evolix/evoadmin-web
22
0
Fork 1
Code Issues 31 Pull requests 4 Releases 1 Wiki Activity

Compare commits

base: evolix:183fabf9368e67315123a5bbae4b247efbb22875
Branches Tags
evolix:master
evolix:unstable
evolix:fix-ssh-memebership
evolix:bind-add-ng-fix-regex
evolix:ci-enablement
evolix:mail
evolix:apache-require
evolix:master-fix-48033
evolix:letsencrypt
evolix:evacome-wrapper
evolix:composer_install
evolix:license-readme-conformity
evolix:bind-add-automatic-slave
evolix:jessie
evolix:web-add-support-nginx-and-apache
evolix:ssl
evolix:wheezy
evolix:23.02
...
compare: evolix:28a16a24cf0ce5702f93f7a3d08ecfec222b8d79
Branches Tags
evolix:unstable
evolix:master
evolix:fix-ssh-memebership
evolix:bind-add-ng-fix-regex
evolix:ci-enablement
evolix:mail
evolix:apache-require
evolix:master-fix-48033
evolix:letsencrypt
evolix:evacome-wrapper
evolix:composer_install
evolix:license-readme-conformity
evolix:bind-add-automatic-slave
evolix:jessie
evolix:web-add-support-nginx-and-apache
evolix:ssl
evolix:wheezy
evolix:23.02

123 commits
183fabf936 ... 28a16a24cf

Author SHA1 Message Date
Mathieu Trossevin 28a16a24cf
Merge remote-tracking branch 'origin/unstable' into bind-add-ng-fix-regex 2023-11-17 15:00:56 +01:00
Mathieu Trossevin 6951d1fd33 Merge branch 'master' into unstable 2023-11-16 11:04:29 +01:00
William Hirigoyen 0dfb19faea Remove undue commit 2023-11-13 14:29:55 +01:00
William Hirigoyen 8e15676d05 Improve op_del improvement 2023-11-10 11:11:52 +01:00
William Hirigoyen f5fe462248 Revert "Fix missing ITK admin link for multi PHP" 
This reverts commit 2fd65724f7.
 2023-11-10 10:49:29 +01:00
William Hirigoyen 964f710897 Revert "Remove extra }" 
This reverts commit c385c102c5.
 2023-11-10 10:49:16 +01:00
William Hirigoyen c385c102c5 Remove extra } 2023-11-09 17:21:33 +01:00
William Hirigoyen 2fd65724f7 Fix missing ITK admin link for multi PHP 2023-11-09 17:08:39 +01:00
William Hirigoyen 7d8704cd25 Fix sendmail_path hostname (missing domain / FQDN) 2023-11-09 12:01:14 +01:00
William Hirigoyen 72e39f297e Prevent op_del to fail and able to remove web account when part of it is already removed 2023-11-09 11:31:16 +01:00
William Hirigoyen 2e8619e5e6 Add sendmail_path and open_basedir in LXC PHP pool configs 2023-11-08 12:03:14 +01:00
bwaegeneire e76ea90d89 Merge pull request 'Add support for php8.2' (#81) from unstable into master 
Reviewed-on: #81
 2023-03-31 13:11:36 +02:00
Brice Waegeneire a7f718c073 Add support for php8.2 2023-03-31 13:07:39 +02:00
Ludovic Poujol f77ce6e590 Release 23.02 2023-02-20 11:52:13 +01:00
Ludovic Poujol d2365e133b Big update of projet reame 
Translated to english, changed contribution guidelines (same as ansible-roles)
Removed old TODO/INSTALL file
 2023-02-20 11:19:08 +01:00
Ludovic Poujol fbc48755b0 Introducing a changelog (filled with 2023 changes) 2023-02-20 10:44:43 +01:00
Ludovic Poujol 63dfa3af99 web-add.sh > Correct deletion order 
Closes #76
 2023-02-20 10:34:41 +01:00
Ludovic Poujol 577a4463ad Account deletion > Use mysql "DROP USER" 
Instead of messing directly with mysql internal tables
Closes #78
 2023-02-15 12:04:59 +01:00
Ludovic Poujol 66c159a625 Display the web-add.sh version 2023-02-15 11:36:25 +01:00
Ludovic Poujol 77f5076c88 Move common.php outside of the DocumentRoot 2023-02-15 11:35:21 +01:00
William Hirigoyen ad68e298dd VérCheck chars [:/] are not in the domain name (in case of confusion with URL) 2022-12-09 15:30:14 +01:00
Ludovic Poujol 68799f7e5f Correction bug suppression compte 2022-11-21 17:25:19 +01:00
Ludovic Poujol ebb4f1c20c ftpadmin.sh - Correction regression listing des comptes introduite par d6c39be117 2022-11-21 17:15:47 +01:00
Ludovic Poujol f65dd98bb1 Web-add.sh: Add a version number (+ command to fetch it) 2022-11-10 15:58:15 +01:00
William Hirigoyen 67d0c45d79 Fix bug introduced in 9913579bb0 (MariaDB does not support backtics in where clause). 2022-11-08 17:30:05 +01:00
William Hirigoyen 9913579bb0 Fix drop database when contains dash 2022-10-31 14:40:19 +01:00
David Prevot e257ee242b web-add generate-ssl-certificate: false option should be documented as is 
As fb78d2a9ed, but the other way around: update only the documentation
instead of the code, so that existing use does not change.
 2022-07-19 16:39:20 +02:00
David Prevot 2301b0cba5 web-add generate-ssl-certificate: improve FALSE option documentation 2022-07-19 14:24:33 +02:00
David Prevot fb78d2a9ed web-add generate-ssl-certificate: FALSE option should match documented case 2022-07-19 14:18:04 +02:00
Ludovic Poujol 66ceacd918 Make the change on the login mechanism compatible with old configurations 2022-07-07 11:22:47 +02:00
Ludovic Poujol d746aa445e Change in the login mechanism 
Now use passwords hashed & salted. Validate with PHP's password_verify() function

Password hashes can be generated with :
* mkpasswd --method=sha-512
* PHP's password_hash()
 2022-07-05 11:25:37 +02:00
Ludovic Poujol 143af65357 Hotfix for web interface to behave correctly 2022-07-04 14:34:41 +02:00
Ludovic Poujol 96ffc58cc4 Clear some warnings about undefined vars 2022-07-01 16:13:49 +02:00
William Hirigoyen (Evolix) 93629b51fb Fix bug introduced in f2f115608a (op del fails when user has no crontab) 2022-05-11 14:39:00 +02:00
Brice Waegeneire d63046b227 Add support for php8.1 2022-02-22 15:16:22 +01:00
Ludovic Poujol f2f115608a Dump & remove user crontab on account deletion 
closes #37
 2022-02-17 11:12:55 +01:00
Ludovic Poujol ef5bbbeba7 Fix behaviour when there is only one php version 
closes #74
 2022-02-17 10:40:00 +01:00
William Hirigoyen (Evolix) d6c39be117 #62716 : Corrections et améliorations ftpadmin.sh 2021-12-23 15:51:55 +01:00
William Hirigoyen (Evolix) 5cd6a6f046 Test if user www-login exists before deleting (else, the deletion fails) 2021-12-02 10:16:12 +01:00
Brice Waegeneire 0709747a1e web-add.sh script now handles php 8.0 containers 2021-10-05 10:13:12 +02:00
Brice Waegeneire 360929ee96 web-add.sh script now handles php 8.0 containers 2021-10-05 10:06:14 +02:00
Brice Waegeneire e3dc97d6d4 delete users even though it has some processes running 2021-09-22 10:35:10 +02:00
Ludovic Poujol ae30498030 set a uid for the user at login for ftp filtering 2021-04-28 16:21:29 +02:00
Tristan PILAT 372b00101d web-add.sh script now handles php 7.4 containers 2021-04-15 11:11:55 +02:00
Ludovic Poujol 7499f0222e Reorder lines in template fpm config for better readability 2021-02-23 11:07:29 +01:00
Ludovic Poujol 4f8b0b19fe generate longer password by default 2021-02-22 16:22:31 +01:00
Ludovic Poujol 2906ba47f1 Add (random) status path php 2021-02-22 16:12:21 +01:00
Ludovic Poujol e2acb4e9d1 web-add.sh - Add .conf at the config name for a2ensite/a2dissite 
Fixes #70
 2021-02-10 15:21:04 +01:00
Ludovic Poujol 234ac67634 Fix op_checkoccurencename() in web-add.sh (again) 
I had it wrong (again) in 283d0bccad :-(

https://www.youtube.com/watch?v=TMy6X5cQul8
 2019-10-14 10:21:05 +02:00
Ludovic Poujol 283d0bccad Fix op_checkoccurencename() in web-add.sh (again) 
I had it wrong in 9523fff658 :/
 2019-10-02 17:40:01 +02:00
Ludovic Poujol 6438732ea4 Add missing break.... 2019-09-06 16:26:14 +02:00
Ludovic Poujol 9523fff658 Fix op_checkoccurencename() in web-add.sh 
Ensure that we can add foo.net while having www.foo.net somewhere in out 
config files
 2019-08-26 11:20:44 +02:00
Ludovic Poujol f7659cee6d Fix IncludeOptional that can throw syntax errors in some cases. 
With Apache < 2.4.30, IncludeOptional will throw syntax errors if the 
file designated without any pattern globbing is absent.
We circumvent that with a silly pattern.
 2019-08-21 12:05:37 +02:00
Nicolas Roman b148cf1176 Merge branch 'letsencrypt' of evolix/evoadmin-web into master 2019-07-26 11:15:48 +02:00
Nicolas Roman 3736f7ec32 display expiration date of cert and included domains directly when clicking the letsencrypt link 2019-07-25 11:37:57 +02:00
Nicolas Roman a0f41b4b69 Merge branch 'del-letsencrypt' of evolix/evoadmin-web into master 2019-07-24 16:30:43 +02:00
Nicolas Roman 5cd4cff029 remove matching letsencrypt folder when deleting an account 2019-07-24 16:25:16 +02:00
Nicolas Roman b339ca0fb9 display included and non included domain(s) before the cert renew 2019-07-19 14:38:24 +02:00
Nicolas Roman f3fa182dc7 delete methods updating the vhost after cert installation is completed 2019-07-17 17:20:32 +02:00
Nicolas Roman 4b5a020993 port 443 by default in vhost template 2019-07-17 17:11:52 +02:00
Nicolas Roman c5c1648a58 delete previous cert if it already exists before invoking evoacme 2019-07-17 15:38:59 +02:00
Nicolas Roman 7d026c907b add optional SSL configuration by default in vhost 2019-07-15 17:44:41 +02:00
Nicolas Roman 283f76540a uses stream_socket_client instead of fopen 2019-07-15 17:08:47 +02:00
Nicolas Roman c218aebaae bugfixes for the evoacme part 2019-07-15 17:06:50 +02:00
Nicolas Roman 4eaf3ad6d1 fix acme-challenge subfolder creation 2019-07-11 16:54:21 +02:00
Nicolas Roman 78d0293b44 create the acme-challenge subfolder correctly for the HTTP challenge 2019-07-11 15:24:17 +02:00
Nicolas Roman 27b449fd98 check that the non_standard domain is not already in the session variable 2019-07-11 14:19:09 +02:00
Nicolas Roman 8fe671097d tweak success message for cert installation 2019-07-10 16:59:36 +02:00
Nicolas Roman 839efa6fe9 generateSSLCertificate and setSSLPortVhost methods added 2019-07-10 16:57:34 +02:00
Nicolas Roman 37e5ca6484 generate-ssl-certificate and update-ssl-configuration methods for web-add.sh 2019-07-10 16:56:50 +02:00
Nicolas Roman 9c9ffe1b53 check if the domain IP correspond to the server IP 2019-07-10 16:56:13 +02:00
Nicolas Roman 1b4231e1a9 make-csr function and confirmation button when warning is displayed 2019-07-09 18:07:47 +02:00
Nicolas Roman 1cf62beb55 retrieve the correct aliases and servername from a specified vhost 2019-07-04 18:00:59 +02:00
Nicolas Roman 3ab7a01077 new warning rule with orange color for span element 2019-07-04 15:55:38 +02:00
Nicolas Roman c4a6b1f069 errors handling for SSL check with the issuer, validity date and included domains 2019-07-04 15:55:10 +02:00
Nicolas Roman 1fc8a3e322 add keys to return array for parseCertificate method 2019-07-04 15:53:35 +02:00
Nicolas Roman 43318dc09a add https prefix to getCertificate method 2019-07-04 15:52:55 +02:00
Nicolas Roman 3b9a534253 filter empty items from session variable of domains 2019-07-04 15:51:58 +02:00
Nicolas Roman 69936f67db retrieve SSL cert and parse it, check the issuer, the expiration date and the SAN 2019-07-03 18:18:27 +02:00
Nicolas Roman 2737edbc11 update let's encrypt button name 2019-06-07 15:25:34 +02:00
Nicolas Roman d7f0a5e36c change error handling for let's encrypt checks 2019-06-07 15:25:15 +02:00
Nicolas Roman 15faf3dfdc add isEvoacmeInstalled function 2019-06-07 15:24:38 +02:00
Nicolas Roman f6cfe14cdc add createFileHttpChallenge and deleteFileHttpChallenge functions 2019-06-07 15:23:39 +02:00
Nicolas Roman bd6d70fbfe change http challenge filename 2019-06-07 15:22:42 +02:00
Nicolas Roman b25639c3aa add manage-http-challenge-file function 2019-06-07 14:10:07 +02:00
Nicolas Roman 320a229d4f separate view and controller logic 2019-06-07 11:49:11 +02:00
Nicolas Roman 58dda79c6a add letsencrypt link in webadmin page 2019-06-07 11:48:09 +02:00
Nicolas Roman 4a137ae821 add h3 error styling 2019-06-07 11:46:01 +02:00
Nicolas Roman b44a70f089 fix CURLOPT_REDIR_PROTOCOLS values 2019-06-07 10:43:45 +02:00
Nicolas Roman 2fff30a658 first draft webadmin-letsencrypt tpl 2019-06-06 18:20:27 +02:00
Nicolas Roman 6b8128e861 move FQDN syntax to checkDNSValidity function 2019-06-06 18:18:09 +02:00
Nicolas Roman 2193307e14 first draft webadmin-letsencrypt.php 2019-06-06 18:16:52 +02:00
Nicolas Roman 4cde233804 regroup webadmin rules 2019-06-06 18:15:30 +02:00
Nicolas Roman 12b907ea63 add checkDNSValidity function 2019-06-06 15:41:58 +02:00
Nicolas Roman 4a14333d41 first draft library letsencrypt 2019-06-06 14:51:34 +02:00
Nicolas Roman 84a821d58c Merge branch 'vhost-delete' of evolix/evoadmin-web into master 2019-06-05 17:24:28 +02:00
Nicolas Roman 634a18d1cb rebase master 2019-06-05 17:20:34 +02:00
Nicolas Roman 44b4ac2f5e add .idea folder to gitignore 2019-06-05 16:34:16 +02:00
Nicolas Roman a907137e27 block non-standard vhost modification 2019-06-05 16:34:16 +02:00
Nicolas Roman ad452aad6a delete list-servername function 2019-06-05 16:33:37 +02:00
Nicolas Roman b1bab0b40c normalize add-alias with del-alias 2019-06-05 16:33:23 +02:00
Nicolas Roman 5a738c4e2e revert multiple virtualhosts mgmt for ITK 2019-06-05 16:33:23 +02:00
Nicolas Roman 1ee7221b19 normalize text 2019-06-05 16:31:16 +02:00
Nicolas Roman 1ffa0ef4e7 normalize title names 2019-06-05 16:30:21 +02:00
Nicolas Roman bb17afd5fc added delete link 2019-06-05 16:29:19 +02:00
Nicolas Roman 6f7fe19046 added delete webpage 2019-06-05 16:29:19 +02:00
Nicolas Roman ad3c31fb96 added force-confirm option for del script 2019-06-05 16:29:19 +02:00
Nicolas Roman 7a0d307f23 first draft 2019-06-05 16:29:19 +02:00
emorino a3c67afb2a typo 2019-04-26 09:53:10 +02:00
emorino c0fb7a5d74 Ajout configuration /etc/hosts pour install paquet ssmtp 2019-04-26 09:52:05 +02:00
Ludovic Poujol a200ccfdeb Ensure a password can't contain a "/" 2019-04-23 18:16:33 +02:00
Ludovic Poujol d63150c4ce Add missing escapeshellarg() in account creation 2019-04-23 18:16:07 +02:00
Ludovic Poujol 7b5868db38 README.md : Ajout exemple /usr/local/bin/exec73 2019-04-12 12:05:07 +02:00
Nicolas Roman cd6abd008d Merge branch 'route-naming' of evolix/evoadmin-web into master 2019-04-08 17:17:36 +02:00
Ludovic Poujol d00ecea964 web-add.sh - Ensure the FPM pools uses the www-XXX user 2019-04-02 15:15:51 +02:00
Nicolas Roman c9ed53d7dd php url changed 2019-04-01 18:10:53 +02:00
Nicolas Roman 6d0a456de9 alias url changed 2019-04-01 17:09:05 +02:00
Nicolas Roman 6ef1c9fcf7 refactoring webadmin-itk 2019-04-01 16:14:48 +02:00
Nicolas Roman 99ac46f671 itk url changed 2019-04-01 15:41:59 +02:00
Nicolas Roman fde162d679 servername url changed 2019-04-01 15:13:28 +02:00
Ludovic Poujol e0f8d6ade1 Command fixes in README.md 2019-03-29 15:58:28 +01:00
Ludovic Poujol 2aa7a7a565 Only display the PHP version change link on multi-php install 
(Also means the ITK setting doesn't matter and should not be displayed)
 2019-03-29 15:56:35 +01:00
Ludovic Poujol 1331bb96b4 Fix is_multiphp() always returning false 2019-03-29 15:55:43 +01:00
34 changed files with 1620 additions and 729 deletions
Show stats Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
conf/config.local.php
.vagrant
.idea

49
CHANGELOG.md Normal file
View file

@ -0,0 +1,49 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
This project does not follow semantic versioning.
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
## [Unreleased]
### Added
* Prevent op_del to fail and able to remove web account when part of it is already removed
### Changed
* Add sendmail_path and open_basedir in LXC PHP pool configs
### Fixed
### Removed
### Security
## [23.02] 2023-02-20
### Added
* web : Display web-add.sh version
### Changed
* Readme.md : Translated to english. New contribution guidelines and misc information
### Fixed
* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
* web-add.sh : Correcting deletion order to avoid dependency issues - #76
### Removed
### Security

1
INSTALL
View file

@ -1 +0,0 @@
* Ajouter les autorisations sudo nécessaires

228
README.md
View file

@ -1,220 +1,48 @@
# evoadmin-web
# Evoadmin-web
Panel d'administration de serveur web et scripts shell.
Web interface and management scripts for web hosting
Project leader : ?
## Versions
## Versions & Branches
* Stable Wheezy → git checkout wheezy
* Stable Jessie → git checkout jessie
* Stretch → master
The `master` branch is ready for production.
It's compatible with the current Debian version (and few previous ones)
Code for older Debian releases (Wheezy, Jessie) is archived on separate branches.
The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet.
### Versions
* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version)
* Debian Jessie → use branch `jessie` (old, archive branch)
* Debian Wheezy → use branch `wheezy` (old, archive branch)
## Installation
Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts.
Installation should be done with Ansible.
The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration.
It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw
### Manuelle
### Manually
TODO
## Contributing
### Activation du mode Multi PHP avec des conteneurs LXC
Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".
Installer les paquets nécessaires :
Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change.
~~~
# apt install lxc debootstrap
~~~
All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit.
Modifier la configuration de LXC :
# Workflow
~~~
# cat /etc/lxc/default.conf
The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`.
# Set the default network virtualization method.
lxc.network.type = none
Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`.
# Mount /home into containers.
lxc.mount.entry = /home home none bind 0 0
Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting.
# Only one tty is enough.
# This require that you disabled others tty ([2-6]) in systemd.
lxc.tty = 1
# Run 64bits containers
lxc.arch = x86_64
# Start containers on boot by default
lxc.start.auto = 1
~~~
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
#### PHP 5.6
On installe un conteneur Debian Jessie :
~~~
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
~~~
Puis on installe les paquets PHP 5.6 dans ce conteneur :
~~~
# lxc-start -n php56
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
~~~
#### PHP 7.0
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.0 dans ce conteneur :
~~~
# lxc-start -n php70
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
~~~
#### PHP 7.3
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.3 dans ce conteneur :
~~~
# lxc-start -n php73
# lxc-attach -n php73
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates
# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
~~~
#### Pour toutes les versions de PHP
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
~~~
[PHP]
short_open_tag = Off
expose_php = Off
display_errors = Off
log_errors = On
html_errors = Off
allow_url_fopen = Off
disable_functions = exec,shell-exec,system,passthru,putenv,popen
~~~
Après cela, il faut redémarrer FPM
~~~
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
~~~
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
~~~
# cat /etc/evolinux/web-add.conf
#(...)
PHP_VERSIONS=(56 70 73)
#(...)
~~~
~~~
# cat /home/evoadmin/www/conf/config.local.php
// (...)
$localconf['php_versions'] = array(70, 73);
// (...)
~~~
#### Apache
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
~~~
# a2enmod proxy_fcgi
# systemctl restart apache2.service
~~~
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
~~~
chmod 755 /var/lib/lxc/php56/rootfs
chmod 755 /var/lib/lxc/php70/rootfs
chmod 755 /var/lib/lxc/php73/rootfs
~~~
#### Email
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
~~~
apt install ssmtp
~~~
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
~~~
root=postmaster
mailhub=127.0.0.1
hostname=example.com
FromLineOverride=YES
~~~
## Méthodes de collaboration
Lire le fichier GUIDELINES.
Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …)
On ne touche pas à ces branches, sauf pour corriger un bug critique,
qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug".
Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …)
dans la branche stable et de faire un changelog.
Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine.
Quand une version de développement est terminé (tout les bugs fermés),
on utilisera les tags pour se repérer dans l'historique GIT.
Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable.
Pour travailler sur une version spécifique, il faut travailler dans la branche "$release".
Voir les branches sur le remote :
```
$ git branch -r
origin/jessie-dev
origin/wheezy-dev
origin/wheezy
```
Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent
être nommés "Implement #IDBugRedmine. Description feature." ou
"Fix #IDBugRedmine. Description correction du bug.".
```
$ git checkout wheezy-dev
[…] hack hack […]
$ git commit
$ git push
```
## Licence
Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails.
Other workflow are not forbidden, but should be discussed in advance.

180
README.old.md Normal file
View file

@ -0,0 +1,180 @@
### Activation du mode Multi PHP avec des conteneurs LXC
Installer les paquets nécessaires :
~~~
# apt install lxc debootstrap
~~~
Modifier la configuration de LXC :
~~~
# cat /etc/lxc/default.conf
# Set the default network virtualization method.
lxc.network.type = none
# Mount /home into containers.
lxc.mount.entry = /home home none bind 0 0
# Only one tty is enough.
# This require that you disabled others tty ([2-6]) in systemd.
lxc.tty = 1
# Run 64bits containers
lxc.arch = x86_64
# Start containers on boot by default
lxc.start.auto = 1
~~~
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
#### PHP 5.6
On installe un conteneur Debian Jessie :
~~~
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
~~~
Puis on installe les paquets PHP 5.6 dans ce conteneur :
~~~
# lxc-start -n php56
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
~~~
#### PHP 7.0
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.0 dans ce conteneur :
~~~
# lxc-start -n php70
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
~~~
#### PHP 7.3
On installe un conteneur Debian Stretch :
~~~
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
~~~
Puis on installe les paquets PHP 7.3 dans ce conteneur :
~~~
# lxc-start -n php73
# lxc-attach -n php73
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
# curl https://packages.sury.org/php/apt.gpg | apt-key add
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
~~~
#### Pour toutes les versions de PHP
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
>
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
>
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
~~~
[PHP]
short_open_tag = Off
expose_php = Off
display_errors = Off
log_errors = On
html_errors = Off
allow_url_fopen = Off
disable_functions = exec,shell-exec,system,passthru,putenv,popen
~~~
Après cela, il faut redémarrer FPM
~~~
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
~~~
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
~~~
# cat /etc/evolinux/web-add.conf
#(...)
PHP_VERSIONS=(56 70 73)
#(...)
~~~
~~~
# cat /home/evoadmin/www/conf/config.local.php
// (...)
$localconf['php_versions'] = array(70, 73);
// (...)
~~~
#### Apache
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
~~~
# a2enmod proxy_fcgi
# systemctl restart apache2.service
~~~
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
~~~
# chmod 755 /var/lib/lxc/php56/rootfs
# chmod 755 /var/lib/lxc/php70/rootfs
# chmod 755 /var/lib/lxc/php73/rootfs
~~~
#### Email
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
~~~
127.0.0.1 php70
~~~
~~~
# apt install ssmtp
~~~
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
~~~
root=postmaster
mailhub=127.0.0.1
hostname=example.com
FromLineOverride=YES
~~~
#### PHP-CLI
~~~
$ cat /usr/local/bin/exec73
#!/bin/bash
php_cmd=$(printf "/usr/bin/php %q" "$@" )
lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
~~~
Il faut ensuite s'assurer que ce script peut être exécuté via sudo.

7
TODO
View file

@ -1,7 +0,0 @@
* Verification des paramètres passés dans le script ftpadmin.sh
* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande
* Tableau "sortable" (TableKit ?)
* Mettre en place EvoLog et logger la sortie des scripts
* Validation plus (très) stricte sur les entrées de formulaire
* Listage des comptes utilisateurs
* Total espace disque FTP

29
conf/config.php
View file

@ -8,36 +8,35 @@
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @version 1.0
*/
// Email pour les notifications
$oriconf['admin']['mail'] = 'admin@example.com';
$oriconf['techmail'] = 'jdoe@example.com';
$oriconf['debug'] = FALSE;
$oriconf['debug'] = false;
$oriconf['superadmin'] = array('superadmin');
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
$oriconf['cluster'] = FALSE;
$oriconf['cluster'] = false;
$oriconf['servers'] = array('servers');
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
$oriconf['ftpadmin'] = FALSE;
$oriconf['bindadmin'] = FALSE;
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
$oriconf['php_versions'] = array();
$oriconf['quota'] = FALSE;
$oriconf['dbadmin'] = FALSE;
$oriconf['ftpadmin'] = false;
$oriconf['bindadmin'] = false;
// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
// $oriconf['php_versions'] = array();
$oriconf['quota'] = false;
$oriconf['dbadmin'] = false;
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
// auth (sha256 hashs)
// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
$oriconf['logins'] = array();
//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';

17
evolibs/Form.php
View file

@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField {
class DomainInputFormField extends FormField {
protected $mandatory = NULL;
protected $textsize = NULL;
//protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
parent::__construct($label);
$this->mandatory = $mandatory;
$this->hidden = $hidden;
$this->textsize = $textsize;
//$this->textsize = $textsize;
}
public function verify($set_error) {
@ -491,7 +491,7 @@ class DomainInputFormField extends FormField {
else
$input .= '<input type="text" id="'.$this->name.'"';
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
@ -516,12 +516,12 @@ class DomainInputFormField extends FormField {
class DomainListInputFormField extends FormField {
protected $mandatory = NULL;
protected $textsize = NULL;
//protected $textsize = NULL;
public function __construct($label, $mandatory=TRUE) {
parent::__construct($label);
$this->mandatory = $mandatory;
$this->textsize = $textsize;
//$this->textsize = $textsize;
}
public function verify($set_error) {
@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField {
$input = '';
$input .= '<input type="text" id="'.$this->name.'"';
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
if($this->read_only) { $input .= 'readonly="readonly="'; }
if($this->disabled) { $input .= 'disabled="disabled="'; }
$input .= '/>';
@ -720,6 +720,11 @@ class PasswordInputFormField extends FormField {
return FALSE;
}
if(!preg_match('#.*[/]+.*#',$this->value)==0){
if($set_error) $this->error = 'Votre mot de passe doit contenir le caractère \'/\'';
return FALSE;
}
return TRUE;
}

10
htdocs/inc/css/main.css
View file

@ -30,6 +30,10 @@ h1#top {
margin-bottom: 10px;
}
h3.form-error {
color: red;
}
div#disclaimer {
margin-top: 30px;
}
@ -135,6 +139,11 @@ span.form-error {
margin-left: 4px;
}
span.form-warning {
color: #E84D0C;
margin-left: 4px;
}
span.form-mandatory {
color: red;
}
@ -163,4 +172,3 @@ form#form-add legend {
form#form-add p {
text-align: left;
}

6
htdocs/inc/js/webadmin.js
View file

@ -21,6 +21,12 @@ function switch_disabled(name) {
}
document.observe("dom:loaded", function() {
if (document.getElementById('vhost-delete-db') != null) {
document.getElementById('vhost-delete-db').onclick = function() {
console.log("clicked box");
switch_disabled('vhost-dbname');
}
}
document.getElementById('password_random').onclick = function() {
switch_disabled('password');
}

43
htdocs/index.php
View file

@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8');
/**
* Requires
*/
require_once EVOADMIN_BASE . 'common.php';
require_once EVOADMIN_BASE . '../inc/common.php';
$uri = $_SERVER['REQUEST_URI'];
@ -48,26 +48,47 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
include_once EVOADMIN_BASE . '../inc/webadmin.php';
} elseif (preg_match('#^/webadmin/servername/(.*)/?$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin?#', $uri)) {
include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
// Redirect to /webadmin in order to set $_SESSION['non_stanard']
if (!isset($_SESSION['non_standard']))
http_redirect('/webadmin');
} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
// block the non-standard vhost modification
if (in_array(htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), $_SESSION['non_standard']))
http_redirect('/webadmin');
include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
if (preg_match('#^/webadmin/(.*)/domain/?(edit)?/?(.*)?/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/php/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
} elseif (preg_match('#^/webadmin/(.*)/itk/?(enable|disable)?/?(.*)?/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
} elseif (preg_match('#^/webadmin/(.*)/php/$#', $uri, $params)) {
} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-php.php';
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
} elseif (preg_match('#^/webadmin/(.*)/alias/?(add|delete)?/?(.*)?/$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';
} elseif (preg_match('#^/webadmin/delete/(.*)/?$#', $uri, $params)) {
//TODO: fix according to route naming convention
include_once EVOADMIN_BASE . '../inc/webadmin-delete.php';
} elseif (preg_match('#^/webadmin/suppr/(.*)/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-suppr.php';
} elseif (preg_match('#^/webadmin/(.*)/letsencrypt/?$#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/webadmin-letsencrypt.php';
} else {
http_redirect('/webadmin');
}
} elseif (is_superadmin() && preg_match('#^/accounts/?#', $uri, $params)) {
include_once EVOADMIN_BASE . '../inc/accounts.php';

40
inc/accounts.php
View file

@ -39,31 +39,31 @@ function web_add($form, $admin_mail) {
if(!$form->getField('password_random')->getValue()) {
$exec_cmd .= sprintf(' -p %s',
$form->getField('password')->getValue());
escapeshellarg($form->getField('password')->getValue()));
}
/* Ajout des options spécifiques à MySQL si nécessaire */
if($form->getField('mysql_db')->getValue()) {
$exec_cmd .= sprintf(' -m %s',
$form->getField('mysql_dbname')->getValue());
escapeshellarg($form->getField('mysql_dbname')->getValue()));
if(!$form->getField('mysql_password_random')->getValue()) {
$exec_cmd .= sprintf(' -P %s',
$form->getField('mysql_password')->getValue());
escapeshellarg($form->getField('mysql_password')->getValue()));
}
}
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
}
if ($conf['quota']) {
$exec_cmd .= sprintf(' -q %s:%s', $form->getField('quota_soft')->getValue(), $form->getField('quota_hard')->getValue());
$exec_cmd .= sprintf(' -q %s:%s', escapeshellarg($form->getField('quota_soft')->getValue()), escapeshellarg($form->getField('quota_hard')->getValue()));
}
$exec_cmd .= sprintf(' -l %s %s %s 2>&1', $admin_mail,
$form->getField('username')->getValue(),
$form->getField('domain')->getValue());
escapeshellarg($form->getField('username')->getValue()),
escapeshellarg($form->getField('domain')->getValue()));
//domain_add($form, $_SERVER['SERVER_ADDR'], true);
sudoexec($exec_cmd, $exec_output, $exec_return);
@ -72,7 +72,7 @@ function web_add($form, $admin_mail) {
if ( $form->getField('domain_alias')->getValue() ) {
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
foreach ( $domain_alias as $domain ) {
$exec_cmd = 'web-add.sh add-alias '.$form->getField('username')->getValue().' ';
$exec_cmd = 'web-add.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
$domain = trim($domain);
$exec_cmd .= $domain.' '. $server_list;
sudoexec($exec_cmd, $exec_output, $exec_return);
@ -97,17 +97,17 @@ function web_add_cluster($form, $admin_mail) {
if(!$form->getField('password_random')->getValue()) {
$exec_cmd .= sprintf(' -p %s',
$form->getField('password')->getValue());
escapeshellarg($form->getField('password')->getValue()));
}
/* Ajout des options spécifiques à MySQL si nécessaire */
if($form->getField('mysql_db')->getValue()) {
$exec_cmd .= sprintf(' -m %s',
$form->getField('mysql_dbname')->getValue());
escapeshellarg($form->getField('mysql_dbname')->getValue()));
if(!$form->getField('mysql_password_random')->getValue()) {
$exec_cmd .= sprintf(' -P %s',
$form->getField('mysql_password')->getValue());
escapeshellarg($form->getField('mysql_password')->getValue()));
}
$account['bdd'] = $form->getField('mysql_dbname')->getValue();
@ -173,13 +173,13 @@ function web_add_cluster($form, $admin_mail) {
break;
}
$exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
$admin_mail,
$form->getField('username')->getValue(),
$form->getField('domain')->getValue(),
$master,
$slave,
($realtime ? 'realtime': 'deferred'));
$exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
escapeshellarg($admin_mail),
escapeshellarg($form->getField('username')->getValue()),
escapeshellarg($form->getField('domain')->getValue()),
escapeshellarg($master),
escapeshellarg($slave),
escapeshellarg( ($realtime ? 'realtime': 'deferred')) );
//if ($conf['bindadmin'])
domain_add($form->getField('domain')->getValue(), gethostbyname($master), true, $form->getField('use_gmail_mxs')->getValue());
@ -189,7 +189,7 @@ function web_add_cluster($form, $admin_mail) {
if ( $form->getField('domain_alias')->getValue() ) {
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
foreach ( $domain_alias as $alias ) {
$exec_cmd = 'web-add-cluster.sh add-alias '.$form->getField('username')->getValue().' ';
$exec_cmd = 'web-add-cluster.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
$alias = trim($alias);
$exec_cmd .= $alias.' '.$master.' '.$slave;
sudoexec($exec_cmd, $exec_output2, $exec_return2);
@ -347,7 +347,7 @@ if ($conf['bindadmin']) {
$form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX&nbsp;?", FALSE));
}
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
$form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
}

