servnest
/
servnest
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Fix LE setup

This commit is contained in:
Miraty 2021-10-03 18:03:08 +02:00
parent 24113b8899
commit 67abbabf9d
4 changed files with 78 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ht/le.php
View File

@ -4,29 +4,50 @@
</p>
<form method="post">
<label for="domain">Domaine sur lequel installer le certificat</label><br>
<input required="" placeholder="site.<?= DOMAIN_EXAMPLE ?>" id="domain" name="domain" type="text"><br>
<label for="domain">Domaine ciblé</label><br>
<select required="" name="domain">
<option value="" disabled="" selected="">---</option>
<?php
$sites = selectSites($_SESSION['username'], "dns", "http", false);
$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
foreach ($sites as $site) { ?>
<option value="<?= $site['domain'] ?>"><?= $site['domain'] . " (/ht/" . $site['siteDir'] . ")" ?></option>
<?php } ?>
</select>
<br>
<input value="Valider" type="submit">
</form>
<?php
if (isset($_POST['domaine']) AND isset($_SESSION['username'])) {
if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
antiCSRF();
exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output);
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output);
// Use maniver to use Certbot
exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output, $returnCode);
// Log Certbot response
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output, $returnCode);
// Abort if Certbot failed
if ($returnCode !== 0)
exit("Let's Encrypt certificate obtention failed. Try again later, or contact an administrator.");
// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
$conf = file_get_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf");
$conf = preg_replace("#host\.atope\.art#", $_POST['domain'], $conf);
$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);
exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx");
// Reload Nginx
exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx", $output, $returnCode);
echo "Formulaire traité !!";
} else {
echo "Rien n'a été reçu lors du dernier chargement";
// Abort if Maniver failed to reload Nginx
if ($returnCode !== 0)
exit("Nginx configuration reload failed. Try again later, or contact an administrator.");
echo "Succès : La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.";
}
?>

10
inc/all.inc.php
View File

@ -2,14 +2,22 @@
if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
exit("This file is meant to be included.");
function addNiverLog($message, $outputLines) {
function addNiverLog($message, $outputLines, $returnCode) {
$logs = "\n" . date("Y-m-d H:i:s") . " " . $message . "\n";
if (isset($returnCode))
$logs = $logs . "Return code: " . $returnCode . "\n";
else
$logs = $logs . "No return code logged\n";
foreach ($outputLines as $outputLine) {
$logs = $logs . " " . $outputLine . "\n";
}
file_put_contents(ROOT_PATH . "/niver.log", $logs, FILE_APPEND);
}
function appendLog($log) {
file_put_contents(ROOT_PATH . "/niver.log", date("Y-m-d H:i:s") . var_dump($log) . "\n", FILE_APPEND);
}
function checkAction($action) {
if ($action === "delete")
return "un";

2
inc/auth.inc.php
View File

@ -48,7 +48,7 @@ function changePassword($username, $password) {
function antiCSRF() {
if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN']))
exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRS verification can't be done.");
exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRF verification can't be done.");
if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== "https://niver.4.niv.re")
exit("ERROR: Anti-CSRF verification failed");

38
inc/ht.inc.php
View File

@ -16,9 +16,13 @@ function listFsDirs($username) {
function addSite($username, $siteDir, $domain, $domainType, $protocol) {
$db = new PDO('sqlite:' . DB_PATH);
$op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date)");
$op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date, le_enabled) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date, :le_enabled)");
$time = date("Y-m-d H:i:s");
if ($domainType === "dns" AND $protocol === "http")
$le_enabled = 0;
else
$le_enabled = NULL;
$op->bindParam(':username', $username);
$op->bindParam(':site_dir', $siteDir);
@ -26,6 +30,7 @@ function addSite($username, $siteDir, $domain, $domainType, $protocol) {
$op->bindParam(':domain_type', $domainType);
$op->bindParam(':protocol', $protocol);
$op->bindParam(':creation_date', $time);
$op->bindParam(':le_enabled', $le_enabled);
$op->execute();
}
@ -88,5 +93,34 @@ function enableSftp($username) {
$op->bindParam(':username', $username);
$op->execute();
}
function selectSites($username, $domainType, $protocol, $onlyLeAvailable) {
$db = new PDO('sqlite:' . DB_PATH);
$usernameArray[0] = $username;
$query = "SELECT site_dir,domain FROM sites WHERE username = :username AND domain_type = :domain_type AND protocol = :protocol";
if ($onlyLeAvailable === true)
$query = $query . " AND le_enabled = 0";
$op = $db->prepare($query);
$op->bindParam(':username', $username);
$op->bindParam(':domain_type', $domainType);
$op->bindParam(':protocol', $protocol);
$op->execute();
$i = 0;
$entry = $op->fetch();
while (isset($entry['site_dir'])) {
$result[$i]["siteDir"] = $entry['site_dir'];
$result[$i]["domain"] = $entry['domain'];
$i++;
$entry = $op->fetch();
}
if (isset($result))
return $result;
else
return false;
}