Integrate Let's Encrypt into (add|del)-http-dns.php
This commit is contained in:
Miraty
parent
72f4ce3605
commit
674dd1f699
4 changed files with 19 additions and 59 deletions
|
|
@ -23,6 +23,8 @@ kdig_path = "/usr/bin/kdig"
|
|||
|
||||
[ht]
|
||||
enabled = true
|
||||
letsencrypt_use_production = false
|
||||
|
||||
; Path were user's sites will be stored
|
||||
ht_path = "/srv/niver/ht"
|
||||
; Nginx configuration directory
|
||||
|
|
|
|||
|
|
@ -79,6 +79,13 @@ function htDeleteSite($dir, $domainType, $protocol) {
|
|||
if ($code !== 0)
|
||||
serverError("Failed to reload Nginx.");
|
||||
|
||||
if ($domainType === 'dns') {
|
||||
// Delete Let's Encrypt certificate
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Certbot failed to delete the Let's Encrypt certificate.");
|
||||
}
|
||||
|
||||
// Delete from database
|
||||
query('delete', 'sites', [
|
||||
'username' => $_SESSION['username'],
|
||||
|
|
|
|||
|
|
@ -28,18 +28,22 @@ if (processForm()) {
|
|||
|
||||
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
|
||||
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
|
||||
if ($returnCode !== 0)
|
||||
serverError("Certbot failed to get a Let's Encrypt certificate.");
|
||||
|
||||
$nginxConf = 'server {
|
||||
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
|
||||
listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
|
||||
server_name ' . $_POST['domain'] . ';
|
||||
root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
|
||||
|
||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
||||
ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem;
|
||||
|
||||
include inc/ht-tls.conf;
|
||||
}
|
||||
';
|
||||
';
|
||||
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
|
||||
serverError("Failed to write Nginx configuration.");
|
||||
|
||||
|
|
@ -49,7 +53,6 @@ if (processForm()) {
|
|||
serverError("Failed to reload Nginx.");
|
||||
|
||||
success("Accès HTTP par domaine ajouté sur ce dossier !");
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -57,8 +60,8 @@ if (processForm()) {
|
|||
<p>
|
||||
Ajouter un domaine sur un dossier de site<br>
|
||||
Le domaine doit pointer vers ces adresses IP :
|
||||
<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
|
||||
<br>IPv6 : <code><?= CONF['ht']['ipv6_address'] ?></code>
|
||||
<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
|
||||
</p>
|
||||
|
||||
<form method="post">
|
||||
|
|
@ -67,16 +70,12 @@ if (processForm()) {
|
|||
<label for="dir">Dossier ciblé</label><br>
|
||||
<select required="" name="dir" id="dir">
|
||||
<option value="" disabled="" selected="">---</option>
|
||||
|
||||
<?php
|
||||
|
||||
foreach ($dirsStatuses as $dir => $alreadyEnabled) {
|
||||
$disabled = $alreadyEnabled ? " disabled=''" : "";
|
||||
echo " <option" . $disabled . " value='" . $dir . "'>" . $dir . "</option>";
|
||||
}
|
||||
foreach ($dirsStatuses as $dir => $alreadyEnabled)
|
||||
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . "\n";
|
||||
|
||||
?>
|
||||
|
||||
</select>
|
||||
<br>
|
||||
<input value="Valider" type="submit">
|
||||
|
|
|
|||
|
|
@ -1,48 +0,0 @@
|
|||
<?php
|
||||
|
||||
if (processForm()) {
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --dry-run --test-cert --webroot --webroot-path /srv/acme --register-unsafely-without-email --agree-tos --domain " . $_POST['domain'], $output, $returnCode);
|
||||
|
||||
// Abort if Certbot failed
|
||||
if ($returnCode !== 0)
|
||||
serverError("Certbot failed to get a Let's Encrypt certificate.");
|
||||
|
||||
// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
|
||||
$conf = file_get_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf");
|
||||
$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
|
||||
$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
|
||||
file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $conf);
|
||||
|
||||
// Reload Nginx
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output, $returnCode);
|
||||
|
||||
// Abort if Nginx reload failed
|
||||
if ($returnCode !== 0)
|
||||
serverError("Nginx configuration reload failed.");
|
||||
|
||||
success("La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.");
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<p>
|
||||
Installer un certificat Let's Encrypt
|
||||
</p>
|
||||
|
||||
<form method="post">
|
||||
<label for="domain">Domaine ciblé</label><br>
|
||||
<select required="" name="domain">
|
||||
<option value="" disabled="" selected="">---</option>
|
||||
<?php
|
||||
if (isset($_SESSION['username'])) {
|
||||
$sites = selectSites($_SESSION['username'], "dns", "http", false);
|
||||
$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
|
||||
foreach ($sites as $site)
|
||||
echo '<option value="' . $site['domain'] . '">' . $site['domain'] . " (/" . $site['siteDir'] . ")</option>";
|
||||
}
|
||||
?>
|
||||
|
||||
</select>
|
||||
<br>
|
||||
<input value="Valider" type="submit">
|
||||
</form>
|
||||
Loading…
Reference in a new issue