Compare commits
6 commits
master
...
letsencryp
Author | SHA1 | Date | |
---|---|---|---|
b171a025db | |||
bbc8558d6d | |||
0fdc6d0855 | |||
b60bd7a115 | |||
ea352a045a | |||
eeb2ac4bd0 |
66
CHANGELOG.md
66
CHANGELOG.md
|
@ -1,66 +0,0 @@
|
||||||
# Changelog
|
|
||||||
All notable changes to this project will be documented in this file.
|
|
||||||
|
|
||||||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
|
||||||
|
|
||||||
This project does not follow semantic versioning.
|
|
||||||
The **major** part of the version is the year
|
|
||||||
The **minor** part changes is the month
|
|
||||||
The **patch** part changes is incremented if multiple releases happen the same month
|
|
||||||
|
|
||||||
## [Unreleased]
|
|
||||||
|
|
||||||
### Added
|
|
||||||
|
|
||||||
### Changed
|
|
||||||
|
|
||||||
### Fixed
|
|
||||||
|
|
||||||
### Removed
|
|
||||||
|
|
||||||
### Security
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## [24.04]
|
|
||||||
|
|
||||||
### Added
|
|
||||||
|
|
||||||
* Prevent op_del to fail and able to remove web account when part of it is already removed
|
|
||||||
|
|
||||||
### Changed
|
|
||||||
|
|
||||||
* Add sendmail_path and open_basedir in LXC PHP pool configs
|
|
||||||
|
|
||||||
### Fixed
|
|
||||||
|
|
||||||
* letsencrypt: Add required check when retrieving certificate. (Avoid TypeError.)
|
|
||||||
* web-add.sh: Fix ssh group membership (#94)
|
|
||||||
|
|
||||||
### Removed
|
|
||||||
|
|
||||||
### Security
|
|
||||||
|
|
||||||
|
|
||||||
## [23.02] 2023-02-20
|
|
||||||
|
|
||||||
### Added
|
|
||||||
|
|
||||||
* web : Display web-add.sh version
|
|
||||||
|
|
||||||
### Changed
|
|
||||||
|
|
||||||
* Readme.md : Translated to english. New contribution guidelines and misc information
|
|
||||||
|
|
||||||
### Fixed
|
|
||||||
|
|
||||||
* web-add.sh : Deleting mysql user with DROP USER to stay compatible with MariaDB 10.5+ - #78
|
|
||||||
* web-add.sh : Correcting deletion order to avoid dependency issues - #76
|
|
||||||
|
|
||||||
### Removed
|
|
||||||
|
|
||||||
### Security
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
250
README.md
250
README.md
|
@ -1,48 +1,242 @@
|
||||||
# Evoadmin-web
|
# evoadmin-web
|
||||||
|
|
||||||
Web interface and management scripts for web hosting
|
Panel d'administration de serveur web et scripts shell.
|
||||||
|
|
||||||
Project leader : ?
|
Project leader : ?
|
||||||
|
|
||||||
## Versions & Branches
|
## Versions
|
||||||
|
|
||||||
The `master` branch is ready for production.
|
* Stable Wheezy → git checkout wheezy
|
||||||
It's compatible with the current Debian version (and few previous ones)
|
* Stable Jessie → git checkout jessie
|
||||||
|
* Stretch → master
|
||||||
Code for older Debian releases (Wheezy, Jessie) is archived on separate branches.
|
|
||||||
|
|
||||||
The `unstable` branch contains not sufficiently tested changes that we don't consider ready for production yet.
|
|
||||||
|
|
||||||
### Versions
|
|
||||||
|
|
||||||
* Debian Stretch, Buster, Bullseye → use branch `master` (current stable version)
|
|
||||||
* Debian Jessie → use branch `jessie` (old, archive branch)
|
|
||||||
* Debian Wheezy → use branch `wheezy` (old, archive branch)
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
Installation should be done with Ansible.
|
Via ansible avec le role packweb-apache. Le role webapps/evoadmin-web en dépendance se charge de l'installation de l'interface et de ses scripts.
|
||||||
The role `packweb-apache` will handle all dependencies (Apache, PHP, MariaDB...) installation and configuration.
|
|
||||||
It will also use the role `webapps/evoadmin-web` to setup the web-interface and management sw
|
|
||||||
|
|
||||||
### Manually
|
### Manuelle
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|
||||||
## Contributing
|
|
||||||
|
|
||||||
Contributions are welcome, especially bug fixes. They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".
|
### Activation du mode Multi PHP avec des conteneurs LXC
|
||||||
|
|
||||||
Before starting anything of importance, we suggest opening an issue to discuss what you'd like to add or change.
|
Installer les paquets nécessaires :
|
||||||
|
|
||||||
All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits and with the CHANGELOG in the same commit.
|
~~~
|
||||||
|
# apt install lxc debootstrap
|
||||||
|
~~~
|
||||||
|
|
||||||
# Workflow
|
Modifier la configuration de LXC :
|
||||||
|
|
||||||
The ideal and most typical workflow is to create a branch, based on the `unstable` branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into `unstable`.
|
~~~
|
||||||
|
# cat /etc/lxc/default.conf
|
||||||
|
|
||||||
Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into `unstable`.
|
# Set the default network virtualization method.
|
||||||
|
lxc.network.type = none
|
||||||
|
|
||||||
Hotfixes, can be prepared on a new branch, based on `master` or `unstable` (to be decided by the author). When ready, it can be merged back to `master` for immediate deployment and to `unstable` for proper backporting.
|
# Mount /home into containers.
|
||||||
|
lxc.mount.entry = /home home none bind 0 0
|
||||||
|
|
||||||
Other workflow are not forbidden, but should be discussed in advance.
|
# Only one tty is enough.
|
||||||
|
# This require that you disabled others tty ([2-6]) in systemd.
|
||||||
|
lxc.tty = 1
|
||||||
|
|
||||||
|
# Run 64bits containers
|
||||||
|
lxc.arch = x86_64
|
||||||
|
|
||||||
|
# Start containers on boot by default
|
||||||
|
lxc.start.auto = 1
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
|
||||||
|
|
||||||
|
#### PHP 5.6
|
||||||
|
|
||||||
|
On installe un conteneur Debian Jessie :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Puis on installe les paquets PHP 5.6 dans ce conteneur :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-start -n php56
|
||||||
|
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### PHP 7.0
|
||||||
|
|
||||||
|
On installe un conteneur Debian Stretch :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Puis on installe les paquets PHP 7.0 dans ce conteneur :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-start -n php70
|
||||||
|
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### PHP 7.3
|
||||||
|
|
||||||
|
On installe un conteneur Debian Stretch :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Puis on installe les paquets PHP 7.3 dans ce conteneur :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-start -n php73
|
||||||
|
# lxc-attach -n php73
|
||||||
|
|
||||||
|
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
|
||||||
|
# curl https://packages.sury.org/php/apt.gpg | apt-key add
|
||||||
|
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
|
||||||
|
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### Pour toutes les versions de PHP
|
||||||
|
|
||||||
|
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
|
||||||
|
|
||||||
|
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
|
||||||
|
>
|
||||||
|
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
|
||||||
|
>
|
||||||
|
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
|
||||||
|
|
||||||
|
~~~
|
||||||
|
[PHP]
|
||||||
|
short_open_tag = Off
|
||||||
|
expose_php = Off
|
||||||
|
display_errors = Off
|
||||||
|
log_errors = On
|
||||||
|
html_errors = Off
|
||||||
|
allow_url_fopen = Off
|
||||||
|
disable_functions = exec,shell-exec,system,passthru,putenv,popen
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Après cela, il faut redémarrer FPM
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
|
||||||
|
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
|
||||||
|
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# cat /etc/evolinux/web-add.conf
|
||||||
|
#(...)
|
||||||
|
PHP_VERSIONS=(56 70 73)
|
||||||
|
#(...)
|
||||||
|
~~~
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# cat /home/evoadmin/www/conf/config.local.php
|
||||||
|
// (...)
|
||||||
|
$localconf['php_versions'] = array(70, 73);
|
||||||
|
// (...)
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### Apache
|
||||||
|
|
||||||
|
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# a2enmod proxy_fcgi
|
||||||
|
# systemctl restart apache2.service
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# chmod 755 /var/lib/lxc/php56/rootfs
|
||||||
|
# chmod 755 /var/lib/lxc/php70/rootfs
|
||||||
|
# chmod 755 /var/lib/lxc/php73/rootfs
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### Email
|
||||||
|
|
||||||
|
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
|
||||||
|
|
||||||
|
Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
127.0.0.1 php70
|
||||||
|
~~~
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# apt install ssmtp
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
root=postmaster
|
||||||
|
mailhub=127.0.0.1
|
||||||
|
hostname=example.com
|
||||||
|
FromLineOverride=YES
|
||||||
|
~~~
|
||||||
|
|
||||||
|
#### PHP-CLI
|
||||||
|
|
||||||
|
|
||||||
|
~~~
|
||||||
|
$ cat /usr/local/bin/exec73
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
php_cmd=$(printf "/usr/bin/php %q" "$@" )
|
||||||
|
lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Méthodes de collaboration
|
||||||
|
|
||||||
|
Lire le fichier GUIDELINES.
|
||||||
|
|
||||||
|
Chaque version stable a le nom de la version Debian dans une branche. (Wheezy, Jessie, …)
|
||||||
|
On ne touche pas à ces branches, sauf pour corriger un bug critique,
|
||||||
|
qu'on appellera dans le commit "Hotfix #IDBugRedmine. Description du commit/bug".
|
||||||
|
Le project leader se charge de merger les futures version (wheezy-dev, jessie-dev, …)
|
||||||
|
dans la branche stable et de faire un changelog.
|
||||||
|
|
||||||
|
Chaque version de redmine est prévu à l'avance dans la roadmap de Redmine.
|
||||||
|
Quand une version de développement est terminé (tout les bugs fermés),
|
||||||
|
on utilisera les tags pour se repérer dans l'historique GIT.
|
||||||
|
Puis une fois que la version est décrété stable, elle sera mergé dans la branche stable.
|
||||||
|
|
||||||
|
Pour travailler sur une version spécifique, il faut travailler dans la branche "$release".
|
||||||
|
Voir les branches sur le remote :
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git branch -r
|
||||||
|
origin/jessie-dev
|
||||||
|
origin/wheezy-dev
|
||||||
|
origin/wheezy
|
||||||
|
```
|
||||||
|
|
||||||
|
Il suffira de « checkout » dessus, et commencer à commiter. Les commits doivent
|
||||||
|
être nommés "Implement #IDBugRedmine. Description feature." ou
|
||||||
|
"Fix #IDBugRedmine. Description correction du bug.".
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git checkout wheezy-dev
|
||||||
|
[…] hack hack […]
|
||||||
|
$ git commit
|
||||||
|
$ git push
|
||||||
|
```
|
||||||
|
|
||||||
|
## Licence
|
||||||
|
|
||||||
|
Evoadmin-web est un projet [Evolix](https://evolix.com) et est distribué sour licence AGPLv3, voir le fichier [LICENSE](LICENSE) pour les détails.
|
||||||
|
|
180
README.old.md
180
README.old.md
|
@ -1,180 +0,0 @@
|
||||||
|
|
||||||
### Activation du mode Multi PHP avec des conteneurs LXC
|
|
||||||
|
|
||||||
Installer les paquets nécessaires :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# apt install lxc debootstrap
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Modifier la configuration de LXC :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# cat /etc/lxc/default.conf
|
|
||||||
|
|
||||||
# Set the default network virtualization method.
|
|
||||||
lxc.network.type = none
|
|
||||||
|
|
||||||
# Mount /home into containers.
|
|
||||||
lxc.mount.entry = /home home none bind 0 0
|
|
||||||
|
|
||||||
# Only one tty is enough.
|
|
||||||
# This require that you disabled others tty ([2-6]) in systemd.
|
|
||||||
lxc.tty = 1
|
|
||||||
|
|
||||||
# Run 64bits containers
|
|
||||||
lxc.arch = x86_64
|
|
||||||
|
|
||||||
# Start containers on boot by default
|
|
||||||
lxc.start.auto = 1
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Dans cette configuration, les containers LXC n'ont pas leur interface réseau virtualisée. Et /home de l'hôte est partagé dans les containers.
|
|
||||||
|
|
||||||
#### PHP 5.6
|
|
||||||
|
|
||||||
On installe un conteneur Debian Jessie :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-create --name php56 --template debian --bdev dir --logfile /var/log/lxc/lxc-php56.log --logpriority INFO -- --arch amd64 --release jessie
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Puis on installe les paquets PHP 5.6 dans ce conteneur :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-start -n php56
|
|
||||||
# lxc-attach -n php56 apt install php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### PHP 7.0
|
|
||||||
|
|
||||||
On installe un conteneur Debian Stretch :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-create --name php70 --template debian --bdev dir --logfile /var/log/lxc/lxc-php70.log --logpriority INFO -- --arch amd64 --release stretch
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Puis on installe les paquets PHP 7.0 dans ce conteneur :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-start -n php70
|
|
||||||
# lxc-attach -n php70 apt install php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### PHP 7.3
|
|
||||||
|
|
||||||
On installe un conteneur Debian Stretch :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-create --name php73 --template debian --bdev dir --logfile /var/log/lxc/lxc-php73.log --logpriority INFO -- --arch amd64 --release stretch
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Puis on installe les paquets PHP 7.3 dans ce conteneur :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-start -n php73
|
|
||||||
# lxc-attach -n php73
|
|
||||||
|
|
||||||
# apt-get update && apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg
|
|
||||||
# curl https://packages.sury.org/php/apt.gpg | apt-key add
|
|
||||||
# echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
|
|
||||||
# apt-get update && apt-get install -y --no-install-recommends php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### Pour toutes les versions de PHP
|
|
||||||
|
|
||||||
Dans les containers, il faut ajouter le fichier **z-evolinux-defaults.ini** dans le dossier **conf.d** des réglages de PHP FPM et CLI
|
|
||||||
|
|
||||||
> Pour PHP5 **/etc/php5/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php5/cli/conf.d/z-evolinux-defaults.ini**
|
|
||||||
>
|
|
||||||
> Pour PHP7.0 **/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini**
|
|
||||||
>
|
|
||||||
> Pour PHP7.3 **/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini** et **/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini**
|
|
||||||
|
|
||||||
~~~
|
|
||||||
[PHP]
|
|
||||||
short_open_tag = Off
|
|
||||||
expose_php = Off
|
|
||||||
display_errors = Off
|
|
||||||
log_errors = On
|
|
||||||
html_errors = Off
|
|
||||||
allow_url_fopen = Off
|
|
||||||
disable_functions = exec,shell-exec,system,passthru,putenv,popen
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Après cela, il faut redémarrer FPM
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# lxc-attach -n php56 /etc/init.d/php5-fpm restart
|
|
||||||
# lxc-attach -n php70 /etc/init.d/php7.0-fpm restart
|
|
||||||
# lxc-attach -n php73 /etc/init.d/php7.3-fpm restart
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Une fois les conteneurs installés, il faut configurer evoadmin-web pour lui indiquer les versions disponibles de PHP dans **/etc/evolinux/web-add.conf** (pour *web-add.sh*) et dans **/home/evoadmin/www/conf/config.local.php** pour l'interface web
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# cat /etc/evolinux/web-add.conf
|
|
||||||
#(...)
|
|
||||||
PHP_VERSIONS=(56 70 73)
|
|
||||||
#(...)
|
|
||||||
~~~
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# cat /home/evoadmin/www/conf/config.local.php
|
|
||||||
// (...)
|
|
||||||
$localconf['php_versions'] = array(70, 73);
|
|
||||||
// (...)
