:04 +0200
Subject: [PATCH 091/116] web-add generate-ssl-certificate: FALSE option should
match documented case
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 1e1ea00..ac452d7 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -944,7 +944,7 @@ op_generatesslcertificate() {
vhost="$1"
test_mode="$2"
- if [ "$test_mode" = "false" ]; then
+ if [ "$test_mode" = "FALSE" ]; then
if [ -L /etc/letsencrypt/$vhost/live ]; then
rm /etc/letsencrypt/$vhost/live
fi
From 2301b0cba5bf8db3d47a3cdef2e276f51589a0ea Mon Sep 17 00:00:00 2001
From: David Prevot
Date: Tue, 19 Jul 2022 14:24:33 +0200
Subject: [PATCH 092/116] web-add generate-ssl-certificate: improve FALSE
option documentation
---
scripts/web-add.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ac452d7..db39499 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -166,10 +166,10 @@ generate-csr LOGIN DOMAINS
Generate the request for the Let's Encrypt certificate
-generate-ssl-certificate LOGIN [TRUE | FALSE]
+generate-ssl-certificate LOGIN [FALSE]
Generate the Let's Encrypt certificate
- Run in TEST mode if TRUE
+ Run in TEST mode unless FALSE
EOT
}
From e257ee242b5c9219c9eac42c26d1b77018ed11df Mon Sep 17 00:00:00 2001
From: David Prevot
Date: Tue, 19 Jul 2022 16:39:17 +0200
Subject: [PATCH 093/116] web-add generate-ssl-certificate: false option should
be documented as is
As fb78d2a9ed, but the other way around: update only the documentation
instead of the code, so that existing use does not change.
---
scripts/web-add.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index db39499..3ba2c67 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -166,10 +166,10 @@ generate-csr LOGIN DOMAINS
Generate the request for the Let's Encrypt certificate
-generate-ssl-certificate LOGIN [FALSE]
+generate-ssl-certificate LOGIN [false]
Generate the Let's Encrypt certificate
- Run in TEST mode unless FALSE
+ Run in TEST mode unless "false" is used
EOT
}
@@ -944,7 +944,7 @@ op_generatesslcertificate() {
vhost="$1"
test_mode="$2"
- if [ "$test_mode" = "FALSE" ]; then
+ if [ "$test_mode" = "false" ]; then
if [ -L /etc/letsencrypt/$vhost/live ]; then
rm /etc/letsencrypt/$vhost/live
fi
From 9913579bb08f053cedbdaf3476bce0ac17e76e82 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Mon, 31 Oct 2022 14:40:19 +0100
Subject: [PATCH 094/116] Fix drop database when contains dash
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 3ba2c67..503abcb 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -814,7 +814,7 @@ op_del() {
if [ -n "$dbname" ]; then
set -x
- echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+ echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user=\`$login\`; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
set +x
fi
}
From 67d0c45d79e63dc34f23edda08ac0aff620c8b0f Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Tue, 8 Nov 2022 17:30:05 +0100
Subject: [PATCH 095/116] Fix bug introduced in 9913579bb0 (MariaDB does not
support backtics in where clause).
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 503abcb..2d413de 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -814,7 +814,7 @@ op_del() {
if [ -n "$dbname" ]; then
set -x
- echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user=\`$login\`; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+ echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user='$login'; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
set +x
fi
}
From f65dd98bb10434a4cdebb69ab620deb921f951e5 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Thu, 7 Jul 2022 11:57:03 +0200
Subject: [PATCH 096/116] Web-add.sh: Add a version number (+ command to fetch
it)
---
scripts/web-add.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2d413de..832dacc 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -14,6 +14,7 @@
set -e
+VERSION="22.07"
HOME="/root"
CONTACT_MAIL="jdoe@example.org"
WWWBOUNCE_MAIL="jdoe@example.org"
@@ -58,6 +59,7 @@ config_file="/etc/evolinux/web-add.conf"
usage() {
cat <&2
+Evoadmin web tooling - Version $VERSION
Usage: $0 COMMAND [ARG]
add [ [OPTIONS] LOGIN WWWDOMAIN ]
@@ -171,6 +173,10 @@ generate-ssl-certificate LOGIN [false]
Generate the Let's Encrypt certificate
Run in TEST mode unless "false" is used
+version
+
+ Obtain the script version
+
EOT
}
@@ -914,6 +920,9 @@ arg_processing() {
generate-ssl-certificate)
op_generatesslcertificate "$@"
;;
+ version)
+ op_version "$@"
