add-http-dns.php 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. <?php
  2. if (processForm()) {
  3. $_POST['domain'] = formatDomain($_POST['domain']);
  4. if (dirsStatuses('dns', 'http')[$_POST['dir']] !== false)
  5. output(403, 'Wrong value for <code>dir</code>.');
  6. if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
  7. output(403, 'Ce domaine existe déjà sur ce service.');
  8. $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
  9. if (is_array($remoteAaaaRecords) !== true)
  10. output(500, 'Erreur lors de la récupération de l\'enregistrement AAAA.');
  11. if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
  12. output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA <code>' . CONF['ht']['ipv6_address'] . '</code>.');
  13. $remoteARecords = dns_get_record($_POST['domain'], DNS_A);
  14. if (is_array($remoteARecords) !== true)
  15. output(500, 'Erreur lors de la récupération de l\'enregistrement A.');
  16. if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
  17. output(403, 'Ce domaine doit avoir pour unique enregistrement A <code>' . CONF['ht']['ipv4_address'] . '</code>.');
  18. $remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT);
  19. if (is_array($remoteTXTRecords) !== true)
  20. output(500, 'Erreur lors de la récupération de l\'enregistrement TXT.');
  21. if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=([0-9a-f]{8})-([0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1)
  22. output(403, 'Aucun enregistrement TXT au format correct trouvé.');
  23. checkAuthToken($matches[1], $matches[2]);
  24. rateLimit();
  25. addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http');
  26. exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'trusted') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
  27. if ($returnCode !== 0)
  28. output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output);
  29. $nginxConf = 'server {
  30. listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
  31. listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
  32. server_name ' . $_POST['domain'] . ';
  33. root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . ';
  34. ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem;
  35. ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem;
  36. include inc/ht-tls.conf;
  37. }
  38. ';
  39. if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $_POST['domain'] . '.conf', $nginxConf) === false)
  40. output(500, 'Failed to write Nginx configuration.');
  41. // Reload Nginx
  42. exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['nginx_reload_cmd'], result_code: $code);
  43. if ($code !== 0)
  44. output(500, 'Failed to reload Nginx.');
  45. output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
  46. }
  47. $dirsStatuses = dirsStatuses('onion', 'http');
  48. $proof = getAuthToken();
  49. ?>
  50. <p>
  51. Ajouter sur un dossier de site un accès <?= linkToDocs('http', 'HTTP') ?> par <?= linkToDocs('dns', 'DNS') ?> et <?= linkToDocs('tls', 'TLS') ?> <?= linkToDocs('ca', 'authentifié par <em>Let\'s Encrypt</em>') ?>.
  52. </p>
  53. <p>
  54. La présence des enregistrements ci-après sera vérifiée lors du traitement de ce formulaire.
  55. </p>
  56. <dl>
  57. <dt><code>AAAA</code></dt>
  58. <dd>
  59. <code><?= CONF['ht']['ipv6_address'] ?></code>
  60. </dd>
  61. <dt><code>A</code></dt>
  62. <dd>
  63. <code><?= CONF['ht']['ipv4_address'] ?></code>
  64. </dd>
  65. <dt><code>TXT</code></dt>
  66. <dd>
  67. <code><?= SERVER_NAME ?>_domain-verification=<?= $proof ?></code>
  68. </dd>
  69. </dl>
  70. <form method="post">
  71. <label for="domain">Domaine sur lequel répondre</label><br>
  72. <input required="" placeholder="site.<?= PLACEHOLDER_DOMAIN ?>" id="domain" name="domain" type="text"><br>
  73. <label for="dir">Dossier ciblé</label><br>
  74. <select required="" name="dir" id="dir">
  75. <option value="" disabled="" selected="">---</option>
  76. <?php
  77. foreach ($dirsStatuses as $dir => $alreadyEnabled)
  78. echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . LF;
  79. ?>
  80. </select>
  81. <br>
  82. <input value="Valider" type="submit">
  83. </form>