| Current File : //root/panel/modules/ssl/hooks/OnDaemonRun.hook.php |
<?php
function remove_space($str)
{
$str = trim(preg_replace('/\s+/','', $str));
return $str;
}
function trim_space($str)
{
$str = trim(preg_replace('/\s+/',' ', $str));
return $str;
}
global $zdbh;
// shell_exec("certbot certificates > /var/log/letsencrypt/sslrenew.log");
$mod_http_array = array();
$mod_conf_query = "SELECT * FROM x_ssl WHERE ssl_delete IS NULL";
$mod_conf = $zdbh->prepare($mod_conf_query);
$mod_conf->execute();
$mod_count = $mod_conf->rowCount();
if ( $mod_count > 0 )
{
shell_exec("/usr/local/letsencrypt/./certbot-auto certificates > /var/log/letsencrypt/sslrenew.log");
$ssl_conf_count_query = "SELECT * FROM x_ssl WHERE ssl_status=0 AND ssl_delete IS NULL";
$ssl_conf_count = $zdbh->prepare($ssl_conf_count_query);
$ssl_conf_count->execute();
$ssl_count = $ssl_conf_count->fetchColumn();
$mod_http_array = array();
$mod_conf_query = "SELECT vh_id_pk FROM x_vhosts WHERE vh_modhttp_status = 0 and vh_deleted_ts IS NULL";
$mod_conf = $zdbh->prepare($mod_conf_query);
$mod_conf->execute();
$mod_count = $mod_conf->rowCount();
if ($ssl_count > 0 || $mod_count > 0 )
{
echo "----------------------SSL Start--------------------------- \n";
$privkey = array();
$domain_certbot = array();
shell_exec("touch /var/log/letsencrypt/sslrenew.log");
// shell_exec("certbot certificates > /var/log/letsencrypt/sslrenew.log");
shell_exec(" /usr/local/letsencrypt/./certbot-auto certificates > /var/log/letsencrypt/sslrenew.log");
$domain_certbot = shell_exec("grep -ni 'Domains' /var/log/letsencrypt/sslrenew.log");
$line_cerbot = explode("\n",$domain_certbot);
$line=array();
$domain_list=array();
/***************************Modhttp2 domain detail start part ***************************************/
$smod_conf_query = "SELECT vh_id_pk,vh_name_vc FROM x_vhosts WHERE vh_modhttp = 2 and vh_deleted_ts IS NULL";
$smod_conf = $zdbh->prepare($smod_conf_query);
$smod_conf->execute();
while($srows=$smod_conf->fetch())
{
$d_id = $srows['vh_id_pk'];
$d_name = $srows['vh_name_vc'];
$mod_http_array[$d_name] = $d_id;
}
foreach($line_cerbot as $key=>$value)
{
if(trim($value)!="")
{
$line_num = explode(":", $value);
$line[] = trim($line_num[0]) + 3;
$domain_list_temp=explode(":",$value);
$domain_list_temp1=explode(",",$domain_list_temp[2]);
$domain_list[]=trim($domain_list_temp1[0]);
}
}
foreach($domain_list as $key=>$value)
{
if(trim($value)!="")
{
$domain_lists_temp=explode(" ",$value);
$domain_lists[]=trim($domain_lists_temp[0]);
}
}
//print_r($domain_lists);
$privkey_list=array();
foreach($line as $key=>$value)
{
if(trim($value)!="")
{
$privkey = shell_exec("sed -n '$value'p /var/log/letsencrypt/sslrenew.log");
$privkey_list_temp=explode("/",$privkey);
$privkey_list[]=trim($privkey_list_temp[4]);
}
}
$sql_content= $zdbh->prepare("SELECT flag FROM x_picdata where id='1'");
$sql_content->execute();
$contentl=$sql_content->fetch();
$flag_content=$contentl['flag'];