70
inc/auth.php
View file

@ -1,43 +1,53 @@
<?php
/**
* Authentification page
* Authentification controler
*
* Copyright (c) 2009 Evolix - Tous droits reserves
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author Evolix <info@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author and others.
* @version 1.0
*/
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
$username=$_POST['login'];
$password=$_POST['passw'];
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$input_username = $_POST['login'];
$input_password = $_POST['passw'];
if (hash("sha256",$password) == $conf['logins'][$username]) {
$_SESSION['auth']=1;
$_SESSION['user']=$username;
$_SESSION['error']='';
} else {
$_SESSION['auth']=0;
$_SESSION['user']='';
$_SESSION['error']=1;
}
http_redirect('/');
if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
// Compatibility mode for previous installs (sha256)
$_SESSION['auth'] = true;
$_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
unset($_SESSION['error']);
} else {
$_SESSION['auth'] = false;
$_SESSION['user'] = '';
$_SESSION['error'] = true;
}
http_redirect('/');
} else {
if(!empty($_SESSION['error'])) {
$error=$_SESSION['error'];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
if (!empty($_SESSION['error'])) {
$error = $_SESSION['error'];
unset($_SESSION['error']);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

24
htdocs/common.php → inc/common.php
View file

@ -1,5 +1,4 @@
<?php
/**
* file included in every PHP file
*
@ -92,11 +91,30 @@ function load_config_cluster($cluster) {
*
* @return boolean - True when it's a multi PHP system
*/
function is_multiphp()
{
function is_multiphp() {
global $conf;
return array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1;
}
/**
* Webadd
*
* @return boolean - True when it's a multi PHP system
*/
function run_webadd_cmd($command) {
global $conf;
$cmd = 'web-add.sh '. $command;
$data_output = null;
$exec_return = null;
sudoexec($cmd, $data_output, $exec_return);
return $data_output;
}
/**
* Includes
*/

72
inc/webadmin-delete.php Normal file
View file

@ -0,0 +1,72 @@
<?php
/**
* Apache VirtualHost Management Page
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @version 1.0
*/
require_once EVOADMIN_BASE . '../lib/bdd.php';
require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
if (isset($_POST['delete-vhost'])) {
$domain = $params[1];
while(true) {
// Errors handling
if (empty($_POST['vhost-name'])) {
print "<p>Veuillez entrer le nom du compte web à supprimer.</p>";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
if ($_POST['vhost-name'] !== $domain) {
print "Le nom de compte ne correspond pas.";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
if (isset($_POST['vhost-delete-db']) && empty($_POST['vhost-dbname'])) {
print "Veuillez spécifier un nom de base de données.";
printf ('<p><a href="%s">Retour</a></p>', $_SERVER['REDIRECT_URL']);
break;
}
// Shell arguments
if (!empty($_POST['vhost-dbname']))
$exec_cmd = "web-add.sh del -y " . $domain . " " . $_POST['vhost-dbname'];
else
$exec_cmd = "web-add.sh del -y " . $domain;
// Execute script
sudoexec($exec_cmd, $exec_output, $exec_return);
// Deal with response code
if ($exec_return == 0)
print "<p>Compte supprimé.</p>";
else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
break;
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} else {
include_once EVOADMIN_BASE . '../tpl/webadmin-delete.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

61
inc/webadmin-edit.php
View file

@ -1,11 +1,11 @@
<?php
/**
* Apache VirtualHost Management Page
* Apache VirtualHost Management Page
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
@ -18,21 +18,24 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
if (isset($_GET['del']) ) {
$redirect_url = "/webadmin/" . $params[1] . "/alias/";
if (isset($params[2]) && $params[2] == "delete") {
if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$alias = htmlspecialchars($_GET['del']);
$alias = $params[3];
if (isset($_GET['modif']) && ($_GET['modif'] == 'yes')) {
if (isset($_POST["confirm-delete-alias"])) {
print "<center>";
print "<p>Suppression de $alias...</p>";
$serveralias = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'domain' => $params[1],
'alias' => $alias
);
@ -65,10 +68,10 @@ if (isset($_GET['del']) ) {
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
if (! $bdd->del_serveralias($serveralias))
if (! $bdd->del_serveralias($serveralias))
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
printf ('<p>Alias %s est supprimé.</p>', $serveralias['alias']);
} else
} else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
}
@ -77,27 +80,29 @@ if (isset($_GET['del']) ) {
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
printf ('<p>Alias %s est supprimé.</p>', $serveralias['alias']);
} else
} else
print "<p>La suppression a échouée. Veuillez contacter votre administrateur.</p>";
}
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
} else if ( ! isset($_GET['modif']) ) {
} else {
print "<center>";
print "<form name=\"form-confirm-delete-alias\" id=\"form-confirm-delete-alias\" action=\"\" method=\"POST\">";
print "<p>Confirmez vous la suppression de $alias ?</p>";
printf ('<p><a href="%s?del=%s&modif=yes">Confirmer la suppression</a></p>', $_SERVER['REDIRECT_URL'], $alias);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
print " <p><input type=\"hidden\" name=\"confirm-delete-alias\" value=\"confirm\">";
print " <p><input type=\"submit\" value=\"Confirmer la suppression\"/ style=\"margin-left:0px;\"></p>";
print "</form>";
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} else if (isset($_GET['add']) ) {
}
elseif (isset($params[2]) && $params[2] == "add") {
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
@ -129,7 +134,7 @@ if (isset($_GET['del']) ) {
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'alias' => $form->getField('domain_alias')->getValue(),
);
$account_name=$serveralias['domain'];
$account = $bdd->get_account($account_name);
@ -182,7 +187,7 @@ if (isset($_GET['del']) ) {
}
else {
$serveralias = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'domain' => $params[1],
'alias' => $form->getField('domain_alias')->getValue(),
);
@ -197,30 +202,30 @@ if (isset($_GET['del']) ) {
//domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
print "<center>";
printf ('<p>L\'alias %s du domaine %s a bien été créé</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
}
else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p>Echec dans la creation de l\'alias %s</p>', $serveralias['alias']);
print ('<p>L\'alias existe dans d\'autres vhosts.');
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
}
}
else {
print "<h2>Ajout d'un serveralias</h2><hr>";
print "<h2>Ajout d'un alias</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Ajout d'un serveralias</legend>";
print " <legend>Ajout d'un alias</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Créer\"/></p>";
print " </fieldset>";
@ -228,10 +233,10 @@ if (isset($_GET['del']) ) {
}
} else {
print "<h2>Ajout d'un serveralias</h2><hr>";
print "<h2>Ajout d'un alias</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Ajout d'un serveralias</legend>";
print " <legend>Ajout d'un alias</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Créer\"/></p>";
print " </fieldset>";
@ -240,9 +245,9 @@ if (isset($_GET['del']) ) {
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
} else {
else {
$domain = $params[1];
$alias_list = array();

85
inc/webadmin-itk.php
View file

@ -18,62 +18,43 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
if (isset($_GET['enable']) ) {
if (isset($params[2]) && $params[2] != "") {
$redirect_url = "/webadmin/" . $params[1] . "/itk/";
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
# TODO: sanitize $_GET
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $_GET['enable']
'domain' => $params[1],
);
$enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
if ($params[2] == "enable") {
$enable_cmd = 'web-add.sh enable-user-itk ' . $servername['domain'];
sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
if ($enable_cmd_return == 0) {
print 'Sécurité ITK activée.';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
if ($enable_cmd_return == 0) {
print 'Sécurité ITK activée.';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $redirect_url);
}
}
elseif ($params[2] == "disable") {
$disable_cmd = 'web-add.sh disable-user-itk ' . $servername['domain'];
sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
if ($disable_cmd_return == 0) {
print 'Sécurité ITK désactivée';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $redirect_url);
}
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
elseif (isset($_GET['disable']) ) {
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
# TODO: sanitize $_GET
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $_GET['disable']
);
$disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
if ($disable_cmd_return == 0) {
print 'Sécurité ITK désactivée';
printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
else {
} else {
$domain = $params[1];
$data_list = array();
// TODO: adapt for cluster mode
if ($conf['cluster']) {
@ -97,33 +78,17 @@ else {
$alias_list = $bdd->list_serveralias($domain);
}
else {
$cmd = 'web-add.sh list-servername ' . $domain;
if(!is_superadmin()) {
$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
}
sudoexec($cmd, $data_output, $exec_return);
# à revérifier (notamment gestion erreurs)
if ($exec_return == 0) {
foreach($data_output as $data_line) {
$cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain;
$cmd_itk = 'web-add.sh list-user-itk ' . $domain;
sudoexec($cmd_itk, $data_output_itk, $exec_return_itk);
# on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc.
array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]);
unset($data_output_itk); # reset variable pour éviter conflits
}
}
$user_itk = $data_output_itk[0];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
}
?>

168
inc/webadmin-letsencrypt.php Normal file
View file

@ -0,0 +1,168 @@
<?php
require_once EVOADMIN_BASE . '../lib/letsencrypt.php';
use lib\LetsEncrypt as letsencryt;
// store domain and aliases in session
if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-domains'])) {
$domain = $params[1];
$cmd = 'web-add.sh list-vhost ' . $domain;
sudoexec($cmd, $data_output, $exec_return);
$data_split = explode(':', $data_output[0]);
$aliases = explode(',', $data_split[3]);
$domains = array();
// store domain and aliases
array_push($domains, $data_split[2]);
foreach ($aliases as $alias) {
array_push($domains, $alias);
}
$_SESSION['letsencrypt-domains'] = array_filter($domains);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$letsencrypt = new letsencryt();
$errorMessage = '';
$warningMessage = '';
if (isset($_POST['submit'])) {
while (true) {
// check HTTP
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
if (!$isRemoteResourceAvailable) {
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
break;
}
// check DNS
$valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']);
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
if (!empty($failed_domains)) {
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
break;
}
// make csr
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
if (!$isCsrGenerated) {
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
// evoacme TEST
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
if (!$testGenerateCert) {
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
// evoacme
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
if (!$generateCert) {
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
break;
}
break;
}
} else {
$validUntil = '';
while(true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
$errorMessage = "Erreur : la liste des domaines est vide.";
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
break;
}
// Check existing SSL certificate
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
// if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
continue;
}
$parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
// check if LE is the certificate issuer
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
if (!$isIssuerValid) {
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
break 2; // break the foreach and the while
}
// check wether the certificate is valid or expired
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
if (!$isCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
Souhaitez-vous le renouveller ?";
break 2;
} else {
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
}
// check if the domain is already in the certificate
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
if ($isDomainIncluded) {
array_push($domainsIncluded, $domain);
continue; // break only the current foreach iteration
}
}
// contains all the domains included in the existing certificate
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
break;
}
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
foreach ($domainsIncluded as $domainIncluded) {
$warningMessage .= $domainIncluded . "<br>";
}
$warningMessage .= "<br><strong>En confirmant le renouvellement, vous allez ajouter :</strong><br>";
foreach ($domainsNotIncluded as $domainNotIncluded) {
$warningMessage .= $domainNotIncluded . "<br>";
}
break;
}
break;
}
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';

