Fix LE setup
This commit is contained in:
parent
24113b8899
commit
67abbabf9d
43
ht/le.php
43
ht/le.php
|
@ -4,29 +4,50 @@
|
|||
</p>
|
||||
|
||||
<form method="post">
|
||||
<label for="domain">Domaine sur lequel installer le certificat</label><br>
|
||||
<input required="" placeholder="site.<?= DOMAIN_EXAMPLE ?>" id="domain" name="domain" type="text"><br>
|
||||
|
||||
<label for="domain">Domaine ciblé</label><br>
|
||||
<select required="" name="domain">
|
||||
<option value="" disabled="" selected="">---</option>
|
||||
<?php
|
||||
$sites = selectSites($_SESSION['username'], "dns", "http", false);
|
||||
$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
|
||||
foreach ($sites as $site) { ?>
|
||||
<option value="<?= $site['domain'] ?>"><?= $site['domain'] . " (/ht/" . $site['siteDir'] . ")" ?></option>
|
||||
<?php } ?>
|
||||
</select>
|
||||
<br>
|
||||
<input value="Valider" type="submit">
|
||||
</form>
|
||||
|
||||
<?php
|
||||
|
||||
if (isset($_POST['domaine']) AND isset($_SESSION['username'])) {
|
||||
if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output);
|
||||
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output);
|
||||
// Use maniver to use Certbot
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output, $returnCode);
|
||||
|
||||
// Log Certbot response
|
||||
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output, $returnCode);
|
||||
|
||||
// Abort if Certbot failed
|
||||
if ($returnCode !== 0)
|
||||
exit("Let's Encrypt certificate obtention failed. Try again later, or contact an administrator.");
|
||||
|
||||
// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
|
||||
$conf = file_get_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf");
|
||||
$conf = preg_replace("#host\.atope\.art#", $_POST['domain'], $conf);
|
||||
$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
|
||||
$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
|
||||
file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);
|
||||
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx");
|
||||
// Reload Nginx
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx", $output, $returnCode);
|
||||
|
||||
echo "Formulaire traité !!";
|
||||
} else {
|
||||
echo "Rien n'a été reçu lors du dernier chargement";
|
||||
// Abort if Maniver failed to reload Nginx
|
||||
if ($returnCode !== 0)
|
||||
exit("Nginx configuration reload failed. Try again later, or contact an administrator.");
|
||||
|
||||
echo "Succès : La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.";
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -2,14 +2,22 @@
|
|||
if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
|
||||
exit("This file is meant to be included.");
|
||||
|
||||
function addNiverLog($message, $outputLines) {
|
||||
function addNiverLog($message, $outputLines, $returnCode) {
|
||||
$logs = "\n" . date("Y-m-d H:i:s") . " " . $message . "\n";
|
||||
if (isset($returnCode))
|
||||
$logs = $logs . "Return code: " . $returnCode . "\n";
|
||||
else
|
||||
$logs = $logs . "No return code logged\n";
|
||||
foreach ($outputLines as $outputLine) {
|
||||
$logs = $logs . " " . $outputLine . "\n";
|
||||
}
|
||||
file_put_contents(ROOT_PATH . "/niver.log", $logs, FILE_APPEND);
|
||||
}
|
||||
|
||||
function appendLog($log) {
|
||||
file_put_contents(ROOT_PATH . "/niver.log", date("Y-m-d H:i:s") . var_dump($log) . "\n", FILE_APPEND);
|
||||
}
|
||||
|
||||
function checkAction($action) {
|
||||
if ($action === "delete")
|
||||
return "un";
|
||||
|
|
|
@ -48,7 +48,7 @@ function changePassword($username, $password) {
|
|||
function antiCSRF() {
|
||||
|
||||
if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN']))
|
||||
exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRS verification can't be done.");
|
||||
exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRF verification can't be done.");
|
||||
|
||||
if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== "https://niver.4.niv.re")
|
||||
exit("ERROR: Anti-CSRF verification failed");
|
||||
|
|
|
@ -16,9 +16,13 @@ function listFsDirs($username) {
|
|||
function addSite($username, $siteDir, $domain, $domainType, $protocol) {
|
||||
$db = new PDO('sqlite:' . DB_PATH);
|
||||
|
||||
$op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date)");
|
||||
$op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date, le_enabled) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date, :le_enabled)");
|
||||
|
||||
$time = date("Y-m-d H:i:s");
|
||||
if ($domainType === "dns" AND $protocol === "http")
|
||||
$le_enabled = 0;
|
||||
else
|
||||
$le_enabled = NULL;
|
||||
|
||||
$op->bindParam(':username', $username);
|
||||
$op->bindParam(':site_dir', $siteDir);
|
||||
|
@ -26,6 +30,7 @@ function addSite($username, $siteDir, $domain, $domainType, $protocol) {
|
|||
$op->bindParam(':domain_type', $domainType);
|
||||
$op->bindParam(':protocol', $protocol);
|
||||
$op->bindParam(':creation_date', $time);
|
||||
$op->bindParam(':le_enabled', $le_enabled);
|
||||
|
||||
$op->execute();
|
||||
}
|
||||
|
@ -88,5 +93,34 @@ function enableSftp($username) {
|
|||
$op->bindParam(':username', $username);
|
||||
|
||||
$op->execute();
|
||||
|
||||
}
|
||||
|
||||
function selectSites($username, $domainType, $protocol, $onlyLeAvailable) {
|
||||
$db = new PDO('sqlite:' . DB_PATH);
|
||||
$usernameArray[0] = $username;
|
||||
|
||||
$query = "SELECT site_dir,domain FROM sites WHERE username = :username AND domain_type = :domain_type AND protocol = :protocol";
|
||||
|
||||
if ($onlyLeAvailable === true)
|
||||
$query = $query . " AND le_enabled = 0";
|
||||
|
||||
$op = $db->prepare($query);
|
||||
$op->bindParam(':username', $username);
|
||||
$op->bindParam(':domain_type', $domainType);
|
||||
$op->bindParam(':protocol', $protocol);
|
||||
$op->execute();
|
||||
|
||||
$i = 0;
|
||||
$entry = $op->fetch();
|
||||
while (isset($entry['site_dir'])) {
|
||||
$result[$i]["siteDir"] = $entry['site_dir'];
|
||||
$result[$i]["domain"] = $entry['domain'];
|
||||
$i++;
|
||||
$entry = $op->fetch();
|
||||
}
|
||||
|
||||
if (isset($result))
|
||||
return $result;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue