Skip to content

Instantly share code, notes, and snippets.

@matrunchyk
Created April 26, 2016 13:56
Show Gist options
  • Save matrunchyk/db64e8f4a2e12966d5f6b3590ca5af5a to your computer and use it in GitHub Desktop.
Save matrunchyk/db64e8f4a2e12966d5f6b3590ca5af5a to your computer and use it in GitHub Desktop.
diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php
index 016de80..113de12 100644
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -40,6 +40,15 @@ return array(
'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
'save_method' => 'storeSettingField',
),
+ 'system_ssl_letsencrypt_path' => array(
+ 'label' => $lng['serversettings']['ssl']['ssl_letsencrypt_path'],
+ 'settinggroup' => 'system',
+ 'varname' => 'ssl_letsencrypt_path',
+ 'type' => 'string',
+ 'string_emptyallowed' => false,
+ 'default' => '/etc/letsencrypt/live/',
+ 'save_method' => 'storeSettingField',
+ ),
'system_ssl_cert_file' => array(
'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
'settinggroup' => 'system',
diff --git a/customer_domains.php b/customer_domains.php
index 0131132..415936a 100644
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -717,6 +717,7 @@ if ($page == 'overview') {
if ($action == '' || $action == 'view') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ $ssl_cert_file_le = isset($_POST['ssl_cert_file_le']) ? $_POST['ssl_cert_file_le'] : false;
$ssl_cert_file = isset($_POST['ssl_cert_file']) ? $_POST['ssl_cert_file'] : '';
$ssl_key_file = isset($_POST['ssl_key_file']) ? $_POST['ssl_key_file'] : '';
$ssl_ca_file = isset($_POST['ssl_ca_file']) ? $_POST['ssl_ca_file'] : '';
@@ -737,6 +738,11 @@ if ($page == 'overview') {
$do_verify = false;
}
+ if ($ssl_cert_file_le) {
+ $ssl_cert_file = 'letsencrypt';
+ $do_verify = false;
+ }
+
// verify certificate content
if ($do_verify) {
// array openssl_x509_parse ( mixed $x509cert [, bool $shortnames = true ] )
diff --git a/js/letsencrypt.js b/js/letsencrypt.js
new file mode 100644
index 0000000..a5385a0
--- /dev/null
+++ b/js/letsencrypt.js
@@ -0,0 +1,22 @@
+(function($){
+
+ var checkbox, textareas;
+
+ $(document).ready(function() {
+ checkbox = $('[name=ssl_cert_file_le]');
+ textareas = $('#ssl_cert_file, #ssl_key_file, #ssl_cert_chainfile, #ssl_ca_file');
+
+ checkbox.on('change', checkEnabled).change();
+ });
+
+ function checkEnabled() {
+ textareas.prop('disabled', checkbox.is(':checked'));
+
+ if (checkbox.is(':checked')) {
+ textareas.css('backgroundColor', '#ccc');
+ } else {
+ textareas.css('backgroundColor', '#fff');
+ }
+ }
+
+})(jQuery);
diff --git a/lib/classes/output/class.htmlform.php b/lib/classes/output/class.htmlform.php
index 692a86a..d2bd19c 100644
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -272,6 +272,7 @@ class htmlform
// will contain the output
$output = "";
+
foreach($data['values'] as $val) {
$key = $val['label'];
// is this box checked?
diff --git a/lib/classes/webserver/class.DomainSSL.php b/lib/classes/webserver/class.DomainSSL.php
index dbf0d48..fae7760 100644
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -35,6 +35,7 @@ class DomainSSL {
* @return null
*/
public function setDomainSSLFilesArray(array &$domain = null) {
+
// check if the domain itself has a certificate defined
$dom_certs_stmt = Database::prepare("
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = :domid
@@ -56,54 +57,74 @@ class DomainSSL {
&& isset($dom_certs['ssl_cert_file'])
&& $dom_certs['ssl_cert_file'] != ''
) {
- // get destination path
- $sslcertpath = makeCorrectDir(Settings::Get('system.customer_ssl_path'));
- // create path if it does not exist
- if (!file_exists($sslcertpath)) {
- safe_exec('mkdir -p '.escapeshellarg($sslcertpath));
- }
- // make correct files for the certificates
- $ssl_files = array(
- 'ssl_cert_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.crt'),
- 'ssl_key_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.key')
- );
-
- if (Settings::Get('system.webserver') == 'lighttpd') {
- // put my.crt and my.key together for lighty.