4
inc/webadmin-php.php
View file

@ -56,7 +56,7 @@ else {
if ($exec_return == 0) {
print "<center>";
printf ('<p>La version de PHP bien été modifié</p>');
printf ('<p>La version de PHP a bien été modifiée</p>');
printf ('<p><a href="/webadmin">Retour à liste des comptes</a></p>');
print "</center>";
@ -64,7 +64,7 @@ else {
else {
print "<center>";
printf ('<h2>ERREUR</h2>');
printf ('<p>Une erreur innatendue s\'est produite </p>');
printf ('<p>Une erreur inattendue s\'est produite </p>');
if ($conf['debug'] == TRUE) {
print '<pre>';

260
inc/webadmin-servername.php
View file

@ -18,150 +18,154 @@ require_once EVOADMIN_BASE . '../lib/domain.php';
global $conf;
if (isset($_GET['edit']) ) {
if (isset($params[2]) && $params[2] == "edit") {
$redirect_url = "/webadmin/" . $params[1] . "/domain/";
if (isset($params[3]) && $params[3] == "") http_redirect($redirect_url);
require_once EVOADMIN_BASE . '../evolibs/Form.php';
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$form = new FormPage("Modification du ServerName", FALSE);
$form->addField('domain_servername', new DomainInputFormField("ServerName", TRUE), $_GET['edit']);
$form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $_GET['edit']);
$form = new FormPage("Modification du Servername", FALSE);
$form->addField('domain_servername', new DomainInputFormField("Servername", TRUE), $params[3]);
$form->addField('previous_servername', new DomainInputFormField("", TRUE, TRUE), $params[3]);
if (!empty($_POST)) {
$form->isCurrentPage(TRUE);
$form->initFields();
if ($form->verify(TRUE)) {
// TODO: Adapt the script for cluster mode
if ($conf['cluster']) {
if (is_mcluster_mode()) {
// If the user has not yet selected a cluster, redirect-it to home page.
if (empty($_SESSION['cluster'])) {
http_redirect('/');
}
$cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']);
}
else {
$cache = $conf['cache'];
}
$bdd = new bdd();
$bdd->open($cache);
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $form->getField('domain_servername')->getValue(),
'previous_servername' => $form->getField('previous_servername')->getValue(),
);
$account_name=$servername['domain'];
$account = $bdd->get_account($account_name);
if (sizeof($account) == 0)
die("Anomalie... Contactez votre administrateur.");
$master = $bdd->get_server_from_roleid($account['id_master']);
$slave = $bdd->get_server_from_roleid($account['id_slave']);
if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0 ) {
/* web-add-cluster addalias */
$exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave;
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
/* Ajout BDD */
$bdd->add_serveralias($serveralias);
domain_add($serveralias['alias'], gethostbyname($master) , false);
# Si le compte en question est en replication temps
# reel, il faut faire un restart manuel de lsyncd
# pour prendre en compte le nouveau domaine.
if ($account['replication'] == "realtime") {
mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70));
}
print "<center>";
printf ('<p>L\'alias %s du domaine %s a bien été créé</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
} else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
}
} else {
print "<center>";
printf ('<p>Alias %s du domaine %s deja existant !</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
if (!empty($_POST)) {
$form->isCurrentPage(TRUE);
$form->initFields();
if ($form->verify(TRUE)) {
// TODO: Adapt the script for cluster mode
if ($conf['cluster']) {
if (is_mcluster_mode()) {
// If the user has not yet selected a cluster, redirect-it to home page.
if (empty($_SESSION['cluster'])) {
http_redirect('/');
}
$cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']);
}
else {
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $form->getField('domain_servername')->getValue(),
'previous_servername' => $form->getField('previous_servername')->getValue(),
);
$account_name=$servername['domain'];
$is_servername_present = check_occurence_name($servername['servername']);
if (!$is_servername_present) {
$exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername'];
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
//domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
print "<center>";
printf ('<p>Le ServerName %s a bien été modifié</p>', $servername['servername']);
printf ('<p><a href="%s">Retour à la liste des ServerNames</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
}
else {
print "<center>";
printf ('<p>Echec dans la modification du ServerName %s</p>', $servername['servername']);
printf ('<p><a href="%s">Retour à la liste des ServerNames</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
}
}
else {
print "<center>";
printf ('<p>Echec dans la modification du ServerName %s</p>', $servername['servername']);
print ('<p>Le domaine existe déjà dans d\'autres vhosts.');
printf ('<p><a href="%s">Retour à la liste des ServerNames</a></p>', $_SERVER['REDIRECT_URL']);
print "</center>";
}
$cache = $conf['cache'];
}
$bdd = new bdd();
$bdd->open($cache);
$servername = array (
'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
'servername' => $form->getField('domain_servername')->getValue(),
'previous_servername' => $form->getField('previous_servername')->getValue(),
);
$account_name=$servername['domain'];
$account = $bdd->get_account($account_name);
if (sizeof($account) == 0)
die("Anomalie... Contactez votre administrateur.");
$master = $bdd->get_server_from_roleid($account['id_master']);
$slave = $bdd->get_server_from_roleid($account['id_slave']);
if ( $bdd->is_serveralias( $account_name, $serveralias['alias'] ) == 0 ) {
/* web-add-cluster addalias */
$exec_cmd = 'web-add-cluster.sh add-alias '.$serveralias['domain'].' '.$serveralias['alias'].' '.$master.' '.$slave;
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
/* Ajout BDD */
$bdd->add_serveralias($serveralias);
domain_add($serveralias['alias'], gethostbyname($master) , false);
# Si le compte en question est en replication temps
# reel, il faut faire un restart manuel de lsyncd
# pour prendre en compte le nouveau domaine.
if ($account['replication'] == "realtime") {
mail('tech@evolix.fr', "[TAF] Redemarrer lsyncd sur $master", wordwrap('killer tous les processus lsyncd lancé par vmail pour le compte '.$account['name'].' et les relancer (cf. la ligne correspondante à ce compte dans la crontab de vmail).\n', 70));
}
print "<center>";
printf ('<p>L\'alias %s du domaine %s a bien été créé</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
} else {
print "<center>";
printf ('<p>Echec dans la creation de l\'alias %s du domaine %s</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
} else {
print "<center>";
printf ('<p>Alias %s du domaine %s deja existant !</p>', $serveralias['alias'], $serveralias['domain']);
printf ('<p><a href="%s">Retour à la liste des alias</a></p>', $redirect_url);
print "</center>";
}
}
else {
$servername = array (
'domain' => $params[1],
'servername' => $form->getField('domain_servername')->getValue(),
'previous_servername' => $form->getField('previous_servername')->getValue(),
);
$account_name=$servername['domain'];
$is_servername_present = check_occurence_name($servername['servername']);
if (!$is_servername_present) {
$exec_cmd = 'web-add.sh update-servername ' . $servername['domain'] . ' ' . $servername['servername'] . ' ' . $servername['previous_servername'];
sudoexec($exec_cmd, $exec_output, $exec_return);
if ($exec_return == 0) {
//domain_add($serveralias['alias'], gethostbyname($master) , false); TODO avec l'IP du load balancer
print "<center>";
printf ('<p>Le Servername %s a bien été modifié</p>', $servername['servername']);
printf ('<p><a href="%s">Retour à la liste des Servernames</a></p>', $redirect_url);
print "</center>";
}
else {
print "<center>";
printf ('<p>Echec dans la modification du Servername %s</p>', $servername['servername']);
printf ('<p><a href="%s">Retour à la liste des Servernames</a></p>', $redirect_url);
print "</center>";
}
}
else {
print "<center>";
printf ('<p>Echec dans la modification du Servername %s</p>', $servername['servername']);
print ('<p>Le domaine existe déjà dans d\'autres vhosts.');
printf ('<p><a href="%s">Retour à la liste des Servernames</a></p>', $redirect_url);
print "</center>";
}
} else {
print "<h2>Modification du ServerName</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Modification du ServerName</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Modifier\"/></p>";
print " </fieldset>";
print "</form>";
}
} else {
print "<h2>Modification du ServerName</h2><hr>";
print "<h2>Modification du Servername</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Modification du ServerName</legend>";
print " <legend>Modification du Servername</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Modifier\"/></p>";
print " </fieldset>";
print "</form>";
}
} else {
print "<h2>Modification du Servername</h2><hr>";
print "<form name=\"form-add\" id=\"form-add\" action=\"\" method=\"POST\">";
print " <fieldset>";
print " <legend>Modification du Servername</legend>";
print $form;
print " <p><input type=\"submit\" value=\"Modifier\"/></p>";
print " </fieldset>";
print "</form>";
}
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
@ -193,17 +197,15 @@ if (isset($_GET['edit']) ) {
$alias_list = $bdd->list_serveralias($domain);
}
else {
$cmd = 'web-add.sh list-servername ' . $domain;
$cmd = 'web-add.sh list-vhost ' . $domain;
if(!is_superadmin()) {
$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
}
sudoexec($cmd, $data_output, $exec_return);
foreach($data_output as $data_line) {
array_push($servername_list, $data_line);
}
$data_vhost = explode(':', $data_output[0]);
$servername = $data_vhost[2];
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';

11
inc/webadmin.php
View file

@ -30,6 +30,12 @@ if (!$conf['cluster']) {
/* Récupération de cette liste dans le tableau $vhost_list */
$vhost_list = array();
if (!isset($_SESSION['non_standard'])) {
$_SESSION['non_standard'] = array();
}
foreach($data_output as $data_line) {
$data_split = explode(':', $data_line);
@ -72,6 +78,11 @@ if (!$conf['cluster']) {
$occupation = "";
}
// current vhost isn't standard and thus not manageable by evoadmin-web
if (!$data_split[9] && (!in_array($data_split[0], $_SESSION['non_standard']))) {
array_push($_SESSION['non_standard'], $data_split[0]);
}
array_push($vhost_list, array(
'owner' => $data_split[0],
'configid' => $data_split[1],

214
lib/letsencrypt.php Normal file
View file

@ -0,0 +1,214 @@
<?php
namespace lib;
/**
* LetsEncrypt
*/
class LetsEncrypt
{
const HTTP_OK = 200;
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
/**
* create the file used to test the HTTP challenge
*/
private function createFileHttpChallenge()
{
$cmd = 'web-add.sh manage-http-challenge-file create';
sudoexec($cmd, $data_output, $exec_return);
}
/**
* delete the file used to test the HTTP challenge
*/
private function deleteFileHttpChallenge()
{
$cmd = 'web-add.sh manage-http-challenge-file delete';
sudoexec($cmd, $data_output, $exec_return);
}
/**
* generate a CSR
* @param string $vhost
* @param Array $domains
* @return boolean
*/
public function makeCsr($vhost, $domains)
{
$domains = implode(' ', $domains);
$cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
sudoexec($cmd, $data_output, $exec_return);
if ($exec_return == 0) {
return true;
}
return false;
}
/**
* Generate a SSL certificate
* @param string $vhost
* @param boolean $test generate in TEST mode or not
* @return boolean
*/
public function generateSSLCertificate($vhost, $test = true)
{
$cmd = 'web-add.sh generate-ssl-certificate ' . $vhost . ' ' . ($test ? "true" : "false");
sudoexec($cmd, $data_output, $exec_return);
if ($exec_return == 0) {
return true;
}
return false;
}
/**
* perform a cURL call on the remote resource
* the cURL call follows redirections
* @param Array $domains list of domains
* @return boolean
*/
public function checkRemoteResourceAvailability($domain)
{
$this->createFileHttpChallenge();
$curl_handler = curl_init();
// setting cURL options
curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
curl_setopt($curl_handler, CURLOPT_HEADER, true);
curl_setopt($curl_handler, CURLOPT_NOBODY, true);
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
curl_exec($curl_handler);
$returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
$returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
$this->deleteFileHttpChallenge();
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
return true;
}
return false;
}
/**
* Query the corresponding IP for each domain
* @param Array $domains list of HTTP checked domains
* @return Array $valid_dns_domains list of valid domains
*/
public function checkDNSValidity($domains)
{
$valid_dns_domains = array();
$serverIP = exec("ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\\1/p'");
foreach ($domains as $domain) {
//FQDN syntax
$domain .= '.';
$dns_record_ipv4 = dns_get_record($domain, DNS_A);
$dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
if ($dns_record_ipv4[0]['ip'] === $serverIP || $dns_record_ipv6[0]['ip'] === $serverIP) {
// remove the last dot added for the FQDN syntax
$domain = rtrim($domain, '.');
array_push($valid_dns_domains, $domain);
}
}
return $valid_dns_domains;
}
/**
* check the presence of make-csr and evoacme binaries
* @return boolean
*/
public function isEvoacmeInstalled()
{
$output_make_csr = shell_exec("which make-csr");
$output_evoacme = shell_exec("which evoacme");
if (empty($output_make_csr) || empty($output_evoacme)) {
return false;
}
return true;
}
/**
* Retrieve the SSL certificate from the URL
* @param string $domain
* @return Array|false $cont list of parameters of the certificate, or false
*/
public function getCertificate($domain)
{
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
$read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
$cont = stream_context_get_params($read);
return $cont;
}
/**
* Parse the certificat arguments and extract data
* @param Array $certificateParameters certificat arguments
* @return Array $infosCert contains only the issuer, domains and expiration date
*/
public function parseCertificate($certificateParameters)
{
$infosCert = array();
$parsedParameters = openssl_x509_parse($certificateParameters["options"]["ssl"]["peer_certificate"]);
$issuer = $parsedParameters["issuer"]["O"];
$includedDomains = $parsedParameters["extensions"]["subjectAltName"];
$validUntil = $parsedParameters["validTo_time_t"];
$infosCert["issuer"] = $issuer;
$infosCert["includedDomains"] = $includedDomains;
$infosCert["validUntil"] = $validUntil;
return $infosCert;
}
/**
* Check wether the certificat is issued by Let's Encrypt or not
* @param string $issuer name of the certificat issuer
* @return boolean
*/
public function isCertIssuedByLetsEncrypt($issuer)
{
return ($issuer === "Let's Encrypt") ? true : false;
}
/**
* Check wether the certificat is valid or not
* @param string $timestampCertValidUntil certificat expiration date in timestamp
* @return boolean
*/
public function isCertValid($timestampCertValidUntil)
{
$currentDate = time();
return ($timestampCertValidUntil > $currentDate) ? true : false;
}
public function isDomainIncludedInCert($domainRequested, $san)
{
$san = preg_replace('/DNS:| DNS:/', '', $san);
$sanArray = explode(',', $san);
return (in_array($domainRequested, $sanArray)) ? true : false;
}
}

42
scripts/ftpadmin.sh
View file

@ -63,26 +63,28 @@ get_user_login_by_UID() {
}
list_accounts_by_UID() {
uid=$1
uid=$1
# Remove # and empty lines
ftp_users=$(grep -v -E '^[[:blank:]]*(#.*)*$' "$VPASSWD_PATH")
while IFS=$'\n' read -r line;
do
line_uid="$(echo "$line" | cut -d":" -f3)"
if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
username="$(get_user_login_by_UID "$line_uid")"
account="$(echo "$line" | cut -d":" -f1)"
path="$(echo "$line" | cut -d":" -f6)"
size="$(du -s "$path" | cut -f 1)"
#modif="$(cat $path/.lastmodified)"
# Passage en minuscule ?
#account="$(echo $account | tr '[A-Z]' '[a-z]')"
#path="$(echo $path | tr '[A-Z]' '[a-z]')"
echo "$username:$account:$path:$size${modif:+:$modif}"
fi
done < "$VPASSWD_PATH"
for line in $ftp_users; do
line_uid="$(echo "$line" | cut -d":" -f3)"
if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
username=$(get_user_login_by_UID "$line_uid")
account=$(echo "$line" | cut -d":" -f1)
path=$(echo "$line" | cut -d":" -f6)
size="inconnue"
# Check output of daily "du" cron job
# (set by ansible-roles/packweb-apache/tasks/main.yml)
if [ -r "$path/.size" ]; then
size=$(cat "$path/.size")
fi
#modif="$(cat $path/.lastmodified)"
echo "$username:$account:$path:$size${modif:+:$modif}"
fi
done
}
add_account() {
@ -119,7 +121,7 @@ delete_account() {
account_name=$1
ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --uid=9999 --gid=9999 --home=/dev/null --shell=/dev/null --delete-user
ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --delete-user
log_msg "Suppression du compte $account_name"
}

8
scripts/vhost
View file

@ -1,4 +1,4 @@
<VirtualHost *:80>
<VirtualHost *:80 *:443>
# FQDN principal
ServerName SERVERNAME
@ -7,6 +7,11 @@
# Repertoire principal
DocumentRoot HOME_DIR/XXX/www/
# SSL
# Apache < 2.4.30 (Jessie, Stretch) va générer une erreur si le fichier
# désigné sans regex n'existe pas. On contourne ça avec [f] à place de f
IncludeOptional /etc/apache2/ssl/XXX.con[f]
# Propriete du repertoire
<Directory HOME_DIR/XXX/www/>
#Options +Indexes +SymLinksIfOwnerMatch
@ -64,4 +69,3 @@
#php_value default_charset ISO-8859-15
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"

2
scripts/web-add-nginx.sh
View file

@ -388,7 +388,7 @@ op_del() {
set -x
deluser www-data $login
userdel $login
userdel -f $login
groupdel $login
sed -i.bak "/^$login:/d" /etc/aliases

448
scripts/web-add.sh
View file

@ -14,6 +14,7 @@
set -e
VERSION="23.02"
HOME="/root"
CONTACT_MAIL="jdoe@example.org"
WWWBOUNCE_MAIL="jdoe@example.org"
@ -22,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
SSH_GROUP="evolinux-ssh"
HOST="$(hostname -f)"
# Set to nginx if you use nginx and not apache
WEB_SERVER="apache"
@ -58,6 +60,7 @@ config_file="/etc/evolinux/web-add.conf"
usage() {
cat <<EOT >&2
Evoadmin web tooling - Version $VERSION
Usage: $0 COMMAND [ARG]
add [ [OPTIONS] LOGIN WWWDOMAIN ]
@ -100,12 +103,18 @@ add [ [OPTIONS] LOGIN WWWDOMAIN ]
Example : web-add.sh add -m testdb -r 56 testlogin testdomain.com
del LOGIN [DBNAME]
del [ [OPTIONS] LOGIN [DBNAME] ]
Delete account and all files related (Apache, Awstats, etc)
Archive home directory.
Remove MySQL database only if DBNAME is specified.
-y
Don't ask for confirmation
Example : web-add.sh del -y testlogin testdatabase
list-vhost LOGIN
List Apache vhost for user LOGIN
@ -122,30 +131,26 @@ del-alias VHOST ALIAS
Del a ServerAlias from an Apache vhost
list-servername LOGIN
List ServerName(s) for user LOGIN
update-servername VHOST SERVERNAME OLD_SERVERNAME
Replace the OLD_SERVERNAME with the SERVERNAME for an Apache vhost
Also apply to rules
Also apply to rewrite rules
check-occurence NAME
List all occurences of NAME in vhosts
list-user-itk DOMAIN LOGIN
list-user-itk LOGIN
List the assigned ITK user for the DOMAIN specified
List the assigned ITK user for the LOGIN specified
enable-user-itk DOMAIN LOGIN
enable-user-itk LOGIN
Enable the assigned ITK user for the DOMAIN specified
Enable the assigned ITK user for the LOGIN specified
disable-user-itk DOMAIN LOGIN
disable-user-itk LOGIN
Disable the assigned ITK user for the DOMAIN specified
Disable the assigned ITK user for the LOGIN specified
setphpversion LOGIN VERSION
@ -154,6 +159,25 @@ setphpversion LOGIN VERSION
setquota LOGIN QUOTA_SOFT:QUOTA_HARD
Change quotas for LOGIN
manage-http-challenge-file [CREATE | DELETE]
Create or delete a dummy file for the Let's Encrypt HTTP challenge
The default directory is /var/lib/letsencrypt/.well-known/
generate-csr LOGIN DOMAINS
Generate the request for the Let's Encrypt certificate
generate-ssl-certificate LOGIN [false]
Generate the Let's Encrypt certificate
Run in TEST mode unless "false" is used
version
Obtain the script version
EOT
}
@ -170,7 +194,7 @@ EOT
}
gen_random_passwd() {
apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
apg -c /dev/urandom -MNCL -n1 -m18 -E oOlL10
}
validate_login() {
@ -213,6 +237,15 @@ validate_wwwdomain() {
in_error "Le nom de domaine est obligatoire"
return 1
fi
case "$wwwdomain" in
*'/'*)
in_error "Le caractère / n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
return 1;;
*':'*)
in_error "Le caractère : n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
return 1;;
esac
return 0
}
@ -397,22 +430,35 @@ create_www_account() {
pool_path="/etc/php/7.0/fpm/pool.d/"
elif [ "$php_version" = "73" ]; then
pool_path="/etc/php/7.3/fpm/pool.d/"
elif [ "$php_version" = "74" ]; then
pool_path="/etc/php/7.4/fpm/pool.d/"
elif [ "$php_version" = "80" ]; then
pool_path="/etc/php/8.0/fpm/pool.d/"
elif [ "$php_version" = "81" ]; then
pool_path="/etc/php/8.1/fpm/pool.d/"
elif [ "$php_version" = "82" ]; then
pool_path="/etc/php/8.2/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
phpfpm_socket_path="/home/${in_login}/php-fpm${php_version}.sock"
cat <<EOT >/var/lib/lxc/php"${php_version}"/rootfs/${pool_path}/"${in_login}".conf
[${in_login}]
user = ${in_login}
user = www-${in_login}
group = ${in_login}
listen = ${phpfpm_socket_path}
listen.owner = ${in_login}
listen.group = ${in_login}
pm = ondemand
pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
pm.max_children = 10
pm.process_idle_timeout = 10s
php_admin_value[error_log] = /home/${in_login}/log/php.log
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
EOT
step_ok "Création du pool FPM ${php_version}"
done
@ -421,6 +467,9 @@ EOT
random=$RANDOM
if [ "$WEB_SERVER" == "apache" ]; then
# On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
mkdir -p /etc/apache2/ssl
vhostfile="/etc/apache2/sites-available/${in_login}.conf"
sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
@ -446,7 +495,7 @@ EOT
sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
fi
a2ensite "$in_login" >/dev/null
a2ensite "${in_login}.conf" >/dev/null
step_ok "Configuration d'Apache"
@ -558,6 +607,18 @@ EOT
elif [ "$php_version" = "73" ]; then
initscript_path="/etc/init.d/php7.3-fpm"
binary="php-fpm7.3"
elif [ "$php_version" = "74" ]; then
initscript_path="/etc/init.d/php7.4-fpm"
binary="php-fpm7.4"
elif [ "$php_version" = "80" ]; then
initscript_path="/etc/init.d/php8.0-fpm"
binary="php-fpm8.0"
elif [ "$php_version" = "81" ]; then
initscript_path="/etc/init.d/php8.1-fpm"
binary="php-fpm8.1"
elif [ "$php_version" = "82" ]; then
initscript_path="/etc/init.d/php8.2-fpm"
binary="php-fpm8.2"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
@ -612,28 +673,161 @@ EOT
}
op_del() {
if [ $# -lt 1 ]; then
usage
exit 1
#
# Mode interactif
#
if [ $# -eq 0 ]; then
echo
echo "Suppression d'un compte WEB"
echo
until [ "$login" ]; do
echo -n "Entrez le login du compte à supprimer : "
read -r tmp
login="$tmp"
done
echo -n "Voulez-vous aussi supprimer un compte/base MySQL ? [y|N]"
read -r confirm
if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
echo -n "Entrez le nom de la base de donnees ($login par defaut) : "
read -r tmp
if [ -z "$tmp" ]; then
dbname=$login
else
dbname="$tmp"
fi
fi
#
# Mode non interactif
#
else
login=$1
if [ $# -eq 2 ]; then
dbname=$2
while getopts hy opt; do
case "$opt" in
y)
force_confirm=1
;;
h)
usage
exit 1
;;
?)
usage
exit 1
;;
esac
done
shift $((OPTIND - 1))
if [ $# -gt 0 ] && [ $# -le 2 ]; then
login=$1
if [ $# -eq 2 ]; then
dbname=$2
fi
else
usage
exit 1
fi
fi
echo
echo "----------------------------------------------"
echo "Nom du compte : $login"
if [ "$dbname" ]; then
echo "Base de données MySQL : $dbname"
fi
echo "----------------------------------------------"
echo
if [ -z "$force_confirm" ]; then
echo -n "Confirmer la suppression ? [y/N] : "
read -r tmp
echo
if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
echo "Annulation..."
echo
exit 1
fi
fi
echo "Deleting account $login. Continue ?"
read -r
set -x
if [ "$WEB_SERVER" == "apache" ]; then
userdel www-"$login"
# Crontab dump needs to be done **before** user deletion
if crontab -l -u "$login"; then
crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
crontab -r -u "$login"
fi
userdel "$login"
for php_version in "${PHP_VERSIONS[@]}"; do
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
lxc-attach -n php"${php_version}" -- userdel -f "$login"
done
# Deactivate web vhost (apache or nginx)
if [ "$WEB_SERVER" == "apache" ]; then
if a2query -s test12 >/dev/null 2&>1; then
a2dissite "${login}.conf"
fi
rm -f /etc/apache2/sites-available/"$login.conf"
apache2ctl configtest
for php_version in "${PHP_VERSIONS[@]}"; do
if [ "$php_version" = "70" ]; then
phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
initscript_path="/etc/init.d/php7.0-fpm"
elif [ "$php_version" = "73" ]; then
phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
initscript_path="/etc/init.d/php7.3-fpm"
elif [ "$php_version" = "74" ]; then
phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
initscript_path="/etc/init.d/php7.4-fpm"
elif [ "$php_version" = "80" ]; then
phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
initscript_path="/etc/init.d/php8.0-fpm"
elif [ "$php_version" = "81" ]; then
phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
initscript_path="/etc/init.d/php8.1-fpm"
elif [ "$php_version" = "82" ]; then
phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
initscript_path="/etc/init.d/php8.2-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
fi
rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
done
elif [ "$WEB_SERVER" == "nginx" ]; then
rm -f /etc/nginx/sites-{available,enabled}/"$login"
rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
nginx -t
fi
rm -f /etc/awstats/awstats."$login.conf"
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
userdel -f www-"$login"
fi
for php_version in "${PHP_VERSIONS[@]}"; do
if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
fi
if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
lxc-attach -n php"${php_version}" -- userdel -f "$login"
fi
done
fi
if getent passwd "$login" &> /dev/null; then
userdel -f "$login"
fi
sed -i.bak "/^$login:/d" /etc/aliases
if [ "$WEB_SERVER" == "apache" ]; then
sed -i.bak "/^www-$login:/d" /etc/aliases
@ -650,42 +844,15 @@ op_del() {
echo "warning : $HOME_DIR/$login does not exist"
fi
if [ "$WEB_SERVER" == "apache" ]; then
a2dissite "$login"
rm /etc/apache2/sites-available/"$login.conf"
rm /etc/awstats/awstats."$login.conf"
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
apache2ctl configtest
for php_version in "${PHP_VERSIONS[@]}"; do
if [ "$php_version" = "70" ]; then
phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
initscript_path="/etc/init.d/php7.0-fpm"
elif [ "$php_version" = "73" ]; then
phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
initscript_path="/etc/init.d/php7.3-fpm"
else
phpfpm_dir="/etc/php5/fpm/pool.d/"
initscript_path="/etc/init.d/php5-fpm"
fi
rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
done
elif [ "$WEB_SERVER" == "nginx" ]; then
rm /etc/nginx/sites-{available,enabled}/"$login"
rm /etc/awstats/awstats."$login.conf"
rm /etc/munin/plugins/phpfpm_"${in_login}"*
sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
nginx -t
if [ -d /etc/letsencrypt/"$login" ]; then
rm -r /etc/letsencrypt/"$login"
fi
set +x
if [ -n "$dbname" ]; then
echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
read -r
set -x
echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
echo "DROP DATABASE \`$dbname\`; DROP USER \`$login\`@localhost; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
set +x
fi
}
@ -755,9 +922,6 @@ arg_processing() {
del-alias)
op_aliasdel "$@"
;;
list-servername)
op_listservername "$@"
;;
update-servername)
op_servernameupdate "$@"
;;
@ -779,6 +943,18 @@ arg_processing() {
setquota)
op_setquota "$@"
;;
manage-http-challenge-file)
op_managehttpchallengefile "$@"
;;
generate-csr)
op_makecsr "$@"
;;
generate-ssl-certificate)
op_generatesslcertificate "$@"
;;
version)
op_version "$@"
;;
*)
usage
;;
@ -786,6 +962,64 @@ arg_processing() {
fi
}
op_makecsr() {
if [ $# -gt 1 ]; then
vhost="$1"
domains=""
# remove the first argument to keep only the domains
shift 1
for domain in "$@"; do
domains="${domains:+${domains} }${domain}"
done
# pipe the domains to make-csr because we don't have STDIN
echo "$domains" | make-csr "$vhost"
else usage
fi
}
op_generatesslcertificate() {
if [ $# -gt 1 ]; then
vhost="$1"
test_mode="$2"
if [ "$test_mode" = "false" ]; then
if [ -L /etc/letsencrypt/$vhost/live ]; then
rm /etc/letsencrypt/$vhost/live
fi
evoacme "$vhost"
else
DRY_RUN=1 evoacme "$vhost"
fi
else usage
fi
}
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
folder="/var/lib/letsencrypt/.well-known"
file="testfile"
action=${1};
if [ "$action" = "create" ]; then
if [ ! -d "$folder" ]; then
mkdir -p "$folder/acme-challenge"
fi
if [ ! -f "$folder/acme-challenge/$file" ]; then
touch "$folder/acme-challenge/$file"
fi
chmod -R 755 "$folder"
elif [ "$action" = "delete" ]; then
rm -r "$folder"
else usage
fi
else usage
fi
}
op_listvhost() {
if [ $# -eq 1 ]; then
configlist="$VHOST_PATH/${1}.conf";
@ -793,7 +1027,6 @@ op_listvhost() {
configlist="$VHOST_PATH/*";
fi
for configfile in $configlist; do
if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl|evoadmin)\\.conf$"; then
servername="$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | head -n 1)"
@ -811,9 +1044,17 @@ op_listvhost() {
else
is_enabled=0
fi
count_virtualhosts="$(grep "<VirtualHost" "$configfile" | wc -l)"
if [ "$count_virtualhosts" -eq 1 ]; then
is_standard=1
else
is_standard=0
fi
if [ "$servername" ] && [ "$userid" ]; then
configid=$(basename "$configfile")
echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled"
echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled:$is_standard"
fi
fi
done
@ -823,12 +1064,23 @@ op_aliasadd() {
if [ $# -eq 2 ]; then
vhost="${1}.conf"
alias=$2
vhost_file="${VHOST_PATH}/${vhost}"
[ -f $VHOST_PATH/"$vhost" ] && sed -i "/ServerName .*/a \\\tServerAlias $alias" "$VHOST_PATH"/"$vhost" --follow-symlinks
if [ -f "${vhost_file}" ]; then
sed -i "/ServerName .*/a \\\tServerAlias $alias" "${vhost_file}" --follow-symlinks
else
echo "VHost file \`${vhost_file}' not found'" >&2
return 1
fi
apache2ctl configtest 2>/dev/null
/etc/init.d/apache2 force-reload >/dev/null
configtest_out=$(apache2ctl configtest)
configtest_rc=$?
if [ "$configtest_rc" = "0" ]; then
/etc/init.d/apache2 force-reload >/dev/null
else
echo $configtest_out >&2
fi
else usage
fi
}
@ -859,25 +1111,6 @@ op_aliasdel() {
fi
}
op_listservername() {
if [ $# -eq 1 ]; then
vhost_file="$VHOST_PATH/${1}.conf";
if [ -f "${vhost_file}" ]; then
servernames=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$vhost_file" | uniq)
for servername in $servernames; do
echo "$servername";
done
else
echo "VHost file \`${vhost_file}' not found'" >&2
return 1
fi
else
usage
fi
}
op_servernameupdate() {
if [ $# -eq 3 ]; then
vhost="${1}.conf"
@ -885,7 +1118,6 @@ op_servernameupdate() {
old_servername=$3
vhost_file="${VHOST_PATH}/${vhost}"
# Remplacement de toutes les directives ServerName, on assume qu'il s'agit du même pour chaque vhost du fichier
if [ -f "${vhost_file}" ]; then
sed -i "/^ *ServerName/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
sed -i "/^ *RewriteCond/ s/$old_servername/$servername/g" "${vhost_file}" --follow-symlinks
@ -915,36 +1147,34 @@ op_checkoccurencename() {
if [ -r "$configfile" ]; then
alias=$(perl -ne 'print "$1 " if /^[[:space:]]*ServerAlias (.*)/' "$configfile" | head -n 1)
aliases="$aliases $alias"
servername=$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | uniq)
servernames="$servernames $servername"
fi
done
echo "$servernames" "$aliases" | grep -w "$name"
echo "$servernames" "$aliases" | grep -E "(^|\s)$name(\s|$)"
else
usage
fi
}
op_listuseritk() {
if [ $# -eq 2 ]; then
domain=${1}
configfile="$VHOST_PATH/${2}.conf"
sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $2}' | uniq
if [ $# -eq 1 ]; then
configfile="$VHOST_PATH/${1}.conf"
awk '/AssignUserID/ {print $2}' "$configfile" | uniq
else
usage
fi
}
op_enableuseritk() {
if [ $# -eq 2 ]; then
domain=${1}
configfile="$VHOST_PATH/${2}.conf"
group=$(sed -n "/$domain/,/<\/VirtualHost>/p" "$configfile" | awk '/AssignUserID/ {print $3}' | uniq)
if [ $# -eq 1 ]; then
configfile="$VHOST_PATH/${1}.conf"
group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID $group/ AssignUserID www-$group/" "$configfile" --follow-symlinks
sed -i "s/^ *AssignUserID $group/ AssignUserID www-$group/" "$configfile" --follow-symlinks
configtest_out=$(apache2ctl configtest)
configtest_rc=$?
@ -960,12 +1190,11 @@ op_enableuseritk() {
}
op_disableuseritk() {
if [ $# -eq 2 ]; then
domain=${1}
configfile="$VHOST_PATH"/"${2}".conf
group=$(sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $3}' | uniq)
if [ $# -eq 1 ]; then
configfile="$VHOST_PATH"/"${1}".conf
group=$(awk '/AssignUserID/ {print $3}' "$configfile" | uniq)
sed -i "/$domain/,/<\/VirtualHost>/ s/^ *AssignUserID www-$group/ AssignUserID ${group}/" "$configfile" --follow-symlinks
sed -i "s/^ *AssignUserID www-$group/ AssignUserID ${group}/" "$configfile" --follow-symlinks
configtest_out=$(apache2ctl configtest)
configtest_rc=$?
@ -1200,7 +1429,7 @@ op_checkvhosts() {
do
vhost_name=$(basename "$ln_path")
fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
fix_ln="a2ensite $vhost_name"
fix_ln="a2ensite ${vhost_name}.conf"
if [[ -z "$apply" ]]; then
echo "Suggested fixes for $vhost_name:"
@ -1214,5 +1443,10 @@ op_checkvhosts() {
done
}
# Return web-add.sh version
op_version(){
echo "$VERSION"
}
# Point d'entrée
arg_processing "$@"