$ssl_conf_query = "SELECT a.*,b.ac_user_vc FROM x_vhosts a,x_accounts b WHERE a.vh_enabled_in=1 AND a.vh_deleted_ts IS NULL AND a.vh_acc_fk=b.ac_id_pk AND a.vh_name_vc IN (select ssl_doamin from x_ssl where ssl_delete IS NULL ) ORDER BY a.vh_name_vc ASC";
$ssl_conf = $zdbh->prepare($ssl_conf_query);
$ssl_conf->execute();
$first = 1;
$first_bind=0;
$line="";
while($row = $ssl_conf->fetch())
{
$domain = trim(strtolower($row['vh_name_vc']));
$getcurrentuser = $row['ac_user_vc'];
$vh_directory_vc = $row['vh_directory_vc'];
echo $domain." - in while();\n";
echo $domain;
print_r($domain_lists);
$domain_lists=array_map('trim',$domain_lists);
$domain_with_www="www.".trim($domain) ;
// if((in_array(trim($domain) ,$domain_lists) ) || (in_array("www".trim($domain) ,$domain_lists) ) )
if((in_array(trim($domain) ,$domain_lists) ) || (in_array($domain_with_www,$domain_lists) ) )
{
if(in_array(trim($domain) ,$domain_lists) )
$get_key = array_search(trim($domain),$domain_lists);
else
$get_key = array_search(trim($domain_with_www),$domain_lists);
//print_r($privkey_list);
$key_path = $privkey_list[trim($get_key)];
$file_path = "/etc/letsencrypt/live/".$key_path;
if(file_exists($file_path))
{
echo "Welcome1";
echo "Inner filepath: $file_path \n";
echo "domain : $domain \n";
$ssl_sql = $zdbh->prepare("UPDATE x_ssl SET ssl_status=1 WHERE ssl_doamin=:ssl_doamin AND ssl_delete IS NULL");
$ssl_sql->bindParam(':ssl_doamin', $domain);
$ssl_sql->execute();
$core_php_version = ctrl_options::GetSystemOption('core_php_version');
$checkversion="";
if(!$core_php_version)
{
if(version_compare(phpversion(),"5.5")==1)
{
$checkversion="php56";
}
else
{
$checkversion="php53";
}
}
else
{
$checkversion=strtolower($core_php_version);
}
$phpVersion="";
$sql_php = "SELECT * FROM x_phpversion_upgrade WHERE x_client_id=:userid ";
$numrows_php = $zdbh->prepare($sql_php);
$numrows_php->bindParam(':userid', $row['vh_id_pk']);
$numrows_php->execute();
if ($numrows_php->fetchColumn() > 0)
{
$numrows_php1 = $zdbh->prepare($sql_php);
$numrows_php1->bindParam(':userid', $row['vh_id_pk']);
$numrows_php1->execute();
$res=$numrows_php1->fetch();
$phpVersion=$res['x_php_version'];
}
else
{
if(!$core_php_version)
{
if(version_compare(phpversion(),"5.5")==1)
{
$phpVersion="php56";
}else
{
$phpVersion="php53";
}
}else
{
$phpVersion=strtolower($core_php_version);
}
}
/* ////////////////////////////////////////////////////////////////////////// Nginx Bind Start //////////////////////////////////////////////////////////////////////////////////////// */
$ssl_dom_nginx_conf_file = "/etc/nginx/availablesites/SSL_".$row['vh_name_vc'].".conf";
if(!(file_exists($ssl_dom_nginx_conf_file)))
{
echo $row['vh_name_vc']." - Nginx configuration writing";
//$getcurrentuser=$webhost['ac_user_vc'];
//$vh_directory_vc=$row['vh_directory_vc'];
//$DomRootDir = '"' . ctrl_options::GetSystemOption('hosted_dir') . $vhostuser['username'] . '/public_html' . $row['vh_directory_vc'] . '"';
$location_rootpath=ctrl_options::GetSystemOption('hosted_dir') . $getcurrentuser . $row['vh_directory_vc'] ;