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### Apache
|
|
||||||
|
|
||||||
Il est nécessaire d'activer le mod proxy pour apache2 si ce n'a pas déjà été fait :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# a2enmod proxy_fcgi
|
|
||||||
# systemctl restart apache2.service
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Si vous rencontrez l'erreur "File not found" avec les fichiers php, bien vérifier que le rootfs des conteneurs est en 755 :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# chmod 755 /var/lib/lxc/php56/rootfs
|
|
||||||
# chmod 755 /var/lib/lxc/php70/rootfs
|
|
||||||
# chmod 755 /var/lib/lxc/php73/rootfs
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### Email
|
|
||||||
|
|
||||||
Pour envoyer des mails, on peut installer **ssmtp** qui va forwarder les mails du conteneur vers l'hôte (à faire par conteneur via lxc-attach) :
|
|
||||||
|
|
||||||
Avant d'installer le paquet, il faut ajouter le hostname du conteneur dans **/etc/hosts**, sinon la configuration du paquet retourne une erreur :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
127.0.0.1 php70
|
|
||||||
~~~
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# apt install ssmtp
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Editer **/etc/ssmtp/ssmtp.conf** (remplacer example.com par le hostname complet de votre machine) :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
root=postmaster
|
|
||||||
mailhub=127.0.0.1
|
|
||||||
hostname=example.com
|
|
||||||
FromLineOverride=YES
|
|
||||||
~~~
|
|
||||||
|
|
||||||
#### PHP-CLI
|
|
||||||
|
|
||||||
|
|
||||||
~~~
|
|
||||||
$ cat /usr/local/bin/exec73
|
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
php_cmd=$(printf "/usr/bin/php %q" "$@" )
|
|
||||||
lxc-attach -n php73 -- su - "$SUDO_USER" -c "$php_cmd"
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Il faut ensuite s'assurer que ce script peut être exécuté via sudo.
|
|
7
TODO
Normal file
7
TODO
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
* Verification des paramètres passés dans le script ftpadmin.sh
|
||||||
|
* Vérifier lors de la suppression que c'est bien la personne a qui appartient le compte qui lance la commande
|
||||||
|
* Tableau "sortable" (TableKit ?)
|
||||||
|
* Mettre en place EvoLog et logger la sortie des scripts
|
||||||
|
* Validation plus (très) stricte sur les entrées de formulaire
|
||||||
|
* Listage des comptes utilisateurs
|
||||||
|
* Total espace disque FTP
|
|
@ -8,35 +8,36 @@
|
||||||
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
|
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
|
||||||
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
||||||
*
|
*
|
||||||
* @author Gregory Colpart <reg@evolix.fr>
|
* @author Gregory Colpart <reg@evolix.fr>
|
||||||
* @author Thomas Martin <tmartin@evolix.fr>
|
* @author Thomas Martin <tmartin@evolix.fr>
|
||||||
* @author Sebastien Palma <spalma@evolix.fr>
|
* @author Sebastien Palma <spalma@evolix.fr>
|
||||||
* @version 1.0
|
* @version 1.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
// Email pour les notifications
|
||||||
$oriconf['admin']['mail'] = 'admin@example.com';
|
$oriconf['admin']['mail'] = 'admin@example.com';
|
||||||
$oriconf['techmail'] = 'jdoe@example.com';
|
$oriconf['techmail'] = 'jdoe@example.com';
|
||||||
$oriconf['debug'] = false;
|
$oriconf['debug'] = FALSE;
|
||||||
$oriconf['superadmin'] = array('superadmin');
|
$oriconf['superadmin'] = array('superadmin');
|
||||||
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
|
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
|
||||||
$oriconf['cluster'] = false;
|
$oriconf['cluster'] = FALSE;
|
||||||
$oriconf['servers'] = array('servers');
|
$oriconf['servers'] = array('servers');
|
||||||
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
|
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
|
||||||
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
|
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
|
||||||
$oriconf['ftpadmin'] = false;
|
$oriconf['ftpadmin'] = FALSE;
|
||||||
$oriconf['bindadmin'] = false;
|
$oriconf['bindadmin'] = FALSE;
|
||||||
// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
|
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
|
||||||
// $oriconf['php_versions'] = array();
|
$oriconf['php_versions'] = array();
|
||||||
$oriconf['quota'] = false;
|
$oriconf['quota'] = FALSE;
|
||||||
$oriconf['dbadmin'] = false;
|
$oriconf['dbadmin'] = FALSE;
|
||||||
|
|
||||||
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
||||||
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
||||||
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
|
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
|
||||||
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
|
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
|
||||||
|
|
||||||
// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
|
// auth (sha256 hashs)
|
||||||
$oriconf['logins'] = array();
|
$oriconf['logins'] = array();
|
||||||
//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
|
//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
|
||||||
//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';
|
//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
|
||||||
|
|
|
@ -461,13 +461,13 @@ class AlphaNumericalTextInputFormField extends FormField {
|
||||||
|
|
||||||
class DomainInputFormField extends FormField {
|
class DomainInputFormField extends FormField {
|
||||||
protected $mandatory = NULL;
|
protected $mandatory = NULL;
|
||||||
//protected $textsize = NULL;
|
protected $textsize = NULL;
|
||||||
|
|
||||||
public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
|
public function __construct($label, $mandatory=TRUE, $hidden=FALSE) {
|
||||||
parent::__construct($label);
|
parent::__construct($label);
|
||||||
$this->mandatory = $mandatory;
|
$this->mandatory = $mandatory;
|
||||||
$this->hidden = $hidden;
|
$this->hidden = $hidden;
|
||||||
//$this->textsize = $textsize;
|
$this->textsize = $textsize;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function verify($set_error) {
|
public function verify($set_error) {
|
||||||
|
@ -491,7 +491,7 @@ class DomainInputFormField extends FormField {
|
||||||
else
|
else
|
||||||
$input .= '<input type="text" id="'.$this->name.'"';
|
$input .= '<input type="text" id="'.$this->name.'"';
|
||||||
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
|
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
|
||||||
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
|
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
|
||||||
if($this->read_only) { $input .= 'readonly="readonly="'; }
|
if($this->read_only) { $input .= 'readonly="readonly="'; }
|
||||||
if($this->disabled) { $input .= 'disabled="disabled="'; }
|
if($this->disabled) { $input .= 'disabled="disabled="'; }
|
||||||
$input .= '/>';
|
$input .= '/>';
|
||||||
|
@ -516,12 +516,12 @@ class DomainInputFormField extends FormField {
|
||||||
|
|
||||||
class DomainListInputFormField extends FormField {
|
class DomainListInputFormField extends FormField {
|
||||||
protected $mandatory = NULL;
|
protected $mandatory = NULL;
|
||||||
//protected $textsize = NULL;
|
protected $textsize = NULL;
|
||||||
|
|
||||||
public function __construct($label, $mandatory=TRUE) {
|
public function __construct($label, $mandatory=TRUE) {
|
||||||
parent::__construct($label);
|
parent::__construct($label);
|
||||||
$this->mandatory = $mandatory;
|
$this->mandatory = $mandatory;
|
||||||
//$this->textsize = $textsize;
|
$this->textsize = $textsize;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function verify($set_error) {
|
public function verify($set_error) {
|
||||||
|
@ -547,7 +547,7 @@ class DomainListInputFormField extends FormField {
|
||||||
$input = '';
|
$input = '';
|
||||||
$input .= '<input type="text" id="'.$this->name.'"';
|
$input .= '<input type="text" id="'.$this->name.'"';
|
||||||
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
|
$input .= ' name="'.$this->name.'" value="'.htmlspecialchars($this->value,ENT_QUOTES).'"';
|
||||||
//$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
|
$input .= ' maxlength="'.$this->textsize[1].'" size="'.$this->textsize[0].'" ';
|
||||||
if($this->read_only) { $input .= 'readonly="readonly="'; }
|
if($this->read_only) { $input .= 'readonly="readonly="'; }
|
||||||
if($this->disabled) { $input .= 'disabled="disabled="'; }
|
if($this->disabled) { $input .= 'disabled="disabled="'; }
|
||||||
$input .= '/>';
|
$input .= '/>';
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* file included in every PHP file
|
* file included in every PHP file
|
||||||
*
|
*
|
||||||
|
@ -96,25 +97,6 @@ function is_multiphp() {
|
||||||
return array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1;
|
return array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Webadd
|
|
||||||
*
|
|
||||||
* @return boolean - True when it's a multi PHP system
|
|
||||||
*/
|
|
||||||
function run_webadd_cmd($command) {
|
|
||||||
global $conf;
|
|
||||||
|
|
||||||
$cmd = 'web-add.sh '. $command;
|
|
||||||
|
|
||||||
$data_output = null;
|
|
||||||
$exec_return = null;
|
|
||||||
sudoexec($cmd, $data_output, $exec_return);
|
|
||||||
|
|
||||||
|
|
||||||
return $data_output;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Includes
|
* Includes
|
||||||
*/
|
*/
|
|
@ -144,6 +144,11 @@ span.form-warning {
|
||||||
margin-left: 4px;
|
margin-left: 4px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
span.form-notice {
|
||||||
|
color: #009B85;
|
||||||
|
margin-left: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
span.form-mandatory {
|
span.form-mandatory {
|
||||||
color: red;
|
color: red;
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@ header('Content-Type: text/html; charset=utf-8');
|
||||||
/**
|
/**
|
||||||
* Requires
|
* Requires
|
||||||
*/
|
*/
|
||||||
require_once EVOADMIN_BASE . '../inc/common.php';
|
require_once EVOADMIN_BASE . 'common.php';
|
||||||
|
|
||||||
|
|
||||||
$uri = $_SERVER['REQUEST_URI'];
|
$uri = $_SERVER['REQUEST_URI'];
|
||||||
|
|
|
@ -53,7 +53,7 @@ function web_add($form, $admin_mail) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
|
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
|
||||||
$exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
|
$exec_cmd .= sprintf(' -r %s', $conf['php_versions'][$form->getField('php_version')->getValue()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -347,7 +347,7 @@ if ($conf['bindadmin']) {
|
||||||
$form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX ?", FALSE));
|
$form->addField('use_gmail_mxs', new CheckboxInputFormField("Utilisation des serveurs Gmail en MX ?", FALSE));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (array_key_exists('php_versions', $conf) && is_array($conf['php_versions'])) {
|
if (array_key_exists('php_versions', $conf) && count($conf['php_versions']) > 1) {
|
||||||
$form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
|
$form->addField('php_version', new SelectFormField("Version de PHP", TRUE, $conf['php_versions']));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
70
inc/auth.php
70
inc/auth.php
|
@ -1,53 +1,43 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentification controler
|
* Authentification page
|
||||||
*
|
*
|
||||||
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
|
* Copyright (c) 2009 Evolix - Tous droits reserves
|
||||||
*
|
*
|
||||||
* @author Evolix <info@evolix.fr>
|
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
||||||
* @author Gregory Colpart <reg@evolix.fr>
|
*
|
||||||
* @author Thomas Martin <tmartin@evolix.fr>
|
* @author Gregory Colpart <reg@evolix.fr>
|
||||||
* @author Sebastien Palma <spalma@evolix.fr>
|
* @author Thomas Martin <tmartin@evolix.fr>
|
||||||
* @author and others.
|
* @author Sebastien Palma <spalma@evolix.fr>
|
||||||
* @version 1.0
|
* @version 1.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
|
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
|
||||||
$input_username = $_POST['login'];
|
$username=$_POST['login'];
|
||||||
$input_password = $_POST['passw'];
|
$password=$_POST['passw'];
|
||||||
|
|
||||||
if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
|
if (hash("sha256",$password) == $conf['logins'][$username]) {
|
||||||
$_SESSION['auth'] = true;
|
$_SESSION['auth']=1;
|
||||||
$_SESSION['user'] = $input_username;
|
$_SESSION['user']=$username;
|
||||||
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
|
$_SESSION['error']='';
|
||||||
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
|
} else {
|
||||||
unset($_SESSION['error']);
|
$_SESSION['auth']=0;
|
||||||
|
$_SESSION['user']='';
|
||||||
} elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
|
$_SESSION['error']=1;
|
||||||
// Compatibility mode for previous installs (sha256)
|
}
|
||||||
$_SESSION['auth'] = true;
|
http_redirect('/');
|
||||||
$_SESSION['user'] = $input_username;
|
|
||||||
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
|
|
||||||
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
|
|
||||||
unset($_SESSION['error']);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
$_SESSION['auth'] = false;
|
|
||||||
$_SESSION['user'] = '';
|
|
||||||
$_SESSION['error'] = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
http_redirect('/');
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (!empty($_SESSION['error'])) {
|
if(!empty($_SESSION['error'])) {
|
||||||
$error = $_SESSION['error'];
|
$error=$_SESSION['error'];
|
||||||
unset($_SESSION['error']);
|
}
|
||||||
}
|
|
||||||
|
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
||||||
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
|
||||||
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|
||||||
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
|
@ -32,14 +32,21 @@ $letsencrypt = new letsencryt();
|
||||||
$errorMessage = '';
|
$errorMessage = '';
|
||||||
$warningMessage = '';
|
$warningMessage = '';
|
||||||
|
|
||||||
|
// it's an array if we want to display multiple messages in the future
|
||||||
|
$messages = array();
|
||||||
|
|
||||||
if (isset($_POST['submit'])) {
|
if (isset($_POST['submit'])) {
|
||||||
while (true) {
|
while (true) {
|
||||||
// check HTTP
|
// check HTTP
|
||||||
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
||||||
|
|
||||||
if (!$isRemoteResourceAvailable) {
|
if (!$isRemoteResourceAvailable) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