- $dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file'])."\n".trim($dom_certs['ssl_key_file'])."\n";
- $ssl_files['ssl_key_file'] = '';
- }
- // initialize optional files
- $ssl_files['ssl_ca_file'] = '';
- $ssl_files['ssl_cert_chainfile'] = '';
- // set them if they are != empty
- if ($dom_certs['ssl_ca_file'] != '') {
- $ssl_files['ssl_ca_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_CA.pem');
- }
- if ($dom_certs['ssl_cert_chainfile'] != '') {
- if (Settings::Get('system.webserver') == 'nginx') {
- // put ca.crt in my.crt, as nginx does not support a separate chain file.
- $dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file'])."\n".trim($dom_certs['ssl_cert_chainfile'])."\n";
- } else {
- $ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
+ $letsencrypt = $dom_certs['ssl_cert_file'] == 'letsencrypt';
+
+ if ($letsencrypt) {
+ $le_folder = Settings::Get( 'system.ssl_letsencrypt_path' ) ? Settings::Get( 'system.ssl_letsencrypt_path' ) : '/etc/letsencrypt/live/';
+
+ if (substr($le_folder, -1) != '/')
+ $le_folder = $le_folder . '/';
+
+ $cert_folder = $le_folder . $domain['domain'] . '/';
+
+ // override corresponding array values
+ $domain['ssl_cert_file'] = $cert_folder . 'cert.pem';
+ $domain['ssl_key_file'] = $cert_folder . 'privkey.pem';
+ $domain['ssl_cert_chainfile'] = $cert_folder . 'fullchain.pem';
+
+ } else {
+
+ // get destination path
+ $sslcertpath = makeCorrectDir( Settings::Get( 'system.customer_ssl_path' ) );
+ // create path if it does not exist
+ if ( ! file_exists( $sslcertpath ) ) {
+ safe_exec( 'mkdir -p ' . escapeshellarg( $sslcertpath ) );
}
- }
- // create them on the filesystem
- foreach ($ssl_files as $type => $filename) {
- if ($filename != '') {
- touch($filename);
- $_fh = fopen($filename, 'w');
- fwrite($_fh, $dom_certs[$type]);
- fclose($_fh);
- chmod($filename, 0600);
+ // make correct files for the certificates
+ $ssl_files = array(
+ 'ssl_cert_file' => makeCorrectFile( $sslcertpath . '/' . $domain['domain'] . '.crt' ),
+ 'ssl_key_file' => makeCorrectFile( $sslcertpath . '/' . $domain['domain'] . '.key' )
+ );
+
+ if ( Settings::Get( 'system.webserver' ) == 'lighttpd' ) {
+ // put my.crt and my.key together for lighty.
+ $dom_certs['ssl_cert_file'] = trim( $dom_certs['ssl_cert_file'] ) . "\n" . trim( $dom_certs['ssl_key_file'] ) . "\n";
+ $ssl_files['ssl_key_file'] = '';
+ }
+
+ // initialize optional files
+ $ssl_files['ssl_ca_file'] = '';
+ $ssl_files['ssl_cert_chainfile'] = '';
+ // set them if they are != empty
+ if ( $dom_certs['ssl_ca_file'] != '' ) {
+ $ssl_files['ssl_ca_file'] = makeCorrectFile( $sslcertpath . '/' . $domain['domain'] . '_CA.pem' );
+ }
+ if ( $dom_certs['ssl_cert_chainfile'] != '' ) {
+ if ( Settings::Get( 'system.webserver' ) == 'nginx' ) {
+ // put ca.crt in my.crt, as nginx does not support a separate chain file.