+ ;;
*)
usage
;;
@@ -1402,5 +1411,10 @@ op_checkvhosts() {
done
}
+# Return web-add.sh version
+op_version(){
+ echo "$VERSION"
+}
+
# Point d'entrée
arg_processing "$@"
From ebb4f1c20ca289f375cd4631b9cfe225fc8097d4 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 21 Nov 2022 17:15:47 +0100
Subject: [PATCH 097/116] ftpadmin.sh - Correction regression listing des
comptes introduite par d6c39be117defbe549bc4a3fd28eeb92531e27be
---
scripts/ftpadmin.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index bc71876..612bd49 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -59,7 +59,7 @@ log_msg() {
get_user_login_by_UID() {
uid=$1
- grep "$uid" /etc/passwd | awk -F : '{if ($3==$uid) print $1}'
+ grep "$uid" /etc/passwd | awk -F : "{if (\$3==$uid) print \$1}"
}
list_accounts_by_UID() {
From 68799f7e5f03d8ca4fc8f0c67e50e5838ddfb1a8 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 21 Nov 2022 17:25:19 +0100
Subject: [PATCH 098/116] Correction bug suppression compte
---
scripts/ftpadmin.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/ftpadmin.sh b/scripts/ftpadmin.sh
index 612bd49..e99888c 100755
--- a/scripts/ftpadmin.sh
+++ b/scripts/ftpadmin.sh
@@ -121,7 +121,7 @@ delete_account() {
account_name=$1
- ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --uid=9999 --gid=9999 --home=/dev/null --shell=/dev/null --delete-user
+ ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --delete-user
log_msg "Suppression du compte $account_name"
}
From ad68e298dd144c193689497ad66baed69b573d49 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Fri, 9 Dec 2022 15:30:11 +0100
Subject: [PATCH 099/116] =?UTF-8?q?V=C3=A9rCheck=20chars=20[:/]=20are=20no?=
=?UTF-8?q?t=20in=20the=20domain=20name=20(in=20case=20of=20confusion=20wi?=
=?UTF-8?q?th=20URL)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
scripts/web-add.sh | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 832dacc..443fecc 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -236,6 +236,15 @@ validate_wwwdomain() {
in_error "Le nom de domaine est obligatoire"
return 1
fi
+ case "$wwwdomain" in
+ *'/'*)
+ in_error "Le caractère / n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+ return 1;;
+ *':'*)
+ in_error "Le caractère : n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
+ return 1;;
+ esac
+
return 0
}
From 77f5076c88037b6d35480d5d42b1219778f31bb0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Wed, 15 Feb 2023 11:35:21 +0100
Subject: [PATCH 100/116] Move common.php outside of the DocumentRoot
---
htdocs/index.php | 2 +-
{htdocs => inc}/common.php | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 2 deletions(-)
rename {htdocs => inc}/common.php (90%)
diff --git a/htdocs/index.php b/htdocs/index.php
index 5e90a4e..71681f7 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8');
/**
* Requires
*/
-require_once EVOADMIN_BASE . 'common.php';
+require_once EVOADMIN_BASE . '../inc/common.php';
$uri = $_SERVER['REQUEST_URI'];
diff --git a/htdocs/common.php b/inc/common.php
similarity index 90%
rename from htdocs/common.php
rename to inc/common.php
index 7ae18b9..129ae90 100644
--- a/htdocs/common.php
+++ b/inc/common.php
@@ -1,5 +1,4 @@
1;
}
+/**
+ * Webadd
+ *
+ * @return boolean - True when it's a multi PHP system
+ */
+function run_webadd_cmd($command) {
+ global $conf;
+
+ $cmd = 'web-add.sh '. $command;
+
+ $data_output = null;
+ $exec_return = null;
+ sudoexec($cmd, $data_output, $exec_return);
+
+
+ return $data_output;
+}
+
+
/**
* Includes
*/
From 66c159a6251c5c06525709ca2db90142754a52dc Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Wed, 15 Feb 2023 11:36:25 +0100
Subject: [PATCH 101/116] Display the web-add.sh version
---
inc/auth.php | 2 ++
tpl/header.tpl.php | 6 +++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/inc/auth.php b/inc/auth.php
index 791bca1..c92dbc6 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -20,6 +20,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+ $_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
@@ -27,6 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+ $_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} else {
diff --git a/tpl/header.tpl.php b/tpl/header.tpl.php
index 85a81f7..e1e6fab 100644
--- a/tpl/header.tpl.php
+++ b/tpl/header.tpl.php
@@ -21,7 +21,7 @@
-EvoAdmin - Powered by Evolix
+Evoadmin-web - Powered by Evolix
@@ -31,10 +31,10 @@