$rootpath=rtrim($location_rootpath,"/");
$nginx_conf_file = fopen($ssl_dom_nginx_conf_file,"w");
fwrite($nginx_conf_file,"server { \n");
if(array_key_exists(remove_space($domain), $mod_http_array) || array_key_exists(remove_space($domain_with_www),$mod_http_array) )
{
fwrite($nginx_conf_file,"listen 443 ssl http2; \n");
}
else
{
fwrite($nginx_conf_file,"listen 443 ssl; \n");
}
fwrite($nginx_conf_file,"server_name ".$row['vh_name_vc']." www.".$row['vh_name_vc']."; \n");
fwrite($nginx_conf_file,"ssl on; \n");
$file_path = "/etc/letsencrypt/live/".$key_path;
fwrite($nginx_conf_file,"ssl_certificate ".$file_path."/fullchain.pem; \n");
fwrite($nginx_conf_file,"ssl_certificate_key ".$file_path."/privkey.pem; \n");
fwrite($nginx_conf_file,"location / { \n");
fwrite($nginx_conf_file,"root ".$rootpath."; \n");
fwrite($nginx_conf_file,"index index.html index.htm index.php; \n");
fwrite($nginx_conf_file,"try_files $"."uri $"."uri/ /index.php?$"."args; \n");
fwrite($nginx_conf_file,"rewrite ^/whm/$"." http://".$row['vh_name_vc'].":2086/?access=whm redirect; \n");
fwrite($nginx_conf_file,"rewrite ^/whm$"." http://".$row['vh_name_vc'].":2086/?access=whm redirect; \n");
fwrite($nginx_conf_file,"rewrite ^/cpanel/$"." http://".$row['vh_name_vc'].":2082/?access=cpanel redirect; \n");
fwrite($nginx_conf_file,"rewrite ^/cpanel$"." http://".$row['vh_name_vc'].":2082/?access=cpanel redirect; \n");
fwrite($nginx_conf_file,"rewrite ^/webmail/$"." http://".$row['vh_name_vc'].":2095 redirect; \n");
fwrite($nginx_conf_file,"rewrite ^/webmail$"." http://".$row['vh_name_vc'].":2095 redirect; \n");
fwrite($nginx_conf_file,"} \n");
fwrite($nginx_conf_file,"location ~ \.php$ { \n");
fwrite($nginx_conf_file,"root ".$location_rootpath."; \n");
echo $phpVersion." - ".$checkversion."\n";
if($phpVersion===$checkversion)
{
fwrite($nginx_conf_file,"fastcgi_pass 127.0.0.1:9000; \n");
}else
{
$write_line="fastcgi_pass 127.0.0.1:9000; \n";
if($phpVersion=="php54")
$write_line="fastcgi_pass 127.0.0.1:9001; \n";
else if($phpVersion=="php55")
$write_line="fastcgi_pass 127.0.0.1:9002; \n";
else if($phpVersion=="php70")
$write_line="fastcgi_pass 127.0.0.1:9003; \n";
else if($phpVersion=="php71")
$write_line="fastcgi_pass 127.0.0.1:9004; \n";
else if($phpVersion=="php72")
$write_line="fastcgi_pass 127.0.0.1:9005; \n";
else if($phpVersion=="php56")
$write_line="fastcgi_pass 127.0.0.1:9006; \n";
fwrite($nginx_conf_file,$write_line);
}
fwrite($nginx_conf_file,"fastcgi_index index.php; \n");
fwrite($nginx_conf_file,"fastcgi_param SCRIPT_FILENAME ".$rootpath.""."$"."fastcgi_script_name; \n");
fwrite($nginx_conf_file,"include fastcgi_params; \n");
fwrite($nginx_conf_file,"} \n");
fwrite($nginx_conf_file,"error_page 500 502 503 504 /50x.html; \n");
fwrite($nginx_conf_file,"location = /50x.html { \n");
fwrite($nginx_conf_file,"root /usr/share/nginx/html; \n");
fwrite($nginx_conf_file,"} \n");
fwrite($nginx_conf_file,"} \n");
fclose($nginx_conf_file);
}
else
{
$nginx_ssl_listen = shell_exec("grep -ni 'listen' $ssl_dom_nginx_conf_file");