||||||
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,8 +55,12 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
|
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
|
||||||
if (!empty($failed_domains)) {
|
if (!empty($failed_domains)) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
||||||
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,8 +68,12 @@ if (isset($_POST['submit'])) {
|
||||||
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
||||||
|
|
||||||
if (!$isCsrGenerated) {
|
if (!$isCsrGenerated) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,8 +81,12 @@ if (isset($_POST['submit'])) {
|
||||||
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
|
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
|
||||||
|
|
||||||
if (!$testGenerateCert) {
|
if (!$testGenerateCert) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,8 +94,12 @@ if (isset($_POST['submit'])) {
|
||||||
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
|
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
|
||||||
|
|
||||||
if (!$generateCert) {
|
if (!$generateCert) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -88,21 +111,39 @@ if (isset($_POST['submit'])) {
|
||||||
while(true) {
|
while(true) {
|
||||||
// check domains list
|
// check domains list
|
||||||
if (empty($_SESSION['letsencrypt-domains'])) {
|
if (empty($_SESSION['letsencrypt-domains'])) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : la liste des domaines est vide.";
|
$errorMessage = "Erreur : la liste des domaines est vide.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if evoacme is installed
|
// check if evoacme is installed
|
||||||
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
||||||
if (!$binaries_installed) {
|
if (!$binaries_installed) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
||||||
Veuillez contacter un administrateur.";
|
Veuillez contacter un administrateur.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check existing SSL certificate
|
// Check existing SSL certificate
|
||||||
$domainsIncluded = array();
|
$domainsIncluded = array();
|
||||||
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
||||||
|
|
||||||
|
$isDomainReal = $letsencrypt->isDomainReal($domain);
|
||||||
|
|
||||||
|
if ($isDomainReal === false) {
|
||||||
|
$errorMessage = "Erreur : le domaine <strong>" . $domain . "</strong> n'existe pas. Veuillez vérifier les enregistrements DNS.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
break 2;
|
||||||
|
}
|
||||||
|
|
||||||
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
||||||
// if no certificate is present (false returned) for this domain, go to the next domain
|
// if no certificate is present (false returned) for this domain, go to the next domain
|
||||||
if (is_bool($existingSSLCertificate)) {
|
if (is_bool($existingSSLCertificate)) {
|
||||||
|
@ -113,7 +154,11 @@ if (isset($_POST['submit'])) {
|
||||||
// check if LE is the certificate issuer
|
// check if LE is the certificate issuer
|
||||||
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
||||||
if (!$isIssuerValid) {
|
if (!$isIssuerValid) {
|
||||||
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
|
|
||||||
|
$errorMessage = "Erreur : le certificat existant pour <strong>" . $domain . "</strong> n'est pas géré par Let's Encrypt.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break 2; // break the foreach and the while
|
break 2; // break the foreach and the while
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,8 +166,12 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
||||||
if (!$isCertValid && !isset($_POST['force_renew'])) {
|
if (!$isCertValid && !isset($_POST['force_renew'])) {
|
||||||
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
|
||||||
|
$warningMessage = "Attention : le certificat existant pour <strong>" . $domain . "</strong> n'est plus valide.
|
||||||
Souhaitez-vous le renouveller ?";
|
Souhaitez-vous le renouveller ?";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||||
|
|
||||||
break 2;
|
break 2;
|
||||||
} else {
|
} else {
|
||||||
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
|
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
|
||||||
|
@ -141,10 +190,15 @@ if (isset($_POST['submit'])) {
|
||||||
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
||||||
|
|
||||||
if (empty($domainsNotIncluded)) {
|
if (empty($domainsNotIncluded)) {
|
||||||
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
|
||||||
|
$noticeMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "notice", "content" => $noticeMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
|
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
|
||||||
|
|
||||||
foreach ($domainsIncluded as $domainIncluded) {
|
foreach ($domainsIncluded as $domainIncluded) {
|
||||||
|
@ -157,11 +211,14 @@ if (isset($_POST['submit'])) {
|
||||||
$warningMessage .= $domainNotIncluded . "<br>";
|
$warningMessage .= $domainNotIncluded . "<br>";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
||||||
|
|
|
@ -27,6 +27,20 @@ class LetsEncrypt
|
||||||
sudoexec($cmd, $data_output, $exec_return);
|
sudoexec($cmd, $data_output, $exec_return);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* verify if the domain exists
|
||||||
|
* @param string $domain
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function isDomainReal($domain)
|
||||||
|
{
|
||||||
|
if (checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA')) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* generate a CSR
|
* generate a CSR
|
||||||
* @param string $vhost
|
* @param string $vhost
|
||||||
|
@ -157,9 +171,6 @@ class LetsEncrypt
|
||||||
{
|
{
|
||||||
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
|
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
|
||||||
$read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
|
$read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
|
||||||
if ($read === false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$cont = stream_context_get_params($read);
|
$cont = stream_context_get_params($read);
|
||||||
|
|
||||||
return $cont;
|
return $cont;
|
||||||
|
|
|
@ -63,28 +63,26 @@ get_user_login_by_UID() {
|
||||||
}
|
}
|
||||||
|
|
||||||
list_accounts_by_UID() {
|
list_accounts_by_UID() {
|
||||||
uid=$1
|
uid=$1
|
||||||
|
|
||||||
# Remove # and empty lines
|
|
||||||
ftp_users=$(grep -v -E '^[[:blank:]]*(#.*)*$' "$VPASSWD_PATH")
|
|
||||||
|
|
||||||
for line in $ftp_users; do
|
while IFS=$'\n' read -r line;
|
||||||
line_uid="$(echo "$line" | cut -d":" -f3)"
|
do
|
||||||
|
line_uid="$(echo "$line" | cut -d":" -f3)"
|
||||||
if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
|
|
||||||
username=$(get_user_login_by_UID "$line_uid")
|
if [[ ! "$uid" ]] || [[ "$line_uid" == "$uid" ]]; then
|
||||||
account=$(echo "$line" | cut -d":" -f1)
|
username="$(get_user_login_by_UID "$line_uid")"
|
||||||
path=$(echo "$line" | cut -d":" -f6)
|
account="$(echo "$line" | cut -d":" -f1)"
|
||||||
size="inconnue"
|
path="$(echo "$line" | cut -d":" -f6)"
|
||||||
# Check output of daily "du" cron job
|
size="$(du -s "$path" | cut -f 1)"
|
||||||
# (set by ansible-roles/packweb-apache/tasks/main.yml)
|
#modif="$(cat $path/.lastmodified)"
