yeswiki/yeswiki-installer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(cli) : add certificate for domains WIP

Browse source
This commit is contained in:
mrflos 2022-09-06 17:10:16 +03:00
parent 8a62a447a8
commit 521f5b6be8
2 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
templates/nginx-maindomain.php
View file

@ -18,7 +18,9 @@ server {
server_name www.<?=$this->e($domain)?>; server_name www.<?=$this->e($domain)?>;
include h5bp/tls/ssl_engine.conf; include h5bp/tls/ssl_engine.conf;
include h5bp/tls/certificate_files.conf; ssl_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<?=$this->e($domain)?>/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/ca.pem;
include h5bp/tls/policy_strict.conf; include h5bp/tls/policy_strict.conf;
return 301 $scheme://<?=$this->e($domain)?>$request_uri; return 301 $scheme://<?=$this->e($domain)?>$request_uri;
@ -33,7 +35,13 @@ server {
server_name <?=$this->e($domain)?>; server_name <?=$this->e($domain)?>;
include h5bp/tls/ssl_engine.conf; include h5bp/tls/ssl_engine.conf;
<?php if ($subDomain) : ?>
include h5bp/tls/certificate_files.conf; include h5bp/tls/certificate_files.conf;
<?php else : ?>
ssl_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<?=$this->e($domain)?>/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/ca.pem;
<?php endif ?>
include h5bp/tls/policy_strict.conf; include h5bp/tls/policy_strict.conf;
# Path for static files # Path for static files

17
utils.inc.php
View file

@ -155,7 +155,17 @@ function createNginxConfig($domain, $user, $herseUser, $hersePass)
$herseUser.':'.password_hash($hersePass, PASSWORD_BCRYPT) $herseUser.':'.password_hash($hersePass, PASSWORD_BCRYPT)
); );
} }
echo 'DIR:'.dirname(__FILE__); $subDomain = preg_match('/.'.$_SERVER['maindomain'].'$/isU', $domain, $matches, PREG_OFFSET_CAPTURE, 0);
if (!$subDomain) {
exec('acme.sh --issue -d '.$domain.' -d www.'.$domain.' -k ec-384 -w /home/'.$user.'/'.$domain, $output);
exec('mkdir -p /etc/letsencrypt/live/'.$domain, $output);
exec('acme.sh --install-cert -d '.$domain.' --ecc \
--cert-file /etc/letsencrypt/live/'.$domain.'/cert.pem \
--key-file /etc/letsencrypt/live/'.$domain.'/key.pem \
--fullchain-file /etc/letsencrypt/live/'.$domain.'/fullchain.pem \
--ca-file /etc/letsencrypt/live/'.$domain.'/ca.pem \
--reloadcmd "systemctl restart nginx.service"', $output);
}
$templates = new League\Plates\Engine(dirname(__FILE__).'/templates'); $templates = new League\Plates\Engine(dirname(__FILE__).'/templates');
file_put_contents( file_put_contents(
$nginxFile, $nginxFile,
@ -166,6 +176,7 @@ function createNginxConfig($domain, $user, $herseUser, $hersePass)
'user' => $user, 'user' => $user,
'herseUser' => $herseUser, 'herseUser' => $herseUser,
'hersePass' => $hersePass, 'hersePass' => $hersePass,
'subdomain' => $subDomain,
] ]
) )
); );
@ -200,6 +211,10 @@ function copyYesWikiFiles($domain, $user)
{ {
$destDir = '/home'.'/'.$user.'/'.$domain; $destDir = '/home'.'/'.$user.'/'.$domain;
exec('mkdir -p '.$destDir, $output); exec('mkdir -p '.$destDir, $output);
exec('mkdir -p '.$destDir.'/cache', $output);
exec('mkdir -p '.$destDir.'/custom', $output);
exec('mkdir -p '.$destDir.'/files', $output);
exec('mkdir -p '.$destDir.'/files', $output);
// TODO : handle errors // TODO : handle errors
return; return;
} }