0ct0pu5/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
servnest/pages/ht/add-http-dns.php
Miraty 7f20fcf47e List sites on ht/index
2022-09-07 02:47:50 +02:00

93 lines
3.5 KiB
PHP
Raw Blame History

<?php
if (isset($_SESSION['username']))
$dirsStatuses = dirsStatuses($_SESSION['username'], "dns", "http");
else
$dirsStatuses = [];
if (processForm()) {
checkDomainFormat($_POST['domain']);
if ($dirsStatuses[$_POST['dir']] !== false)
userError("Wrong value for <code>dir</code>.");
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
userError("Ce domaine existe déjà sur ce service.");
$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
if (is_array($remoteAaaaRecords) !== true)
userError("Ce domaine n'existe pas.");
if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
userError("Ce domaine doit avoir pour unique enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
$remoteARecords = dns_get_record($_POST['domain'], DNS_A);
if (is_array($remoteARecords) !== true)
userError("Ce domaine n'existe pas.");
if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
userError("Ce domaine doit avoir pour unique enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
if ($returnCode !== 0)
serverError("Certbot failed to get a Let's Encrypt certificate.");
$nginxConf = 'server {
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
server_name ' . $_POST['domain'] . ';
root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem;
include inc/ht-tls.conf;
}
';
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
serverError("Failed to write Nginx configuration.");
// Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
if ($code !== 0)
serverError("Failed to reload Nginx.");
success("Accès HTTP par domaine ajouté sur ce dossier !");
}
?>
<p>
Ajouter sur un dossier de site un accès <?= linkToDocs('http', 'HTTP') ?> par <?= linkToDocs('dns', 'DNS') ?> et <?= linkToDocs('tls', 'TLS') ?> <?= linkToDocs('ca', 'authentifié par <em>Let\'s Encrypt</em>') ?>.
</p>
<p>
Le domaine doit contenir ces enregistrements :
<dl>
<dt><code>AAAA</code></dt>
<dd>
<code><?= CONF['ht']['ipv6_address'] ?></code>
</dd>
<dt><code>A</code></dt>
<dd>
<code><?= CONF['ht']['ipv4_address'] ?></code>
</dd>
</dl>
</p>
<form method="post">
<label for="domain">Domaine sur lequel répondre</label><br>
<input required="" placeholder="site.<?= PLACEHOLDER_DOMAIN ?>" id="domain" name="domain" type="text"><br>
<label for="dir">Dossier ciblé</label><br>
<select required="" name="dir" id="dir">
<option value="" disabled="" selected="">---</option>
<?php
foreach ($dirsStatuses as $dir => $alreadyEnabled)
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . "\n";
?>
</select>
<br>
<input value="Valider" type="submit">
</form>
Reference in a new issue View git blame Copy permalink