From acd93390a9a45e52f38631de3df8d96cfd4dbe22 Mon Sep 17 00:00:00 2001 From: Miraty Date: Tue, 3 May 2022 15:27:46 +0200 Subject: [PATCH] ht/ rework for dns step 1 --- ht.php | 6 ++++-- public/ht/https-domain.php | 24 +++++++++++++++++------- public/ht/le.php | 7 +++---- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/ht.php b/ht.php index a74d89a..491f4e0 100644 --- a/ht.php +++ b/ht.php @@ -9,6 +9,8 @@ define("INTERNAL_ONION_HTTP_PORT", "9080"); define("HT_PATH", "/srv/ht"); define("MANIVER_PATH", "/usr/local/bin/maniver"); +define("SYSTEMCTL_PATH", "/usr/bin/systemctl"); +define("CERTBOT_PATH", "/usr/bin/certbot"); define("SUDO_PATH", "/usr/bin/sudo"); define("LS_PATH", "/usr/bin/ls"); define("NGINX_CONFIG_PATH", "/etc/nginx/ht"); // Nginx configuration directory @@ -30,11 +32,11 @@ function addNiverLog($message, $outputLines, $returnCode = false) { foreach ($outputLines as $outputLine) { $logs = $logs . " " . $outputLine . "\n"; } - file_put_contents(NIVER_PATH . "/niver.log", $logs, FILE_APPEND); + file_put_contents(ROOT_PATH . "/niver.log", $logs, FILE_APPEND); } function listFsDirs($username) { - exec(LS_PATH . " --format=single-column -d " . HT_PATH . "/" . $username . "/ht/*/", $absoluteDirs); + exec(LS_PATH . " --format=single-column -d " . HT_PATH . "/" . $username . "/*/", $absoluteDirs); $relativeDirs = false; foreach ($absoluteDirs as $i => $absoluteDir) { $tree = explode("/", $absoluteDir); // The last key is NULL diff --git a/public/ht/https-domain.php b/public/ht/https-domain.php index 1a25386..a07122e 100644 --- a/public/ht/https-domain.php +++ b/public/ht/https-domain.php @@ -65,16 +65,26 @@ if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['userna addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http"); - $nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/dns.template"); - $nginxConf = str_replace("{{HTTPS_PORT}}", HTTPS_PORT, $nginxConf); - $nginxConf = str_replace("{{DOMAIN}}", $_POST['domain'], $nginxConf); - $nginxConf = str_replace("{{HT_PATH}}", HT_PATH, $nginxConf); - $nginxConf = str_replace("{{USERNAME}}", $_SESSION['username'], $nginxConf); - $nginxConf = str_replace("{{DIR}}", $_POST['dir'], $nginxConf); + $nginxConf = 'server { + listen [::1]:' . HTTPS_PORT . ' ssl http2; + listen 127.0.0.1:' . HTTPS_PORT . ' ssl http2; + server_name ' . $_POST['domain'] . '; + root ' . HT_PATH . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '; + + ssl_certificate /etc/ssl/certs/niver.crt; + ssl_certificate_key /etc/ssl/private/niver.key; + + include inc/tls.conf; + + location / { + try_files $uri $uri.html $uri/ =404; + } +} +'; file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $nginxConf); // Reload Nginx - exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx"); + exec(SUDO_PATH . " " . SYSTEMCTL_PATH . " reload nginx"); echo "Accès HTTP par domaine ajouté sur ce dossier !"; } diff --git a/public/ht/le.php b/public/ht/le.php index 55e149c..7ecccab 100644 --- a/public/ht/le.php +++ b/public/ht/le.php @@ -11,7 +11,7 @@ $sites = selectSites($_SESSION['username'], "dns", "http", false); $leAvailable = selectSites($_SESSION['username'], "dns", "http", true); foreach ($sites as $site) { ?> - +
@@ -24,8 +24,7 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) { antiCSRF(); - // Use maniver to use Certbot - exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output, $returnCode); + exec(SUDO_PATH . " " . CERTBOT_PATH . " certonly --dry-run --test-cert --webroot --webroot-path /srv/acme --register-unsafely-without-email --agree-tos --domain " . $_POST['domain'], $output, $returnCode); // Log Certbot response addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output, $returnCode); @@ -41,7 +40,7 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) { file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf); // Reload Nginx - exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx", $output, $returnCode); + exec(SUDO_PATH . " " . SYSTEMCTL_PATH . " reload nginx reload", $output, $returnCode); // Abort if Maniver failed to reload Nginx if ($returnCode !== 0)