+ $dom_certs['ssl_cert_file'] = trim( $dom_certs['ssl_cert_file'] ) . "\n" . trim( $dom_certs['ssl_cert_chainfile'] ) . "\n";
+ } else {
+ $ssl_files['ssl_cert_chainfile'] = makeCorrectFile( $sslcertpath . '/' . $domain['domain'] . '_chain.pem' );
+ }
}
+ // create them on the filesystem
+ foreach ( $ssl_files as $type => $filename ) {
+ if ( $filename != '' ) {
+ touch( $filename );
+ $_fh = fopen( $filename, 'w' );
+ fwrite( $_fh, $dom_certs[ $type ] );
+ fclose( $_fh );
+ chmod( $filename, 0600 );
+ }
+ }
+
+ // override corresponding array values
+ $domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];
+ $domain['ssl_key_file'] = $ssl_files['ssl_key_file'];
+ $domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];
+ $domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];
}
- // override corresponding array values
- $domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];
- $domain['ssl_key_file'] = $ssl_files['ssl_key_file'];
- $domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];
- $domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];
}
return;
diff --git a/lib/formfields/customer/domains/formfield.domain_ssleditor.php b/lib/formfields/customer/domains/formfield.domain_ssleditor.php
index 1e4de10..4d801d9 100644
--- a/lib/formfields/customer/domains/formfield.domain_ssleditor.php
+++ b/lib/formfields/customer/domains/formfield.domain_ssleditor.php
@@ -24,6 +24,18 @@ return array(
'title' => 'SSL certificates',
'image' => 'icons/ssl.png',
'fields' => array(
+ 'ssl_cert_file_le' => array(
+ 'style' => 'align-top',
+ 'type' => 'checkbox',
+ 'label' => $lng['admin']['ipsandports']['use_letsencrypt'],
+ 'value' => array($result['ssl_cert_file'] == 'letsencrypt' ? 1 : 0),
+ 'values' => array(
+ array(
+ 'label' => '',
+ 'value' => 1,
+ )
+ )
+ ),
'ssl_cert_file' => array(
'style' => 'align-top',
'label' => $lng['admin']['ipsandports']['ssl_cert_file_content'],
@@ -31,7 +43,7 @@ return array(
'type' => 'textarea',
'cols' => 100,
'rows' => 15,
- 'value' => $result['ssl_cert_file']
+ 'value' => $result['ssl_cert_file'] == 'letsencrypt' ? '' : $result['ssl_cert_file']
),
'ssl_key_file' => array(
'style' => 'align-top',
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 1f5c0cf..0716361 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1883,3 +1883,7 @@ $lng['apcuinfo']['used'] = 'Used';
$lng['apcuinfo']['hitmiss'] = 'Hits & Misses';
$lng['apcuinfo']['detailmem'] = 'Detailed Memory Usage and Fragmentation';
$lng['apcuinfo']['fragment'] = 'Fragmentation';
+
+// Letsencrypt Support
+$lng['admin']['ipsandports']['use_letsencrypt'] = 'Use LetsEncrypt certificates';
+$lng['serversettings']['ssl']['ssl_letsencrypt_path']['title'] = '<b>Path to Letsencrypt live folder</b>';
\ No newline at end of file
diff --git a/templates/Sparkle/header.tpl b/templates/Sparkle/header.tpl
index 05aa536..e320ef3 100644
--- a/templates/Sparkle/header.tpl
+++ b/templates/Sparkle/header.tpl
@@ -21,6 +21,7 @@
<script type="text/javascript" src="templates/{$theme}/assets/js/tipper.min.js"></script>
<script type="text/javascript" src="templates/{$theme}/assets/js/jcanvas.min.js"></script>
<script type="text/javascript" src="templates/{$theme}/assets/js/circular.js"></script>
+ <script type="text/javascript" src="js/letsencrypt.js"></script>
{$css}
<!--[if IE]><link rel="stylesheet" href="templates/{$theme}/assets/css/main_ie.css" type="text/css" /><![endif]-->
<link href="css/jquery-ui.min.css" rel="stylesheet" type="text/css"/>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment