Initial

2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
--- a/bin/v-add-web-domain-ssl
+++ b/bin/v-add-web-domain-ssl
@@ -0,0 +1,143 @@
+#!/bin/bash
+# info: adding ssl for domain
+# options: USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]
+#
+# example: v-add-web-domain-ssl admin example.com /home/admin/conf/example.com/web
+#
+# This function turns on SSL support for a domain. Parameter ssl_dir is a path
+# to directory where 2 or 3 ssl files can be found. Certificate file
+# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
+# authority domain.tld.ca file is optional. If home directory parameter
+# (ssl_home) is not set, https domain uses public_shtml as separate
+# documentroot directory.
+
+#----------------------------------------------------------#
+#                Variables & Functions                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+ssl_dir=$3
+ssl_home=${4-same}
+restart="$5"
+
+domain=$domain
+domain_idn=$(idn2 --quiet "$domain")
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/domain.sh
+source $HESTIA/func/domain.sh
+# shellcheck source=/usr/local/hestia/func/ip.sh
+source $HESTIA/func/ip.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]'
+is_format_valid 'user' 'domain' 'ssl_dir'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_value_empty 'web' 'DOMAIN' "$domain" '$SSL'
+is_web_domain_cert_valid
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Adding certificate to user data directory
+cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.crt
+cp -f $ssl_dir/$domain.key $USER_DATA/ssl/$domain.key
+cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.pem
+if [ -e "$ssl_dir/$domain.ca" ]; then
+	cp -f $ssl_dir/$domain.ca $USER_DATA/ssl/$domain.ca
+	echo >> $USER_DATA/ssl/$domain.pem
+	cat $USER_DATA/ssl/$domain.ca >> $USER_DATA/ssl/$domain.pem
+fi
+chmod 660 $USER_DATA/ssl/$domain.*
+
+# Ensure SSL directory exists
+if [ ! -d "$HOMEDIR/$user/conf/web/$domain/ssl" ]; then
+	mkdir -p $HOMEDIR/$user/conf/web/$domain/ssl/
+fi
+
+# Adding certificate to user dir
+cp -f $USER_DATA/ssl/$domain.crt $HOMEDIR/$user/conf/web/$domain/ssl/$domain.crt
+cp -f $USER_DATA/ssl/$domain.key $HOMEDIR/$user/conf/web/$domain/ssl/$domain.key
+cp -f $USER_DATA/ssl/$domain.pem $HOMEDIR/$user/conf/web/$domain/ssl/$domain.pem
+if [ -e "$USER_DATA/ssl/$domain.ca" ]; then
+	cp -f $USER_DATA/ssl/$domain.ca $HOMEDIR/$user/conf/web/$domain/ssl/$domain.ca
+fi
+
+if [ "$SSL_FORCE" == "yes" ]; then
+	# Enabling SSL redirection on demand
+	$BIN/v-add-web-domain-ssl-force "$user" "$domain"
+fi
+# Parsing domain values
+get_domain_values 'web'
+local_ip=$(get_real_ip "$IP")
+
+# Preparing domain values for the template substitution
+SSL_HOME="$ssl_home"
+prepare_web_domain_values
+
+# Adding domain to the web config
+add_web_config "$WEB_SYSTEM" "$TPL.stpl"
+
+# Checking proxy config
+if [ -n "$PROXY_SYSTEM" ] && [ -n "$PROXY" ]; then
+	add_web_config "$PROXY_SYSTEM" "$PROXY.stpl"
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Increasing domain value
+increase_user_value "$user" '$U_WEB_SSL'
+
+# Adding ssl values
+update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HOME' "$SSL_HOME"
+update_object_value 'web' 'DOMAIN' "$domain" '$SSL' "yes"
+
+# Restarting web server
+$BIN/v-restart-web "$restart"
+check_result $? "Web restart failed" > /dev/null
+
+$BIN/v-restart-proxy "$restart"
+check_result $? "Proxy restart failed" > /dev/null
+
+if [ -n "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
+	hostname=$(hostname -f)
+	if [ "$hostname" = "$domain" ]; then
+		$BIN/v-update-host-certificate "$user" "$domain"
+	fi
+fi
+
+if [ -n "$UPDATE_SSL_SCRIPT" ]; then
+	eval "$UPDATE_SSL_SCRIPT $user $domain"
+fi
+
+# Logging
+$BIN/v-log-action "$user" "Info" "Web" "Added certificate and enabled SSL (Domain: $domain)."
+log_event "$OK" "$ARGUMENTS"
+
+exit