63
tpl/auth.tpl.php
View file

@ -1,43 +1,46 @@
<?php
/**
* Authentification form
* Authentification page
*
* Copyright (c) 2009 Evolix - Tous droits reserves
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author Evolix <info@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr>
* @author and others.
* @version 1.0
*/
?>
<br/><br/>
<h2>Evoadmin : Connexion</h2>
<form method="POST">
<table align="center">
<tr>
<td align="right">Utilisateur : &nbsp;</td>
<td align="left"><input type="text" name="login" /></td>
</tr>
<tr>
<td align="right">Mot de passe : &nbsp;</td>
<td align="left"><input type="password" name="passw" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td align="left"><br/><input type="submit" value="Connexion" /></td>
</tr>
<?php
if (!empty($error)) {
?>
<tr>
<td colspan="2" class="auth-error">Identifiants invalides. Veuillez -essayer</td>
</tr>
<?php
}
?>
<tr>
<td align="right">Utilisateur : &nbsp;</td>
<td align="left"><input type="text" name="login" /></td>
</tr>
<tr>
<td align="right">Mot de passe : &nbsp;</td>
<td align="left"><input type="password" name="passw" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td align="left"><br/><input type="submit" value="Connexion" /></td>
</tr>
<?php
if (!empty($error)) {
?>
<tr>
<td colspan="2" class="auth-error">
Identifiants invalides.
Veuillez -essayer
</td>
</tr>
<?php
}
?>
</table>
</form>

6
tpl/header.tpl.php
View file

@ -21,7 +21,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>EvoAdmin - Powered by Evolix</title>
<title>Evoadmin-web - Powered by Evolix</title>
<link rel="stylesheet" href="/inc/css/main.css" type="text/css" media="screen, projection" />
<script type="text/javascript" src="/inc/js/lib/prototype-1.6.0.3.js"></script>
<script type="text/javascript" src="/inc/js/ftpadmin.js"></script>
@ -31,10 +31,10 @@
<body>
<div id="main">
<h1 id="top">EvoAdmin
<h1 id="top">Evoadmin-web
<?php
if(!empty($_SESSION['user'])) {
print ' - '.$_SESSION['user'];
print ' v'.$_SESSION['cli_version'].' - '.$_SESSION['user'];
if(is_superadmin()) {
print ' (Administrateur)';

36
tpl/webadmin-delete.tpl.php Normal file
View file

@ -0,0 +1,36 @@
<?php
/**
* Suppression d'un compte web
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Thomas Martin <tmartin@evolix.fr>
* @version 1.0
*/
?>
<h2>Suppression du compte web</h2>
<form name="form-delete-vhost" id="form-add" action="" method="POST">
<fieldset>
<p>
<label for="vhost-name">Nom du compte :</label>
<input type="text" name="vhost-name">
</p>
<p>
<label for="vhost-delete-db">Supprimer la base de données ? :</label>
<input id="vhost-delete-db" name="vhost-delete-db" checked="checked" value="1" type="checkbox">
</p>
<p>
<label for="vhost-dbname">Nom de la base de données :</label>
<input type="text" name="vhost-dbname" id="vhost-dbname">
</p>
<p>
<input type="submit" name="delete-vhost" value="Supprimer">
</p>
</fieldset>
</form>

25
tpl/webadmin-edit.tpl.php
View file

@ -5,7 +5,7 @@
*
* Copyright (c) 2009 Evolix - Tous droits reserves
*
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
*
* @author Thomas Martin <tmartin@evolix.fr>
* @version 1.0
@ -15,13 +15,13 @@
<h2>Server Alias</h2>
<?php
<?php
if(count($alias_list) > 0) {
if(count($alias_list) > 0) {
if (is_superadmin()) {
print "<center>";
printf('<p><a href="/webadmin/edit/%s?add">Ajouter un alias</a></p>', $domain);
printf('<p><a href="/webadmin/%s/alias/add/">Ajouter un alias</a></p>', $domain);
print "</center>";
}?>
@ -35,28 +35,27 @@
</tr>
</thead>
<tbody>
<?php
for ( $i=0; $i < count($alias_list); ++$i ) {
<?php
for ( $i=0; $i < count($alias_list); ++$i ) {
print '<tr>';
printf('<td><a href="http://%s">http://%s</a></td>',
printf('<td>%s</td>',
$alias_list[$i]['alias'], $alias_list[$i]['alias']);
if (is_superadmin())
printf('<td><a href="/webadmin/edit/%s?del=%s">Supprimer</a></td>',
if (is_superadmin())
printf('<td><a href="/webadmin/%s/alias/delete/%s/">Supprimer</a></td>',
$domain, $alias_list[$i]['alias']);
print '</tr>';
} ?>
</tbody>
</table>
<?php
<?php
} else {
print "<p>Aucun alias existant pour le domaine $domain !</p>";
if (is_superadmin()) {
print "<center>";
printf('<p><a href="/webadmin/edit/%s?add">Ajouter un alias</a></p>', $domain);
printf('<p><a href="/webadmin/%s/alias/add/">Ajouter un alias</a></p>', $domain);
print "</center>";
}
}
?>

35
tpl/webadmin-itk.tpl.php
View file

@ -17,12 +17,11 @@
<?php
if(count($data_list) > 0) { ?>
if(!empty($user_itk)) { ?>
<table id="tab-list">
<thead>
<tr>
<th>ServerName</th>
<th>Utilisateur</th>
<?php if (is_superadmin()) {
print '<th>Action</th>';
@ -31,25 +30,23 @@
</thead>
<tbody>
<?php
for ( $i=0; $i < count($data_list); ++$i ) {
print '<tr>';
printf('<td>%s</td>',
$data_list[$i]['servername']);
printf('<td>%s</td>',
$data_list[$i]['user']);
if (is_superadmin()) {
if (strpos($data_list[$i]['user'], 'www') !== false) {
$action = ['disable', 'Désactiver'];
} else {
$action = ['enable', 'Activer'];
}
print '<tr>';
printf('<td>%s</td>',
$user_itk);
if (is_superadmin()) {
printf('<td><a href="/webadmin/itk/%s?%s=%s">'.$action[1].'</a></td>',
$domain, $action[0], $data_list[$i]['servername']);
}
print '</tr>';
} ?>
if (strpos($user_itk, 'www') !== false) {
$action = ['disable', 'Désactiver'];
} else {
$action = ['enable', 'Activer'];
}
printf('<td><a href="/webadmin/%s/itk/%s/">'.$action[1].'</a></td>',
$domain, $action[0]);
}
print '</tr>';
?>
</tbody>
</table>
<?php

53
tpl/webadmin-letsencrypt.tpl.php Normal file
View file

@ -0,0 +1,53 @@
<h2>Gestion Let's Encrypt</h2>
<?php
if (isset($_POST['submit'])) {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
}
} else {
echo "Votre certificat SSL a bien été installé !";
}
} else {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
}
} elseif (!empty($warningMessage)) {
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
<p>
<input type="hidden" name="force_renew">
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
</p>
</form>
<?php
} else {
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
if (count($_SESSION['letsencrypt-domains']) > 0) {
echo '<p>';
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
echo $domain . '<br>';
}
echo '</p>';
?>
<form name="form-confirm-install-cert" id="form-confirm-install-cert" action="" method="POST">
<p><input type="submit" name="submit" value="Installer le certificat" style="margin-left:0px;"></p>
</form>
<?php
}
}
}

25
tpl/webadmin-servername.tpl.php
View file

@ -13,16 +13,16 @@
?>
<h2>ServerNames</h2>
<h2>Servername</h2>
<?php
if(count($servername_list) > 0) { ?>
if(!empty($servername)) { ?>
<table id="tab-list">
<thead>
<tr>
<th>ServerName</th>
<th>Servername</th>
<?php if (is_superadmin()) {
print '<th>Action</th>';
} ?>
@ -30,20 +30,19 @@
</thead>
<tbody>
<?php
for ( $i=0; $i < count($servername_list); ++$i ) {
print '<tr>';
printf('<td>%s</td>',
$servername_list[$i]);
if (is_superadmin())
printf('<td><a href="/webadmin/servername/%s?edit=%s">Modifier</a></td>',
$domain, $servername_list[$i]);
print '</tr>';
} ?>
print '<tr>';
printf('<td>%s</td>',
$servername);
if (is_superadmin())
printf('<td><a href="/webadmin/%s/domain/edit/%s/">Modifier</a></td>',
$domain, $servername);
print '</tr>';
?>
</tbody>
</table>
<?php
} else {
print "<p>Aucun ServerName existant pour le domaine $domain !</p>";
print "<p>Aucun Servername existant pour le domaine $domain !</p>";
}

26
tpl/webadmin.tpl.php
View file

@ -22,9 +22,9 @@
<thead>
<tr>
<?php if(is_superadmin()) {
print '<th>Propriétaire</th>';
print '<th>Virtual Host</th>';
} ?>
<th>Domaine</th>
<th>Servername</th>
<?php if(is_superadmin()) {
print '<th>Alias</th>';
}
@ -61,7 +61,7 @@
if(is_superadmin()) {
printf('<td>%s</td>', $vhost_info['owner']);
}
printf('<td><a href="http://%s">http://%s</a></td>',
printf('<td>%s</td>',
$vhost_info['server_name'], $vhost_info['server_name']);
if ($conf['cluster']) {
@ -87,7 +87,7 @@
printf('<td>%s</td>', $vhost_info['slave']);
}
printf('<td align="left">%s</td>', preg_replace('/,/','<br />',$vhost_info['server_alias']));
printf('<td>%s</td>', preg_replace('/,/','<br />',$vhost_info['server_alias']));
if ($conf['quota']) {
printf('<td>%s</td>', $vhost_info['size']);
@ -95,6 +95,7 @@
printf('<td>%s</td>', $vhost_info['quota_hard']);
printf('<td>%s</td>', $vhost_info['occupation']);
}
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
printf('<td>%s</td>', preg_replace("/^(\d)(\d)$/", '\1.\2', $vhost_info['php_version']));
}
@ -102,10 +103,19 @@
if (is_superadmin()) {
printf('<td>');
printf('<a href="/webadmin/edit/%s">Alias</a> - ', $vhost_info['owner']);
printf('<a href="/webadmin/servername/%s">Servername</a> - ', $vhost_info['owner']);
printf('<a href="/webadmin/itk/%s">ITK</a> - ', $vhost_info['owner']);
printf('<a href="/webadmin/php/%s">PHP</a>', $vhost_info['owner']);
if (!in_array($vhost_info['owner'], $_SESSION['non_standard'])) {
printf('<a href="/webadmin/%s/alias/">Alias</a> - ', $vhost_info['owner']);
printf('<a href="/webadmin/%s/domain/">Servername</a> - ', $vhost_info['owner']);
if(is_multiphp()) {
printf('<a href="/webadmin/%s/php/">PHP</a> - ', $vhost_info['owner']);
} else {
printf('<a href="/webadmin/%s/itk/">ITK</a> - ', $vhost_info['owner']);
}
printf('<a href="/webadmin/%s/letsencrypt/">Let\'s Encrypt</a> - ', $vhost_info['owner']);
printf('<a href="/webadmin/delete/%s">Supprimer</a>', $vhost_info['owner']);
} else {
print '<span class="form-mandatory-ok">VirtualHost non standard</span>';
}
printf('</td>');
}