|
||||||
if [ -r "$path/.size" ]; then
|
# Passage en minuscule ?
|
||||||
size=$(cat "$path/.size")
|
#account="$(echo $account | tr '[A-Z]' '[a-z]')"
|
||||||
fi
|
#path="$(echo $path | tr '[A-Z]' '[a-z]')"
|
||||||
#modif="$(cat $path/.lastmodified)"
|
|
||||||
echo "$username:$account:$path:$size${modif:+:$modif}"
|
echo "$username:$account:$path:$size${modif:+:$modif}"
|
||||||
fi
|
|
||||||
done
|
fi
|
||||||
|
done < "$VPASSWD_PATH"
|
||||||
}
|
}
|
||||||
|
|
||||||
add_account() {
|
add_account() {
|
||||||
|
@ -121,7 +119,7 @@ delete_account() {
|
||||||
|
|
||||||
account_name=$1
|
account_name=$1
|
||||||
|
|
||||||
ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --delete-user
|
ftpasswd --passwd --file=$VPASSWD_PATH --name="$account_name" --uid=9999 --gid=9999 --home=/dev/null --shell=/dev/null --delete-user
|
||||||
log_msg "Suppression du compte $account_name"
|
log_msg "Suppression du compte $account_name"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,8 @@
|
||||||
DocumentRoot HOME_DIR/XXX/www/
|
DocumentRoot HOME_DIR/XXX/www/
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
# Apache < 2.4.30 (Jessie, Stretch) va générer une erreur si le fichier
|
IncludeOptional /etc/apache2/ssl/XXX.conf
|
||||||
# désigné sans regex n'existe pas. On contourne ça avec [f] à place de f
|
|
||||||
IncludeOptional /etc/apache2/ssl/XXX.con[f]
|
|
||||||
|
|
||||||
# Propriete du repertoire
|
# Propriete du repertoire
|
||||||
<Directory HOME_DIR/XXX/www/>
|
<Directory HOME_DIR/XXX/www/>
|
||||||
#Options +Indexes +SymLinksIfOwnerMatch
|
#Options +Indexes +SymLinksIfOwnerMatch
|
||||||
|
@ -69,3 +67,4 @@
|
||||||
#php_value default_charset ISO-8859-15
|
#php_value default_charset ISO-8859-15
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-XXX"
|
||||||
php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"
|
php_admin_value open_basedir "/usr/share/php:HOME_DIR/XXX:/tmp"
|
||||||
|
|
||||||
|
|
|
@ -388,7 +388,7 @@ op_del() {
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
deluser www-data $login
|
deluser www-data $login
|
||||||
userdel -f $login
|
userdel $login
|
||||||
groupdel $login
|
groupdel $login
|
||||||
sed -i.bak "/^$login:/d" /etc/aliases
|
sed -i.bak "/^$login:/d" /etc/aliases
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,6 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
VERSION="24.04"
|
|
||||||
HOME="/root"
|
HOME="/root"
|
||||||
CONTACT_MAIL="jdoe@example.org"
|
CONTACT_MAIL="jdoe@example.org"
|
||||||
WWWBOUNCE_MAIL="jdoe@example.org"
|
WWWBOUNCE_MAIL="jdoe@example.org"
|
||||||
|
@ -23,7 +22,6 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
|
||||||
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
|
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
|
||||||
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
|
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
|
||||||
SSH_GROUP="evolinux-ssh"
|
SSH_GROUP="evolinux-ssh"
|
||||||
HOST="$(hostname -f)"
|
|
||||||
|
|
||||||
# Set to nginx if you use nginx and not apache
|
# Set to nginx if you use nginx and not apache
|
||||||
WEB_SERVER="apache"
|
WEB_SERVER="apache"
|
||||||
|
@ -60,7 +58,6 @@ config_file="/etc/evolinux/web-add.conf"
|
||||||
usage() {
|
usage() {
|
||||||
cat <<EOT >&2
|
cat <<EOT >&2
|
||||||
|
|
||||||
Evoadmin web tooling - Version $VERSION
|
|
||||||
Usage: $0 COMMAND [ARG]
|
Usage: $0 COMMAND [ARG]
|
||||||
|
|
||||||
add [ [OPTIONS] LOGIN WWWDOMAIN ]
|
add [ [OPTIONS] LOGIN WWWDOMAIN ]
|
||||||
|
@ -169,14 +166,10 @@ generate-csr LOGIN DOMAINS
|
||||||
|
|
||||||
Generate the request for the Let's Encrypt certificate
|
Generate the request for the Let's Encrypt certificate
|
||||||
|
|
||||||
generate-ssl-certificate LOGIN [false]
|
generate-ssl-certificate LOGIN [TRUE | FALSE]
|
||||||
|
|
||||||
Generate the Let's Encrypt certificate
|
Generate the Let's Encrypt certificate
|
||||||
Run in TEST mode unless "false" is used
|
Run in TEST mode if TRUE
|
||||||
|
|
||||||
version
|
|
||||||
|
|
||||||
Obtain the script version
|
|
||||||
|
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
@ -194,7 +187,7 @@ EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
gen_random_passwd() {
|
gen_random_passwd() {
|
||||||
apg -c /dev/urandom -MNCL -n1 -m18 -E oOlL10
|
apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
|
||||||
}
|
}
|
||||||
|
|
||||||
validate_login() {
|
validate_login() {
|
||||||
|
@ -237,15 +230,6 @@ validate_wwwdomain() {
|
||||||
in_error "Le nom de domaine est obligatoire"
|
in_error "Le nom de domaine est obligatoire"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
case "$wwwdomain" in
|
|
||||||
*'/'*)
|
|
||||||
in_error "Le caractère / n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
|
|
||||||
return 1;;
|
|
||||||
*':'*)
|
|
||||||
in_error "Le caractère : n'est pas autorisé. Avez-vous confondu nom de domaine (example.com) et URL (https://example.com) ?"
|
|
||||||
return 1;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -363,12 +347,14 @@ create_www_account() {
|
||||||
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
|
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
|
if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
|
||||||
|
if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
|
||||||
|
sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config
|
||||||
|
groupadd --force $SSH_GROUP
|
||||||
|
fi
|
||||||
|
usermod -a -G $SSH_GROUP "$in_login"
|
||||||
|
elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
|
||||||
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
|
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
|
||||||
else
|
|
||||||
if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then
|
|
||||||
usermod --append --groups "$SSH_GROUP" "$in_login"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
|
||||||
|
@ -428,14 +414,6 @@ create_www_account() {
|
||||||
pool_path="/etc/php/7.0/fpm/pool.d/"
|
pool_path="/etc/php/7.0/fpm/pool.d/"
|
||||||
elif [ "$php_version" = "73" ]; then
|
elif [ "$php_version" = "73" ]; then
|
||||||
pool_path="/etc/php/7.3/fpm/pool.d/"
|
pool_path="/etc/php/7.3/fpm/pool.d/"
|
||||||
elif [ "$php_version" = "74" ]; then
|
|
||||||
pool_path="/etc/php/7.4/fpm/pool.d/"
|
|
||||||
elif [ "$php_version" = "80" ]; then
|
|
||||||
pool_path="/etc/php/8.0/fpm/pool.d/"
|
|
||||||
elif [ "$php_version" = "81" ]; then
|
|
||||||
pool_path="/etc/php/8.1/fpm/pool.d/"
|
|
||||||
elif [ "$php_version" = "82" ]; then
|
|
||||||
pool_path="/etc/php/8.2/fpm/pool.d/"
|
|
||||||
else
|
else
|
||||||
pool_path="/etc/php5/fpm/pool.d/"
|
pool_path="/etc/php5/fpm/pool.d/"
|
||||||
fi
|
fi
|
||||||
|
@ -448,15 +426,10 @@ group = ${in_login}
|
||||||
listen = ${phpfpm_socket_path}
|
listen = ${phpfpm_socket_path}
|
||||||
listen.owner = ${in_login}
|
listen.owner = ${in_login}
|
||||||
listen.group = ${in_login}
|
listen.group = ${in_login}
|
||||||
|
|
||||||
pm = ondemand
|
pm = ondemand
|
||||||
pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
|
|
||||||
pm.max_children = 10
|
pm.max_children = 10
|
||||||
pm.process_idle_timeout = 10s
|
pm.process_idle_timeout = 10s
|
||||||
|
|
||||||
php_admin_value[error_log] = /home/${in_login}/log/php.log
|
php_admin_value[error_log] = /home/${in_login}/log/php.log
|
||||||
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
|
|
||||||
php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
|
|
||||||
EOT
|
EOT
|
||||||
step_ok "Création du pool FPM ${php_version}"
|
step_ok "Création du pool FPM ${php_version}"
|
||||||
done
|
done
|
||||||
|
@ -465,9 +438,6 @@ EOT
|
||||||
|
|
||||||
random=$RANDOM
|
random=$RANDOM
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
# On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
|
|
||||||
mkdir -p /etc/apache2/ssl
|
|
||||||
|
|
||||||
vhostfile="/etc/apache2/sites-available/${in_login}.conf"
|
vhostfile="/etc/apache2/sites-available/${in_login}.conf"
|
||||||
sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
|
sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
|
||||||
|
|
||||||
|
@ -493,7 +463,7 @@ EOT
|
||||||
sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
|
sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
a2ensite "${in_login}.conf" >/dev/null
|
