Implemented: FS#931 - Optional SSL for Web Interface

tbrehm

2010-07-28 4ae2a0f7071a793cb0ef54ecad888719ec788d26

Implemented: FS#931 - Optional SSL for Web Interface

 install/dist/lib/fedora.lib.php

@@ -824,6 +824,12 @@
            $content = str_replace('{vhost_port_listen}', '', $content);
        }
        
        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
            $content = str_replace('{ssl_comment}', '', $content);
        } else {
            $content = str_replace('{ssl_comment}', '#', $content);
        }
		
        wf("$vhost_conf_dir/ispconfig.vhost", $content);
        
        //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");

 install/dist/lib/gentoo.lib.php

@@ -699,6 +699,12 @@
            $content = str_replace('{vhost_port_listen}', '', $content);
        }
        
        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
            $content = str_replace('{ssl_comment}', '', $content);
        } else {
            $content = str_replace('{ssl_comment}', '#', $content);
        }
		
        $vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';
        $this->write_config_file($vhost_path, $content);
        

 install/dist/lib/opensuse.lib.php

@@ -634,7 +634,6 @@

    }
    
	
    public function install_ispconfig()
    {
        global $conf;
@@ -838,6 +837,12 @@
            $content = str_replace('{vhost_port_listen}', '', $content);
        }
        
        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
            $content = str_replace('{ssl_comment}', '', $content);
        } else {
            $content = str_replace('{ssl_comment}', '#', $content);
        }
		
        $content = str_replace('/var/www/', '/srv/www/', $content);
        
        wf("$vhost_conf_dir/ispconfig.vhost", $content);

 install/install.php

@@ -450,6 +450,10 @@
        //** Customise the port ISPConfig runs on
        $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', '8080');
        
        if(strtolower($inst->simple_query('Enable SSL for the ISPConfig web interface',array('y','n'),'y')) == 'y') {
            $inst->make_ispconfig_ssl_cert();
        }
		
        $inst->install_ispconfig_interface = true;
            
    } else {

 install/lib/install.lib.php

@@ -697,6 +697,24 @@
    }
}

/*
* Get the port number of the ISPConfig controlpanel vhost
*/

function is_ispconfig_ssl_enabled() {
    global $conf;
    $ispconfig_vhost_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost';

    if(is_file($ispconfig_vhost_file)) {
        $tmp = file_get_contents($ispconfig_vhost_file);
        if(stristr($tmp,'SSLCertificateFile')) {
            return true;
        } else {
            return false;
        }
    }
}



?>

 install/lib/installer_base.lib.php

@@ -1167,6 +1167,25 @@

    }

    public function make_ispconfig_ssl_cert() {
        global $conf;
		
        $ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
        $ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
        $ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
		
        if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
		
        $ssl_pw = substr(md5(mt_rand()),0,6);
        exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
        exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
        exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
        exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
        exec("mv $ssl_key_file $ssl_key_file.secure");
        exec("mv $ssl_key_file.insecure $ssl_key_file");
		
    }

    public function install_ispconfig() {
        global $conf;

@@ -1396,6 +1415,12 @@
            $content = str_replace('{vhost_port_listen}', '', $content);
        }

        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
            $content = str_replace('{ssl_comment}', '', $content);
        } else {
            $content = str_replace('{ssl_comment}', '#', $content);
        }

        wf("$vhost_conf_dir/ispconfig.vhost", $content);

        //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");

 install/tpl/apache_ispconfig.vhost.master

@@ -43,6 +43,10 @@
    SecRuleEngine Off
  </IfModule>

  # SSL Configuration
  {ssl_comment}SSLEngine On
  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

</VirtualHost>


 install/update.php

@@ -308,6 +308,11 @@
$ispconfig_port_number = get_ispconfig_port_number();
$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number);

// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('y','n'),'n')) == 'y') {
    $inst->make_ispconfig_ssl_cert();
}

$inst->install_ispconfig();

//** Configure Crontab