if(strpos($nginx_ssl_listen,"listen") !== false) {
echo "Port 465 Config Start";
$ssl_listen_line = explode(":",$nginx_ssl_listen);
$ssl_listen_line_no = remove_space($ssl_listen_line[0]);
if(is_numeric($ssl_listen_line_no))
{
if(array_key_exists(remove_space($domain), $mod_http_array) || array_key_exists(remove_space($domain_with_www),$mod_http_array) )
{
shell_exec("sed -i '".$ssl_listen_line_no."a listen 443 ssl http2;' $ssl_dom_nginx_conf_file");
shell_exec("sed -i '".$ssl_listen_line_no."d' $ssl_dom_nginx_conf_file");
}
else
{
shell_exec("sed -i '".$ssl_listen_line_no."a listen 443 ssl;' $ssl_dom_nginx_conf_file");
shell_exec("sed -i '".$ssl_listen_line_no."d' $ssl_dom_nginx_conf_file");
}
}
}
}
/* ////////////////////////////////////////////////////////////////////////// Nginx Bind End ////////////////////////////////////////////////////////////////////////////////////////*/
$vhconfigfile = '/etc/httpd/conf.d/ssl.conf';
if($first_bind==0)
{
// echo "Hai";
$line = fs_filehandler::NewLine();
$line .= "#". fs_filehandler::NewLine();
$line .= "LoadModule ssl_module modules/mod_ssl.so". fs_filehandler::NewLine();
$line .= "Listen 443". fs_filehandler::NewLine();
$line .= "SSLProtocol all -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2". fs_filehandler::NewLine();
$line .= "SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES:!RC4". fs_filehandler::NewLine();
$line .= "SSLPassPhraseDialog builtin". fs_filehandler::NewLine();
$line .= "SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)". fs_filehandler::NewLine();
$line .= "SSLSessionCacheTimeout 300". fs_filehandler::NewLine();
if ((double) sys_versions::ShowApacheVersion() < 2.4)
{
$line .= "SSLMutex default". fs_filehandler::NewLine();
}else
{
$line .= "Mutex default". fs_filehandler::NewLine();
}
$line .= "SSLRandomSeed startup file:/dev/urandom 256". fs_filehandler::NewLine();
$line .= "SSLRandomSeed connect builtin". fs_filehandler::NewLine();
$line .= "##". fs_filehandler::NewLine();
$first_bind=1;
}
$line .= "<VirtualHost *:443>". fs_filehandler::NewLine();
$line .= fs_filehandler::NewLine();
$line .="ServerAlias www.".$domain."". fs_filehandler::NewLine();
$line .="ServerName ".$domain."". fs_filehandler::NewLine();
echo $first."\n";
if($flag_content=='0')
{
$line .= 'Redirect /webmail http://'.ctrl_options::GetSystemOption('server_ip').':2095'.fs_filehandler::NewLine();
$line .= 'Redirect /webmail/ http://'.ctrl_options::GetSystemOption('server_ip').':2095'.fs_filehandler::NewLine();
$line .= 'Redirect /whm http://'.ctrl_options::GetSystemOption('server_ip').':2086/?access=whm'.fs_filehandler::NewLine();
$line .= 'Redirect /whm/ http://'.ctrl_options::GetSystemOption('server_ip').':2086/?access=whm'.fs_filehandler::NewLine();
$line .= 'Redirect /cpanel http://'.ctrl_options::GetSystemOption('server_ip').':2082/?access=cpanel'.fs_filehandler::NewLine();
$line .= 'Redirect /cpanel/ http://'.ctrl_options::GetSystemOption('server_ip').':2082/?access=cpanel'.fs_filehandler::NewLine();