a2ensite "$in_login" >/dev/null
|
||||||
|
|
||||||
step_ok "Configuration d'Apache"
|
step_ok "Configuration d'Apache"
|
||||||
|
|
||||||
|
@ -605,18 +575,6 @@ EOT
|
||||||
elif [ "$php_version" = "73" ]; then
|
elif [ "$php_version" = "73" ]; then
|
||||||
initscript_path="/etc/init.d/php7.3-fpm"
|
initscript_path="/etc/init.d/php7.3-fpm"
|
||||||
binary="php-fpm7.3"
|
binary="php-fpm7.3"
|
||||||
elif [ "$php_version" = "74" ]; then
|
|
||||||
initscript_path="/etc/init.d/php7.4-fpm"
|
|
||||||
binary="php-fpm7.4"
|
|
||||||
elif [ "$php_version" = "80" ]; then
|
|
||||||
initscript_path="/etc/init.d/php8.0-fpm"
|
|
||||||
binary="php-fpm8.0"
|
|
||||||
elif [ "$php_version" = "81" ]; then
|
|
||||||
initscript_path="/etc/init.d/php8.1-fpm"
|
|
||||||
binary="php-fpm8.1"
|
|
||||||
elif [ "$php_version" = "82" ]; then
|
|
||||||
initscript_path="/etc/init.d/php8.2-fpm"
|
|
||||||
binary="php-fpm8.2"
|
|
||||||
else
|
else
|
||||||
initscript_path="/etc/init.d/php5-fpm"
|
initscript_path="/etc/init.d/php5-fpm"
|
||||||
binary="php5-fpm"
|
binary="php5-fpm"
|
||||||
|
@ -754,78 +712,15 @@ op_del() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
# Crontab dump needs to be done **before** user deletion
|
|
||||||
if crontab -l -u "$login"; then
|
|
||||||
crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
|
|
||||||
crontab -r -u "$login"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Deactivate web vhost (apache or nginx)
|
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
if a2query -s "${login}" >/dev/null 2&>1; then
|
userdel www-"$login"
|
||||||
a2dissite "${login}.conf"
|
|
||||||
fi
|
|
||||||
rm -f /etc/apache2/sites-available/"$login.conf"
|
|
||||||
|
|
||||||
apache2ctl configtest
|
|
||||||
|
|
||||||
for php_version in "${PHP_VERSIONS[@]}"; do
|
|
||||||
if [ "$php_version" = "70" ]; then
|
|
||||||
phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php7.0-fpm"
|
|
||||||
elif [ "$php_version" = "73" ]; then
|
|
||||||
phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php7.3-fpm"
|
|
||||||
elif [ "$php_version" = "74" ]; then
|
|
||||||
phpfpm_dir="/etc/php/7.4/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php7.4-fpm"
|
|
||||||
elif [ "$php_version" = "80" ]; then
|
|
||||||
phpfpm_dir="/etc/php/8.0/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php8.0-fpm"
|
|
||||||
elif [ "$php_version" = "81" ]; then
|
|
||||||
phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php8.1-fpm"
|
|
||||||
elif [ "$php_version" = "82" ]; then
|
|
||||||
phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php8.2-fpm"
|
|
||||||
else
|
|
||||||
phpfpm_dir="/etc/php5/fpm/pool.d/"
|
|
||||||
initscript_path="/etc/init.d/php5-fpm"
|
|
||||||
fi
|
|
||||||
rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
|
|
||||||
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
|
|
||||||
done
|
|
||||||
|
|
||||||
elif [ "$WEB_SERVER" == "nginx" ]; then
|
|
||||||
rm -f /etc/nginx/sites-{available,enabled}/"$login"
|
|
||||||
rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
|
|
||||||
nginx -t
|
|
||||||
fi
|
fi
|
||||||
|
userdel "$login"
|
||||||
rm -f /etc/awstats/awstats."$login.conf"
|
for php_version in "${PHP_VERSIONS[@]}"; do
|
||||||
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
|
||||||
|
lxc-attach -n php"${php_version}" -- userdel -f "$login"
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
done
|
||||||
if id www-"$login" &> /dev/null; then
|
|
||||||
userdel -f www-"$login"
|
|
||||||
fi
|
|
||||||
|
|
||||||
for php_version in "${PHP_VERSIONS[@]}"; do
|
|
||||||
if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
|
|
||||||
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
|
|
||||||
fi
|
|
||||||
if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
|
|
||||||
lxc-attach -n php"${php_version}" -- userdel -f "$login"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
if getent passwd "$login" &> /dev/null; then
|
|
||||||
userdel -f "$login"
|
|
||||||
fi
|
|
||||||
|
|
||||||
sed -i.bak "/^$login:/d" /etc/aliases
|
sed -i.bak "/^$login:/d" /etc/aliases
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
sed -i.bak "/^www-$login:/d" /etc/aliases
|
sed -i.bak "/^www-$login:/d" /etc/aliases
|
||||||
|
@ -842,6 +737,35 @@ op_del() {
|
||||||
echo "warning : $HOME_DIR/$login does not exist"
|
echo "warning : $HOME_DIR/$login does not exist"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
|
a2dissite "$login"
|
||||||
|
rm /etc/apache2/sites-available/"$login.conf"
|
||||||
|
rm /etc/awstats/awstats."$login.conf"
|
||||||
|
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
||||||
|
apache2ctl configtest
|
||||||
|
for php_version in "${PHP_VERSIONS[@]}"; do
|
||||||
|
if [ "$php_version" = "70" ]; then
|
||||||
|
phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
|
||||||
|
initscript_path="/etc/init.d/php7.0-fpm"
|
||||||
|
elif [ "$php_version" = "73" ]; then
|
||||||
|
phpfpm_dir="/etc/php/7.3/fpm/pool.d/"
|
||||||
|
initscript_path="/etc/init.d/php7.3-fpm"
|
||||||
|
else
|
||||||
|
phpfpm_dir="/etc/php5/fpm/pool.d/"
|
||||||
|
initscript_path="/etc/init.d/php5-fpm"
|
||||||
|
fi
|
||||||
|
rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
|
||||||
|
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
|
||||||
|
done
|
||||||
|
elif [ "$WEB_SERVER" == "nginx" ]; then
|
||||||
|
|
||||||
|
rm /etc/nginx/sites-{available,enabled}/"$login"
|
||||||
|
rm /etc/awstats/awstats."$login.conf"
|
||||||
|
rm /etc/munin/plugins/phpfpm_"${in_login}"*
|
||||||
|
sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
|
||||||
|
nginx -t
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -d /etc/letsencrypt/"$login" ]; then
|
if [ -d /etc/letsencrypt/"$login" ]; then
|
||||||
rm -r /etc/letsencrypt/"$login"
|
rm -r /etc/letsencrypt/"$login"
|
||||||
fi
|
fi
|
||||||
|
@ -850,7 +774,7 @@ op_del() {
|
||||||
|
|
||||||
if [ -n "$dbname" ]; then
|
if [ -n "$dbname" ]; then
|
||||||
set -x
|
set -x
|
||||||
echo "DROP DATABASE \`$dbname\`; DROP USER \`$login\`@localhost; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
|
echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
|
||||||
set +x
|
set +x
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -950,9 +874,6 @@ arg_processing() {
|
||||||
generate-ssl-certificate)
|
generate-ssl-certificate)
|
||||||
op_generatesslcertificate "$@"
|
op_generatesslcertificate "$@"
|
||||||
;;
|
;;
|
||||||
version)
|
|
||||||
op_version "$@"
|
|
||||||
;;
|
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
|
@ -1151,7 +1072,7 @@ op_checkoccurencename() {
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "$servernames" "$aliases" | grep -E "(^|\s)$name(\s|$)"
|
echo "$servernames" "$aliases" | grep -w "$name"
|
||||||
else
|
else
|
||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
@ -1427,7 +1348,7 @@ op_checkvhosts() {
|
||||||
do
|
do
|
||||||
vhost_name=$(basename "$ln_path")
|
vhost_name=$(basename "$ln_path")
|
||||||
fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
|
fix_conf="mv $ln_path $VHOST_PATH/$vhost_name"
|
||||||
fix_ln="a2ensite ${vhost_name}.conf"
|
fix_ln="a2ensite $vhost_name"
|
||||||
|
|
||||||
if [[ -z "$apply" ]]; then
|
if [[ -z "$apply" ]]; then
|
||||||
echo "Suggested fixes for $vhost_name:"
|
echo "Suggested fixes for $vhost_name:"
|
||||||
|
@ -1441,10 +1362,5 @@ op_checkvhosts() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
# Return web-add.sh version
|
|
||||||
op_version(){
|
|
||||||
echo "$VERSION"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Point d'entrée
|
# Point d'entrée
|
||||||
arg_processing "$@"
|
arg_processing "$@"
|
||||||
|
|
|
@ -1,46 +1,43 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentification page
|
* Authentification form
|
||||||
*
|
*
|
||||||
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
|
* Copyright (c) 2009 Evolix - Tous droits reserves
|
||||||
*
|
*
|
||||||
* @author Evolix <info@evolix.fr>
|
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
||||||
* @author Gregory Colpart <reg@evolix.fr>
|
*
|
||||||
* @author Thomas Martin <tmartin@evolix.fr>
|
* @author Gregory Colpart <reg@evolix.fr>
|
||||||
* @author Sebastien Palma <spalma@evolix.fr>
|
* @author Thomas Martin <tmartin@evolix.fr>
|
||||||
* @author and others.