-
EvoAdmin
+ Evoadmin-web
Date: Wed, 15 Feb 2023 12:04:59 +0100
Subject: [PATCH 102/116] Account deletion > Use mysql "DROP USER"
Instead of messing directly with mysql internal tables
Closes #78
---
scripts/web-add.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 443fecc..cb6ccea 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -829,7 +829,7 @@ op_del() {
if [ -n "$dbname" ]; then
set -x
- echo "DROP DATABASE \`$dbname\`; delete from mysql.user where user='$login'; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
+ echo "DROP DATABASE \`$dbname\`; DROP USER \`$login\`@localhost; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
set +x
fi
}
From 63dfa3af99e3bbaa728c362c9d3bf3a8cff29a01 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 20 Feb 2023 10:34:41 +0100
Subject: [PATCH 103/116] web-add.sh > Correct deletion order
Closes #76
---
scripts/web-add.sh | 72 +++++++++++++++++++++++++---------------------
1 file changed, 39 insertions(+), 33 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index cb6ccea..36439f0 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -748,6 +748,7 @@ op_del() {
fi
fi
+
set -x
# Crontab dump needs to be done **before** user deletion
if crontab -l -u "$login"; then
@@ -755,40 +756,13 @@ op_del() {
crontab -r -u "$login"
fi
- if [ "$WEB_SERVER" == "apache" ]; then
- if id www-"$login" &> /dev/null; then
- userdel -f www-"$login"
- fi
- fi
- userdel -f "$login"
- for php_version in "${PHP_VERSIONS[@]}"; do
- if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
- lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
- fi
- lxc-attach -n php"${php_version}" -- userdel -f "$login"
- done
- sed -i.bak "/^$login:/d" /etc/aliases
- if [ "$WEB_SERVER" == "apache" ]; then
- sed -i.bak "/^www-$login:/d" /etc/aliases
- fi
-
- if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
- sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
- /etc/init.d/ssh reload
- fi
-
- if [ -d "$HOME_DIR/$login" ]; then
- mv -i $HOME_DIR/"$login" $HOME_DIR/"$login"."$(date '+%Y%m%d-%H%M%S')".bak
- else
- echo "warning : $HOME_DIR/$login does not exist"
- fi
-
+ # Deactivate web vhost (apache or nginx)
if [ "$WEB_SERVER" == "apache" ]; then
a2dissite "${login}.conf"
rm /etc/apache2/sites-available/"$login.conf"
- rm /etc/awstats/awstats."$login.conf"
- sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
+
apache2ctl configtest
+
for php_version in "${PHP_VERSIONS[@]}"; do
if [ "$php_version" = "70" ]; then
phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
@@ -812,15 +786,47 @@ op_del() {
rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
done
- elif [ "$WEB_SERVER" == "nginx" ]; then
+ elif [ "$WEB_SERVER" == "nginx" ]; then
rm /etc/nginx/sites-{available,enabled}/"$login"
- rm /etc/awstats/awstats."$login.conf"
rm /etc/munin/plugins/phpfpm_"${in_login}"*
- sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
nginx -t
fi
+ rm /etc/awstats/awstats."$login.conf"
+ sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
+
+ if [ "$WEB_SERVER" == "apache" ]; then
+ if id www-"$login" &> /dev/null; then
+ userdel -f www-"$login"
+ fi
+
+ for php_version in "${PHP_VERSIONS[@]}"; do
+ if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
+ lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+ fi
+ lxc-attach -n php"${php_version}" -- userdel -f "$login"
+ done
+ fi
+
+ userdel -f "$login"
+
+ sed -i.bak "/^$login:/d" /etc/aliases
+ if [ "$WEB_SERVER" == "apache" ]; then
+ sed -i.bak "/^www-$login:/d" /etc/aliases
+ fi
+
+ if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
+ sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
+ /etc/init.d/ssh reload
+ fi
+
+ if [ -d "$HOME_DIR/$login" ]; then
+ mv -i $HOME_DIR/"$login" $HOME_DIR/"$login"."$(date '+%Y%m%d-%H%M%S')".bak
+ else
+ echo "warning : $HOME_DIR/$login does not exist"
+ fi
+
if [ -d /etc/letsencrypt/"$login" ]; then
rm -r /etc/letsencrypt/"$login"
fi
From fbc48755b0b75eb8163b698f73e16184ec8c9a4d Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 20 Feb 2023 10:44:43 +0100
Subject: [PATCH 104/116] Introducing a changelog (filled with 2023 changes)
---
CHANGELOG.md | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..5fade96
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,28 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
+
+This project does not follow semantic versioning.
+The **major** part of the version is the year
+The **minor** part changes is the month
+The **patch** part changes is incremented if multiple releases happen the same month
+
+## [Unreleased]
+
+### Added
+
+* web : Display web-add.sh version
+
+### Changed
+
+### Fixed
+
+* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
+* web-add.sh : Correcting deletion order to avoid dependency issues - #76
+
+### Removed
+
+### Security
+
+
From d2365e133b202cf9dc8032c38461f22358ca43b0 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 20 Feb 2023 11:19:08 +0100
Subject: [PATCH 105/116] Big update of projet reame
Translated to english, changed contribution guidelines (same as ansible-roles)
Removed old TODO/INSTALL file
---
CHANGELOG.md | 2 +
INSTALL | 1 -
README.md | 250 ++++++--------------------------------------------
README.old.md | 180 ++++++++++++++++++++++++++++++++++++
TODO | 7 --
5 files changed, 210 insertions(+), 230 deletions(-)
delete mode 100644 INSTALL
create mode 100644 README.old.md
delete mode 100644 TODO
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5fade96..0f26c16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Changed
+* Readme.md : Translated to english. New contribution guidelines and misc information
+
### Fixed
* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
diff --git a/INSTALL b/INSTALL
deleted file mode 100644
index 92bba47..0000000
--- a/INSTALL
+++ /dev/null
@@ -1 +0,0 @@
-* Ajouter les autorisations sudo nécessaires
diff --git a/README.md b/README.md
index c6e9303..a96e0be 100644
--- a/README.md
+++ b/README.md
@@ -1,242 +1,48 @@
-# evoadmin-web
+# Evoadmin-web
-Panel d'administration de serveur web et scripts shell.
+Web interface and management scripts for web hosting
Project leader : ?
-## Versions
+## Versions & Branches
- * Stable Wheezy → git checkout wheezy
- * Stable Jessie → git checkout jessie
- * Stretch → master
+The `master` branch is ready for production.
+It's compatible with the current Debian version (and few previous ones)
+
+Code for older Debian releases (Wheezy, Jessie) is archived on separate branches.
+
+The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet.
+
+### Versions
+
+* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version)
+* Debian Jessie → use branch `jessie` (old, archive branch)
+* Debian Wheezy → use branch `wheezy` (old, archive branch)
## Installation
-Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts.
+Installation should be done with Ansible.
+The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration.
+It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw
-### Manuelle
+### Manually
TODO
+## Contributing
-### Activation du mode Multi PHP avec des conteneurs LXC
+Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".
-Installer les paquets nécessaires :
+Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change.
-~~~
-# apt install lxc debootstrap
-~~~
+All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit.
-Modifier la configuration de LXC :
+# Workflow
-~~~
-# cat /etc/lxc/default.conf
+The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`.
-# Set the default network virtualization method.
-lxc.network.type = none
+Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`.
-# Mount /home into containers.
-lxc.mount.entry = /home home none bind 0 0
+Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting.
-# Only one tty is enough.
-# This require that you disabled others tty ([2-6]) in systemd.
-lxc.tty = 1
-
-# Run 64bits containers
-lxc.arch = x86_64
-
-# Start containers on boot by default
-lxc.start.auto = 1
-~~~
-
-Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
-
-#### PHP 5.6
-
-On installe un conteneur Debian Jessie :
-
-~~~
-# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
-~~~
-
-Puis on installe les paquets PHP 5.6 dans ce conteneur :
-
-~~~
-# lxc-start -n php56
-# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
-~~~
-
-#### PHP 7.0
-
-On installe un conteneur Debian Stretch :
-
-~~~
-# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
-~~~
-
-Puis on installe les paquets PHP 7.0 dans ce conteneur :
-
-~~~
-# lxc-start -n php70
-# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
-~~~
-
-#### PHP 7.3
-
-On installe un conteneur Debian Stretch :
-
-~~~
-# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
-~~~
-
-Puis on installe les paquets PHP 7.3 dans ce conteneur :
-
-~~~
-# lxc-start -n php73
-# lxc-attach -n php73
-
-# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
-# curl https://packages.sury.org/php/apt.gpg | apt-key add
-# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
-# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
-~~~
-
-#### Pour toutes les versions de PHP
-
-Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
-
-> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
->
-> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
->
-> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
-
-~~~
-[PHP]
-short_open_tag = Off
-expose_php = Off
-display_errors = Off
-log_errors = On
-html_errors = Off
-allow_url_fopen = Off
-disable_functions = exec,shell-exec,system,passthru,putenv,popen
-~~~
-
-Après cela, il faut redémarrer FPM
-
-~~~
-# lxc-attach -n php56 /etc/init.d/php5-fpm restart
-# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
-# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
-~~~
-
-Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
-
-~~~
-# cat /etc/evolinux/web-add.conf
-#(...)