}
else
{
$line .= 'Redirect /webmail http://'.$row['vh_name_vc'].':2095'.fs_filehandler::NewLine();
$line .= 'Redirect /webmail/ http://'.$row['vh_name_vc'].':2095'.fs_filehandler::NewLine();
$line .= 'Redirect /whm http://'.$row['vh_name_vc'].':2086/?access=whm'.fs_filehandler::NewLine();
$line .= 'Redirect /whm/ http://'.$row['vh_name_vc'].':2086/?access=whm'.fs_filehandler::NewLine();
$line .= 'Redirect /cpanel http://'.$row['vh_name_vc'].':2082/?access=cpanel'.fs_filehandler::NewLine();
$line .= 'Redirect /cpanel/ http://'.$row['vh_name_vc'].':2082/?access=cpanel'.fs_filehandler::NewLine();
}
$RootDir = '"' . ctrl_options::GetSystemOption('hosted_dir') . $getcurrentuser . $vh_directory_vc. '"';
$line .= 'DocumentRoot ' . $RootDir . fs_filehandler::NewLine();
$checkversion="";
$core_php_version = ctrl_options::GetSystemOption('core_php_version');
if(!$core_php_version)
{
if(version_compare(phpversion(),"5.5")==1)
{
$checkversion="php56";
}else
{
$checkversion="php53";
}
}else
{
$checkversion=strtolower($core_php_version);
}
if($phpVersion!=$checkversion)
{
$line .= '<FilesMatch \.php$>'.fs_filehandler::NewLine();
$line .= 'SetHandler fcgid-script'.fs_filehandler::NewLine();
$line .= '</FilesMatch>'.fs_filehandler::NewLine();
}
$line .= '<Directory ' . $RootDir . '>' . fs_filehandler::NewLine();
if($phpVersion===$checkversion)
{
$line .= " Options -FollowSymLinks -Indexes" . fs_filehandler::NewLine();
}else
{
$line .= " Options -FollowSymLinks -Indexes +ExecCGI" . fs_filehandler::NewLine();
$line .= " AddHandler fcgid-script .php" . fs_filehandler::NewLine();
$line .= " FCGIWrapper /var/www/php-fcgi-scripts/".$phpVersion."/php-fcgi-starter .php" . fs_filehandler::NewLine();
}
$line .="AllowOverride All". fs_filehandler::NewLine();
if ((double) sys_versions::ShowApacheVersion() < 2.4)
{
$line .= " Order allow,deny" . fs_filehandler::NewLine();
$line .= " Allow from all" . fs_filehandler::NewLine();
}
else
{
$line .="Require all granted". fs_filehandler::NewLine();
}
$line .="</Directory>". fs_filehandler::NewLine();
$line .="DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm". fs_filehandler::NewLine();
$line .= "ErrorLog logs/ssl_error_log". fs_filehandler::NewLine();
$line .= "TransferLog logs/ssl_access_log". fs_filehandler::NewLine();
$line .= "LogLevel warn". fs_filehandler::NewLine();
$sql_php = "SELECT * FROM x_varnish WHERE x_isactive= 1 ";
$numrows_php = $zdbh->prepare($sql_php);
$numrows_php->execute();
$varnish_row = $numrows_php->fetch();
$varnish =$varnish_row['x_varnish'];
if ($varnish == 'On')
{
$line .= "ProxyPreserveHost On". fs_filehandler::NewLine();
$line .= 'ProxyPass / http://'.$domain.':80/'. fs_filehandler::NewLine();
$line .= 'RequestHeader set X-Forwarded-Port "443"'. fs_filehandler::NewLine();
$line .= 'RequestHeader set X-Forwarded-Proto "https"'. fs_filehandler::NewLine();
}
$line .= "SSLEngine on". fs_filehandler::NewLine();
$line .= "SSLProtocol all -SSLv2 -SSLv3". fs_filehandler::NewLine();
$line .= "SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES". fs_filehandler::NewLine();
$file_path = "/etc/letsencrypt/live/".$key_path;
$line .= "SSLCertificateFile ".$file_path."/cert.pem". fs_filehandler::NewLine();
$line .= "SSLCertificateKeyFile ".$file_path."/privkey.pem". fs_filehandler::NewLine();
$line .= "SSLCertificateChainFile ".$file_path."/chain.pem". fs_filehandler::NewLine();
$line .= '<Files ~ "\.(cgi|shtml|phtml|php3?)$">'. fs_filehandler::NewLine();
$line .= "SSLOptions +StdEnvVars". fs_filehandler::NewLine();
$line .= "</Files>". fs_filehandler::NewLine();
$line .= '<Directory "/var/www/cgi-bin">'. fs_filehandler::NewLine();
$line .= "SSLOptions +StdEnvVars". fs_filehandler::NewLine();
$line .= "</Directory>". fs_filehandler::NewLine();
$line .= 'BrowserMatch "MSIE [2-5]" \\'. fs_filehandler::NewLine();
$line .= "nokeepalive ssl-unclean-shutdown \\". fs_filehandler::NewLine();
$line .= "downgrade-1.0 force-response-1.0". fs_filehandler::NewLine();
$line .= "CustomLog logs/ssl_request_log \\". fs_filehandler::NewLine();
$line .= '"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"'. fs_filehandler::NewLine();
if(array_key_exists(remove_space($domain), $mod_http_array) || array_key_exists(remove_space($domain_with_www),$mod_http_array) )
{
$line .="Protocols h2 http/1.1". fs_filehandler::NewLine();
}
$line .= "</VirtualHost>". fs_filehandler::NewLine();
$line .= fs_filehandler::NewLine();
$vhconfigfile = '/etc/httpd/conf.d/ssl.conf';
++$first;
}
}
}
if($first_bind==1)
fs_filehandler::UpdateFile($vhconfigfile, 0777, $line);
/*****************************************Port 465 Config Start*******************************************/
$up_notice = $zdbh->prepare("UPDATE x_accounts SET ac_notice_tx='' WHERE ac_id_pk=1");
$up_notice->execute();
/*****************************************Port 465 Config End******************************************/
/* ///////////////////////////////////////////////////////// Nginx Configuration start ///////////////////////////// */
$sql_nginx = $zdbh->prepare("SELECT x_nginx FROM x_varnish");
$sql_nginx->execute();
$row_nginx = $sql_nginx->fetch();
$flag_nginx = $row_nginx['x_nginx'];
$get_sh_path=shell_exec("whereis service | awk '{print $2}'");
$get_sh_path=str_replace("\n","",$get_sh_path);
$get_sh_path=str_replace('\n',"",$get_sh_path);
if($flag_nginx=="On")
{
shell_exec("$get_sh_path nginx restart");
shell_exec("$get_sh_path php-fpm restart");
shell_exec("$get_sh_path php-fpm-54 restart");
shell_exec("$get_sh_path php-fpm-56 restart");
shell_exec("$get_sh_path php-fpm-55 restart");
shell_exec("$get_sh_path php-fpm-70 restart");
shell_exec("$get_sh_path php-fpm-71 restart");
}
else
{
/* ///////////////////////////////////////////////////////// Nginx Configuration End ///////////////////////////// */
$cmd="$get_sh_path httpd restart";
shell_exec($cmd);
}
$sth = $zdbh->prepare("update x_vhosts set vh_modhttp_status=1 ");
$sth->execute();
echo "----------------------SSL End---------------------------";
}
}
?>