diff --git a/templates/nginx-nossl.php b/templates/nginx-nossl.php
new file mode 100644
index 0000000..96f4c30
--- /dev/null
+++ b/templates/nginx-nossl.php
@@ -0,0 +1,42 @@
+# ----------------------------------------------------------------------
+# | Config file for e($domain)?> host |
+# ----------------------------------------------------------------------
+
+server {
+ listen [::]:80;
+ listen 80;
+ server_name www.e($domain)?> e($domain)?>;
+
+ location ^~ /.well-known/acme-challenge/ {
+ root /home/e($user)?>/e($domain)?>;
+ try_files $uri =404;
+ }
+
+ # Path for static files
+ root /home/e($user)?>/e($domain)?>;
+
+ # Custom error pages
+ include h5bp/errors/custom_errors.conf;
+
+ # Include the basic h5bp config set
+ include h5bp/basic.conf;
+
+ access_log /var/log/nginx/e($domain)?>-access.log;
+ error_log /var/log/nginx/e($domain)?>-error.log error;
+ index index.php index.html index.htm;
+
+ location / {
+
+ auth_basic "Accès restreint";
+ auth_basic_user_file /home/e($user)?>/e($domain)?>/.htpasswd;
+
+ try_files $uri $uri/ /index.php$is_args$args;
+ }
+
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/var/run/php-fpm-e($user)?>.sock;
+ fastcgi_index index.php;
+ include fastcgi.conf;
+ }
+}
diff --git a/utils.inc.php b/utils.inc.php
index f531c97..ce17408 100644
--- a/utils.inc.php
+++ b/utils.inc.php
@@ -163,7 +163,7 @@ function removeUnixUser($user)
return;
}
-function createNginxConfig($domain, $user, $herseUser, $hersePass)
+function createNginxConfig($domain, $user, $herseUser, $hersePass, $nossl)
{
// create folder if not exists
exec('sudo -u '.$user.' mkdir -p /home'.'/'.$user.'/'.$domain);
@@ -182,40 +182,56 @@ function createNginxConfig($domain, $user, $herseUser, $hersePass)
}
$templates = new League\Plates\Engine(dirname(__FILE__).'/templates');
$subDomain = preg_match('/.'.$_SERVER['maindomain'].'$/isU', $domain, $matches, PREG_OFFSET_CAPTURE, 0);
- if (!$subDomain) {
+ if (!$nossl) {
+ if (!$subDomain) {
+ file_put_contents(
+ $nginxFile,
+ $templates->render(
+ 'nginx-for-ssl-certificate',
+ [
+ 'domain' => $domain,
+ 'user' => $user,
+ ]
+ )
+ );
+ exec('service nginx force-reload', $output);
+ exec('/root/.acme.sh/acme.sh --issue -d '.$domain.' -d www.'.$domain.' -k ec-384 -w /home/'.$user.'/'.$domain.'/', $output);
+ exec('mkdir -p /etc/letsencrypt/live/'.$domain, $output);
+ exec('/root/.acme.sh/acme.sh --install-cert -d '.$domain.' --ecc \
+ --cert-file /etc/letsencrypt/live/'.$domain.'/cert.pem \
+ --key-file /etc/letsencrypt/live/'.$domain.'/key.pem \
+ --fullchain-file /etc/letsencrypt/live/'.$domain.'/fullchain.pem \
+ --ca-file /etc/letsencrypt/live/'.$domain.'/ca.pem \
+ --reloadcmd "systemctl restart nginx.service"', $output);
+ }
file_put_contents(
$nginxFile,
$templates->render(
- 'nginx-for-ssl-certificate',
+ 'nginx-maindomain',
[
'domain' => $domain,
'user' => $user,
+ 'herseUser' => $herseUser,
+ 'hersePass' => $hersePass,
+ 'subDomain' => $subDomain,
+ ]
+ )
+ );
+ } else {
+ file_put_contents(
+ $nginxFile,
+ $templates->render(
+ 'nginx-nossl',
+ [
+ 'domain' => $domain,
+ 'user' => $user,
+ 'herseUser' => $herseUser,
+ 'hersePass' => $hersePass,
+ 'subDomain' => $subDomain,
]
)
);
- exec('service nginx force-reload', $output);
- exec('/root/.acme.sh/acme.sh --issue -d '.$domain.' -d www.'.$domain.' -k ec-384 -w /home/'.$user.'/'.$domain.'/', $output);
- exec('mkdir -p /etc/letsencrypt/live/'.$domain, $output);
- exec('/root/.acme.sh/acme.sh --install-cert -d '.$domain.' --ecc \
- --cert-file /etc/letsencrypt/live/'.$domain.'/cert.pem \
- --key-file /etc/letsencrypt/live/'.$domain.'/key.pem \
- --fullchain-file /etc/letsencrypt/live/'.$domain.'/fullchain.pem \
- --ca-file /etc/letsencrypt/live/'.$domain.'/ca.pem \
- --reloadcmd "systemctl restart nginx.service"', $output);
}
- file_put_contents(
- $nginxFile,
- $templates->render(
- 'nginx-maindomain',
- [
- 'domain' => $domain,
- 'user' => $user,
- 'herseUser' => $herseUser,
- 'hersePass' => $hersePass,
- 'subDomain' => $subDomain,
- ]
- )
- );
exec('service nginx force-reload', $output);
}
@@ -243,7 +259,7 @@ function removePhpFpmConfig($user)
exec('service '.$_SERVER['phpservice'].' reload', $output);
}
-function copyYesWikiFiles($domain, $user, $dbUser, $herseUser = null, $hersePass = null)
+function copyYesWikiFiles($domain, $user, $dbUser, $herseUser = null, $hersePass = null, $nossl = null)
{
$tmpFile = '/tmp/yeswiki.zip';
$destDir = '/home'.'/'.$user.'/'.$domain;
@@ -262,7 +278,7 @@ function copyYesWikiFiles($domain, $user, $dbUser, $herseUser = null, $hersePass
if (!empty($herseUser) && !empty($hersePass)) {
$herse = $herseUser.':'.$hersePass.'@';
}
- $curl = 'curl -X POST --insecure --data-urlencode \'config[default_language]=fr\' --data-urlencode \'config[wakka_name]='.$domain.'\' --data-urlencode \'config[root_page]=PagePrincipale\' --data-urlencode \'config[mysql_host]=localhost\' --data-urlencode \'config[mysql_database]='.$dbUser['database'].'\' --data-urlencode \'config[mysql_user]='.$dbUser['user'].'\' --data-urlencode \'config[mysql_password]='.$dbUser['password'].'\' --data-urlencode \'config[table_prefix]=yeswiki_\' --data-urlencode \'admin_name='.$_SERVER['admin_id'].'\' --data-urlencode \'admin_password='.$_SERVER['admin_password'].'\' --data-urlencode \'admin_password_conf='.$_SERVER['admin_password'].'\' --data-urlencode \'admin_email='.$_SERVER['admin_email'].'\' --data-urlencode \'config[rewrite_mode]=0\' --data-urlencode \'config[allow_raw_html]=1\' --data-urlencode \'config[allow_robots]=1\' --data-urlencode \'submit=Continue\' \'https://'.$herse.$domain.'/?PagePrincipale&installAction=install\' 2>&1';
+ $curl = 'curl -X POST --insecure --data-urlencode \'config[default_language]=fr\' --data-urlencode \'config[wakka_name]='.$domain.'\' --data-urlencode \'config[root_page]=PagePrincipale\' --data-urlencode \'config[mysql_host]=localhost\' --data-urlencode \'config[mysql_database]='.$dbUser['database'].'\' --data-urlencode \'config[mysql_user]='.$dbUser['user'].'\' --data-urlencode \'config[mysql_password]='.$dbUser['password'].'\' --data-urlencode \'config[table_prefix]=yeswiki_\' --data-urlencode \'admin_name='.$_SERVER['admin_id'].'\' --data-urlencode \'admin_password='.$_SERVER['admin_password'].'\' --data-urlencode \'admin_password_conf='.$_SERVER['admin_password'].'\' --data-urlencode \'admin_email='.$_SERVER['admin_email'].'\' --data-urlencode \'config[rewrite_mode]=0\' --data-urlencode \'config[allow_raw_html]=1\' --data-urlencode \'config[allow_robots]=1\' --data-urlencode \'submit=Continue\' \'http'.($nossl ? '' : 's').'://'.$herse.$domain.'/?PagePrincipale&installAction=install\' 2>&1';
$output = [];
exec($curl, $output);
//echo implode("\n", $output);
diff --git a/yeswiki-installer.php b/yeswiki-installer.php
index cae9c16..a34fc69 100755
--- a/yeswiki-installer.php
+++ b/yeswiki-installer.php
@@ -56,6 +56,12 @@ if (0 == posix_getuid()) {
'description' => 'Say yes to every confirmation check (no prompt)',
'noValue' => true,
],
+ 'nossl' => [
+ 'prefix' => 'nossl',
+ 'longPrefix' => 'no-ssl-certificate',
+ 'description' => 'No SSL certificate and no DNS check',
+ 'noValue' => true,
+ ],
]);
$climate->arguments->parse();
$domain = $climate->arguments->get('domain');
@@ -64,10 +70,13 @@ if (0 == posix_getuid()) {
$quota = $climate->arguments->get('quota');
$type = $climate->arguments->get('type');
$confirm = $climate->arguments->get('confirm');
+ $nossl = $climate->arguments->get('nossl');
$herseUser = $climate->arguments->get('herseuser');
$hersePass = $climate->arguments->get('hersepass');
$isFullDomain = !preg_match('/.'.$_SERVER['maindomain'].'$/isU', $domain, $matches, PREG_OFFSET_CAPTURE, 0);
- checkDNS($domain, $isFullDomain);
+ if (!$nossl) {
+ checkDNS($domain, $isFullDomain);
+ }
checkIfInstalled($domain);
$needHerse = checkHerse($herseUser, $hersePass);
$user = generateUserFromDomain($domain);
@@ -77,15 +86,15 @@ if (0 == posix_getuid()) {
if ($confirm || $input->confirmed()) {
$unixUser = createUnixUserWithQuota($user, $quota);
$dbUser = createSQLUserAndDatabase($user, $type);
- createNginxConfig($domain, $user, $herseUser, $hersePass);
+ createNginxConfig($domain, $user, $herseUser, $hersePass, $nossl);
createPhpFpmConfig($user);
if ($needHerse) {
- copyYesWikiFiles($domain, $user, $dbUser, $herseUser, $hersePass);
+ copyYesWikiFiles($domain, $user, $dbUser, $herseUser, $hersePass, $nossl);
} else {
- copyYesWikiFiles($domain, $user, $dbUser);
+ copyYesWikiFiles($domain, $user, $dbUser, null, null, $nossl);
}
$climate->shout(
- 'The yeswiki was successfully installed on https://'.$domain.', congrats ! 🎉'."\n"
+ 'The yeswiki was successfully installed on http'.($nossl ? '' : 's').'://'.$domain.', congrats ! 🎉'."\n"
.' Unix user : '.$unixUser['user'].' with password : '.$unixUser['password'].' was created.'."\n"
.'MySQL user : '.$dbUser['user'].' with password : '.$dbUser['password'].' was created for database '.$dbUser['database'].'.'."\n"
);