-PHP_VERSIONS=(56 70 73)
-#(...)
-~~~
-
-~~~
-# cat /home/evoadmin/www/conf/config.local.php
-// (...)
-$localconf['php_versions'] = array(70, 73);
-// (...)
-~~~
-
-#### Apache
-
-Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
-
-~~~
-# a2enmod proxy_fcgi
-# systemctl restart apache2.service
-~~~
-
-Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
-
-~~~
-# chmod 755 /var/lib/lxc/php56/rootfs
-# chmod 755 /var/lib/lxc/php70/rootfs
-# chmod 755 /var/lib/lxc/php73/rootfs
-~~~
-
-#### Email
-
-Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
-
-Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
-
-~~~
-127.0.0.1 php70
-~~~
-
-~~~
-# apt install ssmtp
-~~~
-
-Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
-
-~~~
-root=postmaster
-mailhub=127.0.0.1
-hostname=example.com
-FromLineOverride=YES
-~~~
-
-#### PHP-CLI
-
-
-~~~
-$ cat /usr/local/bin/exec73
-#!/bin/bash
-
-php_cmd=$(printf "/usr/bin/php %q" "$@" )
-lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
-~~~
-
-Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
-
-
-
-## Méthodes de collaboration
-
-Lire le fichier GUIDELINES.
-
-Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …)
-On ne touche pas à ces branches, sauf pour corriger un bug critique,
-qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug".
-Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …)
-dans la branche stable et de faire un changelog.
-
-Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine.
-Quand une version de développement est terminé (tout les bugs fermés),
-on utilisera les tags pour se repérer dans l'historique GIT.
-Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable.
-
-Pour travailler sur une version spécifique, il faut travailler dans la branche "$release".
-Voir les branches sur le remote :
-
-```
-$ git branch -r
- origin/jessie-dev
- origin/wheezy-dev
- origin/wheezy
-```
-
-Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent
-être nommés "Implement #IDBugRedmine. Description feature." ou
-"Fix #IDBugRedmine. Description correction du bug.".
-
-```
-$ git checkout wheezy-dev
-[…] hack hack […]
-$ git commit
-$ git push
-```
-
-## Licence
-
-Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails.
+Other workflow are not forbidden, but should be discussed in advance.
diff --git a/README.old.md b/README.old.md
new file mode 100644
index 0000000..3f483cc
--- /dev/null
+++ b/README.old.md
@@ -0,0 +1,180 @@
+
+### Activation du mode Multi PHP avec des conteneurs LXC
+
+Installer les paquets nécessaires :
+
+~~~
+# apt install lxc debootstrap
+~~~
+
+Modifier la configuration de LXC :
+
+~~~
+# cat /etc/lxc/default.conf
+
+# Set the default network virtualization method.
+lxc.network.type = none
+
+# Mount /home into containers.
+lxc.mount.entry = /home home none bind 0 0
+
+# Only one tty is enough.
+# This require that you disabled others tty ([2-6]) in systemd.
+lxc.tty = 1
+
+# Run 64bits containers
+lxc.arch = x86_64
+
+# Start containers on boot by default
+lxc.start.auto = 1
+~~~
+
+Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
+
+#### PHP 5.6
+
+On installe un conteneur Debian Jessie :
+
+~~~
+# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
+~~~
+
+Puis on installe les paquets PHP 5.6 dans ce conteneur :
+
+~~~
+# lxc-start -n php56
+# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
+~~~
+
+#### PHP 7.0
+
+On installe un conteneur Debian Stretch :
+
+~~~
+# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
+~~~
+
+Puis on installe les paquets PHP 7.0 dans ce conteneur :
+
+~~~
+# lxc-start -n php70
+# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
+~~~
+
+#### PHP 7.3
+
+On installe un conteneur Debian Stretch :
+
+~~~
+# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
+~~~
+
+Puis on installe les paquets PHP 7.3 dans ce conteneur :
+
+~~~
+# lxc-start -n php73
+# lxc-attach -n php73
+
+# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
+# curl https://packages.sury.org/php/apt.gpg | apt-key add
+# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
+# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
+~~~
+
+#### Pour toutes les versions de PHP
+
+Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
+
+> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
+>
+> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
+>
+> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
+
+~~~
+[PHP]
+short_open_tag = Off
+expose_php = Off
+display_errors = Off
+log_errors = On
+html_errors = Off
+allow_url_fopen = Off
+disable_functions = exec,shell-exec,system,passthru,putenv,popen
+~~~
+
+Après cela, il faut redémarrer FPM
+
+~~~
+# lxc-attach -n php56 /etc/init.d/php5-fpm restart
+# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
+# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
+~~~
+
+Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
+
+~~~
+# cat /etc/evolinux/web-add.conf
+#(...)
+PHP_VERSIONS=(56 70 73)
+#(...)
+~~~
+
+~~~
+# cat /home/evoadmin/www/conf/config.local.php
+// (...)
+$localconf['php_versions'] = array(70, 73);
+// (...)
+~~~
+
+#### Apache
+
+Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
+
+~~~
+# a2enmod proxy_fcgi
+# systemctl restart apache2.service
+~~~
+
+Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
+
+~~~
+# chmod 755 /var/lib/lxc/php56/rootfs
+# chmod 755 /var/lib/lxc/php70/rootfs
+# chmod 755 /var/lib/lxc/php73/rootfs
+~~~
+
+#### Email
+
+Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
+
+Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
+
+~~~
+127.0.0.1 php70
+~~~
+
+~~~
+# apt install ssmtp
+~~~
+
+Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
+
+~~~
+root=postmaster
+mailhub=127.0.0.1
+hostname=example.com
+FromLineOverride=YES
+~~~
+
+#### PHP-CLI
+
+
+~~~
+$ cat /usr/local/bin/exec73
+#!/bin/bash
+
+php_cmd=$(printf "/usr/bin/php %q" "$@" )
+lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
+~~~
+
+Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
\ No newline at end of file
diff --git a/TODO b/TODO
deleted file mode 100644
index 99a0091..0000000
--- a/TODO
+++ /dev/null
@@ -1,7 +0,0 @@
-* Verification des paramètres passés dans le script ftpadmin.sh
-* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande
-* Tableau "sortable" (TableKit ?)
-* Mettre en place EvoLog et logger la sortie des scripts
-* Validation plus (très) stricte sur les entrées de formulaire
-* Listage des comptes utilisateurs
-* Total espace disque FTP
From f77ce6e590fb69d1b970705f22243b74808c1970 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol
Date: Mon, 20 Feb 2023 11:52:13 +0100
Subject: [PATCH 106/116] Release 23.02
---
CHANGELOG.md | 15 +++++++++++++++
scripts/web-add.sh | 2 +-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f26c16..3fb25fd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,19 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
+### Changed
+
+### Fixed
+
+### Removed
+
+### Security
+
+
+## [23.02] 2023-02-20
+
+### Added
+
* web : Display web-add.sh version
### Changed
@@ -28,3 +41,5 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Security
+
+
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 36439f0..5b076d8 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -14,7 +14,7 @@
set -e
-VERSION="22.07"
+VERSION="23.02"
HOME="/root"
CONTACT_MAIL="jdoe@example.org"
WWWBOUNCE_MAIL="jdoe@example.org"
From a7f718c073bf6af2d36ef795da02305f6170ab42 Mon Sep 17 00:00:00 2001
From: Brice Waegeneire
Date: Fri, 31 Mar 2023 13:06:32 +0200
Subject: [PATCH 107/116] Add support for php8.2
---
scripts/web-add.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 5b076d8..ae1a152 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -435,6 +435,8 @@ create_www_account() {
pool_path="/etc/php/8.0/fpm/pool.d/"
elif [ "$php_version" = "81" ]; then
pool_path="/etc/php/8.1/fpm/pool.d/"
+ elif [ "$php_version" = "82" ]; then
+ pool_path="/etc/php/8.2/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
@@ -611,6 +613,9 @@ EOT
elif [ "$php_version" = "81" ]; then
initscript_path="/etc/init.d/php8.1-fpm"
binary="php-fpm8.1"
+ elif [ "$php_version" = "82" ]; then
+ initscript_path="/etc/init.d/php8.2-fpm"
+ binary="php-fpm8.2"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
@@ -779,6 +784,9 @@ op_del() {
elif [ "$php_version" = "81" ]; then
phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
initscript_path="/etc/init.d/php8.1-fpm"
+ elif [ "$php_version" = "82" ]; then
+ phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
+ initscript_path="/etc/init.d/php8.2-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
From 2e8619e5e6982b26b028005700cd4c55c8601e7d Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Wed, 8 Nov 2023 12:03:14 +0100
Subject: [PATCH 108/116] Add sendmail_path and open_basedir in LXC PHP pool
configs
---
CHANGELOG.md | 2 ++
scripts/web-add.sh | 3 +++
2 files changed, 5 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fb25fd..0a0592b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Changed
+* Add sendmail_path and open_basedir in LXC PHP pool configs
+
### Fixed
### Removed
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ae1a152..f1703e7 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -23,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
SSH_GROUP="evolinux-ssh"
+HOST="$(hostname -s)"
# Set to nginx if you use nginx and not apache
WEB_SERVER="apache"
@@ -456,6 +457,8 @@ pm.max_children = 10
pm.process_idle_timeout = 10s
php_admin_value[error_log] = /home/${in_login}/log/php.log
+php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
+php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
EOT
step_ok "Création du pool FPM ${php_version}"
done
From 72e39f297e5cb9c4900f94db11e23d41745497e2 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Thu, 9 Nov 2023 11:31:16 +0100
Subject: [PATCH 109/116] Prevent op_del to fail and able to remove web account
when part of it is already removed
---
CHANGELOG.md | 2 ++
scripts/web-add.sh | 20 ++++++++++----------
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a0592b..445ceb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
+* Prevent op_del to fail and able to remove web account when part of it is already removed
+
### Changed
* Add sendmail_path and open_basedir in LXC PHP pool configs
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index f1703e7..210d07f 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -766,8 +766,8 @@ op_del() {
# Deactivate web vhost (apache or nginx)
if [ "$WEB_SERVER" == "apache" ]; then
- a2dissite "${login}.conf"
- rm /etc/apache2/sites-available/"$login.conf"
+ a2dissite "${login}.conf" || true
+ rm -f /etc/apache2/sites-available/"$login.conf"
apache2ctl configtest
@@ -794,33 +794,33 @@ op_del() {
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
fi
- rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
+ rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
done
elif [ "$WEB_SERVER" == "nginx" ]; then
- rm /etc/nginx/sites-{available,enabled}/"$login"
- rm /etc/munin/plugins/phpfpm_"${in_login}"*
+ rm -f /etc/nginx/sites-{available,enabled}/"$login"
+ rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
nginx -t
fi
- rm /etc/awstats/awstats."$login.conf"
+ rm -f /etc/awstats/awstats."$login.conf"
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
- userdel -f www-"$login"
+ userdel -f www-"$login" || true
fi
for php_version in "${PHP_VERSIONS[@]}"; do
if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
- lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+ lxc-attach -n php"${php_version}" -- userdel -f www-"$login" || true
fi
- lxc-attach -n php"${php_version}" -- userdel -f "$login"
+ lxc-attach -n php"${php_version}" -- userdel -f "$login" || true
done
fi
- userdel -f "$login"
+ userdel -f "$login" || true
sed -i.bak "/^$login:/d" /etc/aliases
if [ "$WEB_SERVER" == "apache" ]; then
From 7d8704cd257b32ca4fb1306ec139d53e16742678 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Thu, 9 Nov 2023 12:01:14 +0100
Subject: [PATCH 110/116] Fix sendmail_path hostname (missing domain / FQDN)
---
CHANGELOG.md | 2 ++
scripts/web-add.sh | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 445ceb9..5265f29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Fixed
+* Fix sendmail_path hostname (missing domain / FQDN)
+
### Removed
### Security
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 210d07f..2230071 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -23,7 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
SSH_GROUP="evolinux-ssh"
-HOST="$(hostname -s)"
+HOST="$(hostname -f)"
# Set to nginx if you use nginx and not apache
WEB_SERVER="apache"
From 2fd65724f7f316c79b9d376af5ebcb06956963e9 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Thu, 9 Nov 2023 17:08:39 +0100
Subject: [PATCH 111/116] Fix missing ITK admin link for multi PHP
---
CHANGELOG.md | 2 ++
tpl/webadmin.tpl.php | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5265f29..7eb54c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
# Changelog
+
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
@@ -21,6 +22,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Fixed
* Fix sendmail_path hostname (missing domain / FQDN)
+* Fix missing ITK admin link for multi PHP
### Removed
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 98b02c8..9861b6c 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -108,8 +108,9 @@
printf('Servername - ', $vhost_info['owner']);
if(is_multiphp()) {
printf('PHP - ', $vhost_info['owner']);
- } else {
- printf('ITK - ', $vhost_info['owner']);
+ }
+
+ printf('ITK - ', $vhost_info['owner']);
}
printf('Let\'s Encrypt - ', $vhost_info['owner']);
printf('Supprimer ', $vhost_info['owner']);
From c385c102c5fc7de0fe0799b4744803e929ac13fe Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Thu, 9 Nov 2023 17:21:33 +0100
Subject: [PATCH 112/116] Remove extra }
---
tpl/webadmin.tpl.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 9861b6c..2ca4563 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,7 +111,7 @@
}
printf('ITK - ', $vhost_info['owner']);
- }
+
printf('Let\'s Encrypt - ', $vhost_info['owner']);
printf('Supprimer ', $vhost_info['owner']);
} else {
From 964f710897c51a5294427c1cfd1699a594581043 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Fri, 10 Nov 2023 10:49:16 +0100
Subject: [PATCH 113/116] Revert "Remove extra }"
This reverts commit c385c102c5fc7de0fe0799b4744803e929ac13fe.
