Merged revisions 3960-4065 from stable branch.

tbrehm

2013-07-31 615a0a96618fa99e7e452523145d6c0f238d4473

 server/plugins-available/nginx_plugin.inc.php

@@ -99,7 +99,7 @@
      $app->uses('getconf');
      $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
      if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
         $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);	
         $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);	
      
      //* Only vhosts can have a ssl cert
      if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
@@ -243,6 +243,7 @@
         if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]);
         //if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
         if(trim($data["new"]["ssl_key"]) != '') $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
         $app->system->chmod($key_file2,0400);
         
         // for nginx, bundle files have to be appended to the certificate file
         if(trim($data["new"]["ssl_bundle"]) != ''){            
@@ -678,6 +679,9 @@
         }
      }

      //* add the nginx user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update
      if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
		
      //* If the security level is set to high
      if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
      
@@ -716,13 +720,10 @@
               //* add the nginx user to the client group in the chroot environment
               $tmp_groupfile = $app->system->server_conf['group_datei'];
               $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
               $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
               $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
               $app->system->server_conf['group_datei'] = $tmp_groupfile;
               unset($tmp_groupfile);
            }

            //* add the nginx user to the client group
            $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
            
            //* Chown all default directories
            $app->system->chown($data['new']['document_root'],'root');
@@ -937,6 +938,20 @@
      
      // backwards compatibility; since ISPConfig 3.0.5, the PHP mode for nginx is called 'php-fpm' instead of 'fast-cgi'. The following line makes sure that old web sites that have 'fast-cgi' in the database still get PHP-FPM support.
      if($vhost_data['php'] == 'fast-cgi') $vhost_data['php'] = 'php-fpm';
		
      // Custom rewrite rules
      $final_rewrite_rules = array();
      $custom_rewrite_rules = $data['new']['rewrite_rules'];
      // Make sure we only have Unix linebreaks
      $custom_rewrite_rules = str_replace("\r\n", "\n", $custom_rewrite_rules);
      $custom_rewrite_rules = str_replace("\r", "\n", $custom_rewrite_rules);
      $custom_rewrite_rule_lines = explode("\n", $custom_rewrite_rules);
      if(is_array($custom_rewrite_rule_lines) && !empty($custom_rewrite_rule_lines)){
         foreach($custom_rewrite_rule_lines as $custom_rewrite_rule_line){
            $final_rewrite_rules[] = array('rewrite_rule' => $custom_rewrite_rule_line);
         }
      }
      $tpl->setLoop('rewrite_rules', $final_rewrite_rules);
      
      // Custom nginx directives
      $final_nginx_directives = array();
@@ -1525,7 +1540,8 @@
         $nginx_online_status_before_restart = $this->_checkTcp('localhost',80);
         $app->log('nginx status is: '.$nginx_online_status_before_restart,LOGLEVEL_DEBUG);

         $app->services->restartService('httpd','restart');
         $retval = $app->services->restartService('httpd','restart'); // $retval['retval'] is 0 on success and > 0 on failure
         $app->log('nginx restart return value is: '.$retval['retval'],LOGLEVEL_DEBUG);
         
         // wait a few seconds, before we test the apache status again
         sleep(2);
@@ -1533,9 +1549,18 @@
         //* Check if nginx restarted successfully if it was online before
         $nginx_online_status_after_restart = $this->_checkTcp('localhost',80);
         $app->log('nginx online status after restart is: '.$nginx_online_status_after_restart,LOGLEVEL_DEBUG);
         if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {
            $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
         if($nginx_online_status_before_restart && !$nginx_online_status_after_restart || $retval['retval'] > 0) { 
            $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].'. Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
            if(is_array($retval['output']) && !empty($retval['output'])){
               $app->log('Reason for nginx restart failure: '.implode("\n", $retval['output']),LOGLEVEL_WARN);
            } else {
               // if no output is given, check again
               exec('nginx -t 2>&1', $tmp_output, $tmp_retval);
               if($tmp_retval > 0 && is_array($tmp_output) && !empty($tmp_output)) $app->log('Reason for nginx restart failure: '.implode("\n", $tmp_output),LOGLEVEL_WARN);
               unset($tmp_output, $tmp_retval);
            }
            $app->system->copy($vhost_file,$vhost_file.'.err');
				
            if(is_file($vhost_file.'~')) {
               //* Copy back the last backup file
               $app->system->copy($vhost_file.'~',$vhost_file);
@@ -1581,12 +1606,7 @@
         }
      } else {
         //* We do not check the nginx config after changes (is faster)
         if($nginx_chrooted) {
            $app->services->restartServiceDelayed('httpd','reload');
         } else {
            // request a httpd reload when all records have been processed
            $app->services->restartServiceDelayed('httpd','reload');
         }
         $app->services->restartServiceDelayed('httpd','reload');
      }
      
      //* The vhost is written and apache has been restarted, so we 
@@ -2400,6 +2420,12 @@
      if(is_array($lines) && !empty($lines)){
         $linecount = sizeof($lines);
         for($h=0;$h<$linecount;$h++){
            // remove comments
            if(substr(trim($lines[$h]),0,1) == '#'){
               unset($lines[$h]);
               continue;
            }
				
            $lines[$h] = rtrim($lines[$h]);
            /*
            if(substr(ltrim($lines[$h]), 0, 8) == 'location' && strpos($lines[$h], '{') !== false && strpos($lines[$h], ';') !== false){
@@ -2526,8 +2552,10 @@
            $app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
         }
         
         $this->_exec('groupdel client'.$client_id);
         $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
         if($app->system->is_group('client'.$client_id)){
            $this->_exec('groupdel client'.$client_id);
            $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
         }
      }
      
   }