Merge branch 'nginx_ssl_apps' into 'develop'

consistent apps vhost templates

See merge request ispconfig/ispconfig3!1205

Author: Till Brehm

install/lib/installer_base.lib.php

@@ -2553,7 +2553,7 @@ public function configure_apps_vhost() {
 			}
 
 			// comment out the listen directive if port is 80 or 443
-			if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
+			if($conf['web']['apps_vhost_port'] == 80 or $conf['web']['apps_vhost_port'] == 443) {
 				$tpl->setVar('vhost_port_listen','#');
 			} else {
 				$tpl->setVar('vhost_port_listen','');

install/tpl/apache_apps.vhost.master

@@ -122,3 +122,9 @@
 {/tmpl_if}
 
 </VirtualHost>
+
+<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+<IfModule mod_ssl.c>
+  <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>

install/tpl/nginx_apps.vhost.master

@@ -1,5 +1,5 @@
 server {
-        listen {apps_vhost_port} {ssl_on};
+        listen {apps_vhost_ip}{apps_vhost_port} {ssl_on};
         listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on;
 
         {ssl_comment}ssl_protocols TLSv1.2;
@@ -99,7 +99,7 @@ server {
                        fastcgi_param   REDIRECT_STATUS         200;
                        # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
                        {use_tcp}fastcgi_pass 127.0.0.1:9000;
-                       {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock;
+                       {use_socket}fastcgi_pass unix:{fpm_socket};
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_buffer_size 128k;
@@ -149,7 +149,7 @@ server {
                        fastcgi_param   REDIRECT_STATUS         200;
                        # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
                        {use_tcp}fastcgi_pass 127.0.0.1:9000;
-                       {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock;
+                       {use_socket}fastcgi_pass unix:{fpm_socket};
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_buffer_size 128k;

server/conf/nginx_apps.vhost.master

@@ -1,5 +1,13 @@
 server {
-        listen {apps_vhost_ip}{apps_vhost_port};
+        listen {apps_vhost_ip}{apps_vhost_port} {ssl_on};
+        listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on;
+
+        {ssl_comment}ssl_protocols TLSv1.2;
+        {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
+        {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
+
+        # redirect to https if accessed with http
+        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
 
         server_name {apps_vhost_servername};
 
@@ -12,7 +20,7 @@ server {
         }
 
         # serve static files directly
-        location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
+        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
                access_log        off;
         }
 
@@ -165,6 +173,7 @@ server {
                fastcgi_param   CONTENT_TYPE            $content_type;
                fastcgi_param   CONTENT_LENGTH          $content_length;
 
+               fastcgi_param   SCRIPT_FILENAME         $request_filename;
                fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                fastcgi_param   REQUEST_URI             $request_uri;
                fastcgi_param   DOCUMENT_URI            $document_uri;
@@ -223,5 +232,4 @@ server {
                        {use_rspamd}alias /usr/share/rspamd/www/$1;
                 {use_rspamd}}
         {use_rspamd}}
-
 }