---
tpl/webadmin.tpl.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 2ca4563..9861b6c 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -111,7 +111,7 @@
}
printf('ITK - ', $vhost_info['owner']);
-
+ }
printf('Let\'s Encrypt - ', $vhost_info['owner']);
printf('Supprimer ', $vhost_info['owner']);
} else {
From f5fe462248d8debbb11bf00ab4b1d357c67c75ca Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Fri, 10 Nov 2023 10:49:29 +0100
Subject: [PATCH 114/116] Revert "Fix missing ITK admin link for multi PHP"
This reverts commit 2fd65724f7f316c79b9d376af5ebcb06956963e9.
---
CHANGELOG.md | 2 --
tpl/webadmin.tpl.php | 5 ++---
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7eb54c9..5265f29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,4 @@
# Changelog
-
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
@@ -22,7 +21,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Fixed
* Fix sendmail_path hostname (missing domain / FQDN)
-* Fix missing ITK admin link for multi PHP
### Removed
diff --git a/tpl/webadmin.tpl.php b/tpl/webadmin.tpl.php
index 9861b6c..98b02c8 100755
--- a/tpl/webadmin.tpl.php
+++ b/tpl/webadmin.tpl.php
@@ -108,9 +108,8 @@
printf('Servername - ', $vhost_info['owner']);
if(is_multiphp()) {
printf('PHP - ', $vhost_info['owner']);
- }
-
- printf('ITK - ', $vhost_info['owner']);
+ } else {
+ printf('ITK - ', $vhost_info['owner']);
}
printf('Let\'s Encrypt - ', $vhost_info['owner']);
printf('Supprimer ', $vhost_info['owner']);
From 8e15676d0519613a84474dd0e6fba110015a60ec Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Fri, 10 Nov 2023 11:11:52 +0100
Subject: [PATCH 115/116] Improve op_del improvement
---
scripts/web-add.sh | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 2230071..224b2b1 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -766,7 +766,9 @@ op_del() {
# Deactivate web vhost (apache or nginx)
if [ "$WEB_SERVER" == "apache" ]; then
- a2dissite "${login}.conf" || true
+ if a2query -s test12 >/dev/null 2&>1; then
+ a2dissite "${login}.conf"
+ fi
rm -f /etc/apache2/sites-available/"$login.conf"
apache2ctl configtest
@@ -809,18 +811,22 @@ op_del() {
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
- userdel -f www-"$login" || true
+ userdel -f www-"$login"
fi
for php_version in "${PHP_VERSIONS[@]}"; do
- if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
- lxc-attach -n php"${php_version}" -- userdel -f www-"$login" || true
+ if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
+ lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
+ fi
+ if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
+ lxc-attach -n php"${php_version}" -- userdel -f "$login"
fi
- lxc-attach -n php"${php_version}" -- userdel -f "$login" || true
done
fi
- userdel -f "$login" || true
+ if getent passwd "$login" &> /dev/null; then
+ userdel -f "$login"
+ fi
sed -i.bak "/^$login:/d" /etc/aliases
if [ "$WEB_SERVER" == "apache" ]; then
From 0dfb19faea4ed59741f8fbdba3be305ef1592647 Mon Sep 17 00:00:00 2001
From: William Hirigoyen
Date: Mon, 13 Nov 2023 14:29:55 +0100
Subject: [PATCH 116/116] Remove undue commit
---
CHANGELOG.md | 2 --
1 file changed, 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5265f29..445ceb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,8 +20,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Fixed
-* Fix sendmail_path hostname (missing domain / FQDN)
-
### Removed
### Security