Integrate Let's Encrypt into (add|del)-http-dns.php
This commit is contained in:
parent
72f4ce3605
commit
674dd1f699
|
@ -23,6 +23,8 @@ kdig_path = "/usr/bin/kdig"
|
||||||
|
|
||||||
[ht]
|
[ht]
|
||||||
enabled = true
|
enabled = true
|
||||||
|
letsencrypt_use_production = false
|
||||||
|
|
||||||
; Path were user's sites will be stored
|
; Path were user's sites will be stored
|
||||||
ht_path = "/srv/niver/ht"
|
ht_path = "/srv/niver/ht"
|
||||||
; Nginx configuration directory
|
; Nginx configuration directory
|
||||||
|
|
|
@ -79,6 +79,13 @@ function htDeleteSite($dir, $domainType, $protocol) {
|
||||||
if ($code !== 0)
|
if ($code !== 0)
|
||||||
serverError("Failed to reload Nginx.");
|
serverError("Failed to reload Nginx.");
|
||||||
|
|
||||||
|
if ($domainType === 'dns') {
|
||||||
|
// Delete Let's Encrypt certificate
|
||||||
|
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
|
||||||
|
if ($code !== 0)
|
||||||
|
serverError("Certbot failed to delete the Let's Encrypt certificate.");
|
||||||
|
}
|
||||||
|
|
||||||
// Delete from database
|
// Delete from database
|
||||||
query('delete', 'sites', [
|
query('delete', 'sites', [
|
||||||
'username' => $_SESSION['username'],
|
'username' => $_SESSION['username'],
|
||||||
|
|
|
@ -28,18 +28,22 @@ if (processForm()) {
|
||||||
|
|
||||||
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
|
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
|
||||||
|
|
||||||
|
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
|
||||||
|
if ($returnCode !== 0)
|
||||||
|
serverError("Certbot failed to get a Let's Encrypt certificate.");
|
||||||
|
|
||||||
$nginxConf = 'server {
|
$nginxConf = 'server {
|
||||||
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
|
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
|
||||||
listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
|
listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
|
||||||
server_name ' . $_POST['domain'] . ';
|
server_name ' . $_POST['domain'] . ';
|
||||||
root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
|
root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/certs/niver.crt;
|
ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem;
|
||||||
ssl_certificate_key /etc/ssl/private/niver.key;
|
ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem;
|
||||||
|
|
||||||
include inc/ht-tls.conf;
|
include inc/ht-tls.conf;
|
||||||
}
|
}
|
||||||
';
|
';
|
||||||
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
|
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
|
||||||
serverError("Failed to write Nginx configuration.");
|
serverError("Failed to write Nginx configuration.");
|
||||||
|
|
||||||
|
@ -49,7 +53,6 @@ if (processForm()) {
|
||||||
serverError("Failed to reload Nginx.");
|
serverError("Failed to reload Nginx.");
|
||||||
|
|
||||||
success("Accès HTTP par domaine ajouté sur ce dossier !");
|
success("Accès HTTP par domaine ajouté sur ce dossier !");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -57,8 +60,8 @@ if (processForm()) {
|
||||||
<p>
|
<p>
|
||||||
Ajouter un domaine sur un dossier de site<br>
|
Ajouter un domaine sur un dossier de site<br>
|
||||||
Le domaine doit pointer vers ces adresses IP :
|
Le domaine doit pointer vers ces adresses IP :
|
||||||
<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
|
|
||||||
<br>IPv6 : <code><?= CONF['ht']['ipv6_address'] ?></code>
|
<br>IPv6 : <code><?= CONF['ht']['ipv6_address'] ?></code>
|
||||||
|
<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<form method="post">
|
<form method="post">
|
||||||
|
@ -67,16 +70,12 @@ if (processForm()) {
|
||||||
<label for="dir">Dossier ciblé</label><br>
|
<label for="dir">Dossier ciblé</label><br>
|
||||||
<select required="" name="dir" id="dir">
|
<select required="" name="dir" id="dir">
|
||||||
<option value="" disabled="" selected="">---</option>
|
<option value="" disabled="" selected="">---</option>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
foreach ($dirsStatuses as $dir => $alreadyEnabled) {
|
foreach ($dirsStatuses as $dir => $alreadyEnabled)
|
||||||
$disabled = $alreadyEnabled ? " disabled=''" : "";
|
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . "\n";
|
||||||
echo " <option" . $disabled . " value='" . $dir . "'>" . $dir . "</option>";
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
</select>
|
</select>
|
||||||
<br>
|
<br>
|
||||||
<input value="Valider" type="submit">
|
<input value="Valider" type="submit">
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
if (processForm()) {
|
|
||||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --dry-run --test-cert --webroot --webroot-path /srv/acme --register-unsafely-without-email --agree-tos --domain " . $_POST['domain'], $output, $returnCode);
|
|
||||||
|
|
||||||
// Abort if Certbot failed
|
|
||||||
if ($returnCode !== 0)
|
|
||||||
serverError("Certbot failed to get a Let's Encrypt certificate.");
|
|
||||||
|
|
||||||
// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
|
|
||||||
$conf = file_get_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf");
|
|
||||||
$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
|
|
||||||
$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
|
|
||||||
file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $conf);
|
|
||||||
|
|
||||||
// Reload Nginx
|
|
||||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output, $returnCode);
|
|
||||||
|
|
||||||
// Abort if Nginx reload failed
|
|
||||||
if ($returnCode !== 0)
|
|
||||||
serverError("Nginx configuration reload failed.");
|
|
||||||
|
|
||||||
success("La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.");
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
<p>
|
|
||||||
Installer un certificat Let's Encrypt
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<form method="post">
|
|
||||||
<label for="domain">Domaine ciblé</label><br>
|
|
||||||
<select required="" name="domain">
|
|
||||||
<option value="" disabled="" selected="">---</option>
|
|
||||||
<?php
|
|
||||||
if (isset($_SESSION['username'])) {
|
|
||||||
$sites = selectSites($_SESSION['username'], "dns", "http", false);
|
|
||||||
$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
|
|
||||||
foreach ($sites as $site)
|
|
||||||
echo '<option value="' . $site['domain'] . '">' . $site['domain'] . " (/" . $site['siteDir'] . ")</option>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
|
|
||||||
</select>
|
|
||||||
<br>
|
|
||||||
<input value="Valider" type="submit">
|
|
||||||
</form>
|
|
Loading…
Reference in New Issue