|
* @author Sebastien Palma <spalma@evolix.fr>
|
||||||
* @version 1.0
|
* @version 1.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<h2>Evoadmin : Connexion</h2>
|
<br/><br/>
|
||||||
|
|
||||||
<form method="POST">
|
<form method="POST">
|
||||||
<table align="center">
|
<table align="center">
|
||||||
<tr>
|
<tr>
|
||||||
<td align="right">Utilisateur : </td>
|
<td align="right">Utilisateur : </td>
|
||||||
<td align="left"><input type="text" name="login" /></td>
|
<td align="left"><input type="text" name="login" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td align="right">Mot de passe : </td>
|
<td align="right">Mot de passe : </td>
|
||||||
<td align="left"><input type="password" name="passw" /></td>
|
<td align="left"><input type="password" name="passw" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td> </td>
|
<td> </td>
|
||||||
<td align="left"><br/><input type="submit" value="Connexion" /></td>
|
<td align="left"><br/><input type="submit" value="Connexion" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
if (!empty($error)) {
|
if (!empty($error)) {
|
||||||
?>
|
?>
|
||||||
<tr>
|
<tr>
|
||||||
<td colspan="2" class="auth-error">
|
<td colspan="2" class="auth-error">Identifiants invalides. Veuillez ré-essayer</td>
|
||||||
Identifiants invalides.
|
</tr>
|
||||||
Veuillez ré-essayer
|
<?php
|
||||||
</td>
|
}
|
||||||
</tr>
|
?>
|
||||||
<?php
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</table>
|
</table>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
<head>
|
<head>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
<title>Evoadmin-web - Powered by Evolix</title>
|
<title>EvoAdmin - Powered by Evolix</title>
|
||||||
<link rel="stylesheet" href="/inc/css/main.css" type="text/css" media="screen, projection" />
|
<link rel="stylesheet" href="/inc/css/main.css" type="text/css" media="screen, projection" />
|
||||||
<script type="text/javascript" src="/inc/js/lib/prototype-1.6.0.3.js"></script>
|
<script type="text/javascript" src="/inc/js/lib/prototype-1.6.0.3.js"></script>
|
||||||
<script type="text/javascript" src="/inc/js/ftpadmin.js"></script>
|
<script type="text/javascript" src="/inc/js/ftpadmin.js"></script>
|
||||||
|
@ -31,10 +31,10 @@
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
<div id="main">
|
<div id="main">
|
||||||
<h1 id="top">Evoadmin-web
|
<h1 id="top">EvoAdmin
|
||||||
<?php
|
<?php
|
||||||
if(!empty($_SESSION['user'])) {
|
if(!empty($_SESSION['user'])) {
|
||||||
print ' v'.$_SESSION['cli_version'].' - '.$_SESSION['user'];
|
print ' - '.$_SESSION['user'];
|
||||||
|
|
||||||
if(is_superadmin()) {
|
if(is_superadmin()) {
|
||||||
print ' (Administrateur)';
|
print ' (Administrateur)';
|
||||||
|
|
|
@ -1,41 +1,39 @@
|
||||||
<h2>Gestion Let's Encrypt</h2>
|
<h2>Gestion Let's Encrypt</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
if (isset($_POST['submit'])) {
|
if (!empty($messages)) {
|
||||||
if (!empty($errorMessage)) {
|
foreach($messages as $message) {
|
||||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
switch ($message["type"]) {
|
||||||
|
case "error":
|
||||||
|
echo '<span class="form-error">' . $message["content"] . '</span>';
|
||||||
|
|
||||||
if (count($failed_domains) > 0) {
|
if (count($failed_domains) > 0) {
|
||||||
echo '<p>';
|
echo '<p>';
|
||||||
foreach ($failed_domains as $failed_domain) {
|
foreach ($failed_domains as $failed_domain) {
|
||||||
echo $failed_domain . "<br>";
|
echo $failed_domain . "<br>";
|
||||||
}
|
}
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "warning":
|
||||||
|
echo '<span class="form-warning">' . $message["content"] . '</span>'; ?>
|
||||||
|
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||||
|
<p>
|
||||||
|
<input type="hidden" name="force_renew">
|
||||||
|
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
||||||
|
</p>
|
||||||
|
</form>
|
||||||
|
<?php
|
||||||
|
break;
|
||||||
|
case "notice":
|
||||||
|
echo '<span class="form-notice">' . $message["content"] . '</span>';
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
echo "Votre certificat SSL a bien été installé !";
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (!empty($errorMessage)) {
|
if (!isset($_POST["submit"])) {
|
||||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
|
||||||
|
|
||||||
if (count($failed_domains) > 0) {
|
|
||||||
echo '<p>';
|
|
||||||
foreach ($failed_domains as $failed_domain) {
|
|
||||||
echo $failed_domain . "<br>";
|
|
||||||
}
|
|
||||||
echo '</p>';
|
|
||||||
}
|
|
||||||
} elseif (!empty($warningMessage)) {
|
|
||||||
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
|
|
||||||
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
|
||||||
<p>
|
|
||||||
<input type="hidden" name="force_renew">
|
|
||||||
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
|
||||||
</p>
|
|
||||||
</form>
|
|
||||||
<?php
|
|
||||||
} else {
|
|
||||||
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
||||||
if (count($_SESSION['letsencrypt-domains']) > 0) {
|
if (count($_SESSION['letsencrypt-domains']) > 0) {
|
||||||
echo '<p>';
|
echo '<p>';
|
||||||
|
@ -49,5 +47,7 @@ if (isset($_POST['submit'])) {
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
echo "<span class='form-notice'>Votre certificat SSL a bien été installé !</span>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue