Skip to content

Commit b30aaaf

Browse files
ahrasisahrasis
committed
Update installer_base.lib.php to remove the creation of postfix self-signed cert prior to ISPConfig to avoid duplicity and time consuming, as it is now replaced and covered in function make_ispconfig_ssl_cert() via symlinks to the related files.
1 parent 7eb8f4e commit b30aaaf

File tree

1 file changed

+41
-56
lines changed

1 file changed

+41
-56
lines changed

install/lib/installer_base.lib.php

Lines changed: 41 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -1120,21 +1120,6 @@ public function configure_postfix($options = '') {
11201120
caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
11211121
}
11221122

1123-
if(!stristr($options, 'dont-create-certs')) {
1124-
//* Create the SSL certificate
1125-
if(AUTOINSTALL){
1126-
$command = 'cd '.$config_dir.'; '
1127-
."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
1128-
} else {
1129-
$command = 'cd '.$config_dir.'; '
1130-
.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
1131-
}
1132-
exec($command);
1133-
1134-
$command = 'chmod o= '.$config_dir.'/smtpd.key';
1135-
caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
1136-
}
1137-
11381123
//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
11391124
$command = 'chmod 755 /var/run/courier/authdaemon/';
11401125
if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
@@ -2471,45 +2456,6 @@ public function make_ispconfig_ssl_cert() {
24712456
symlink($le_live_dir.'/fullchain.pem', $ssl_crt_file);
24722457
symlink($le_live_dir.'/privkey.pem', $ssl_key_file);
24732458

2474-
// Build ispserver.pem file and chmod it
2475-
exec("cat $ssl_key_file $ssl_crt_file > $ssl_pem_file; chmod 600 $ssl_pem_file");
2476-
2477-
// Extend LE SSL certs to postfix
2478-
if ($conf['postfix']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig LE SSL certs to postfix?', array('y', 'n'), 'y')) == 'y') {
2479-
2480-
// Define folder, file(s)
2481-
$cf = $conf['postfix'];
2482-
$postfix_dir = $cf['config_dir'];
2483-
if(!is_dir($postfix_dir)) $this->error("The postfix configuration directory '$postfix_dir' does not exist.");
2484-
$smtpd_crt = $postfix_dir.'/smtpd.cert';
2485-
$smtpd_key = $postfix_dir.'/smtpd.key';
2486-
2487-
// Backup existing postfix ssl files
2488-
if (file_exists($smtpd_crt)) rename($smtpd_crt, $smtpd_crt . '-' .$date->format('YmdHis') . '.bak');
2489-
if (file_exists($smtpd_key)) rename($smtpd_key, $smtpd_key . '-' .$date->format('YmdHis') . '.bak');
2490-
2491-
// Create symlink to ISPConfig SSL files
2492-
symlink($ssl_crt_file, $smtpd_crt);
2493-
symlink($ssl_key_file, $smtpd_key);
2494-
}
2495-
2496-
// Extend LE SSL certs to pureftpd
2497-
if ($conf['pureftpd']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig LE SSL certs to pureftpd? Creating dhparam file takes some times.', array('y', 'n'), 'y')) == 'y') {
2498-
2499-
// Define folder, file(s)
2500-
$pureftpd_dir = '/etc/ssl/private';
2501-
if(!is_dir($pureftpd_dir)) mkdir($pureftpd_dir, 0755, true);
2502-
$pureftpd_pem = $pureftpd_dir.'/pure-ftpd.pem';
2503-
2504-
// Backup existing pureftpd ssl files
2505-
if (file_exists($pureftpd_pem)) rename($pureftpd_pem, $pureftpd_pem . '-' .$date->format('YmdHis') . '.bak');
2506-
2507-
// Create symlink to ISPConfig SSL files
2508-
symlink($ssl_pem_file, $pureftpd_pem);
2509-
if (!file_exists("$pureftpd_dir/pure-ftpd-dhparams.pem"))
2510-
exec("cd $pureftpd_dir; openssl dhparam -out dhparam4096.pem 4096; ln -sf dhparam4096.pem pure-ftpd-dhparams.pem");
2511-
}
2512-
25132459
} else {
25142460

25152461
// We can still use the old self-signed method
@@ -2525,8 +2471,47 @@ public function make_ispconfig_ssl_cert() {
25252471
rename($ssl_key_file, $ssl_key_file.'.secure');
25262472
rename($ssl_key_file.'.insecure', $ssl_key_file);
25272473
}
2528-
2529-
exec("chown -R root:root $install_dir/interface/ssl");
2474+
2475+
// Build ispserver.pem file and chmod it
2476+
exec("cat $ssl_key_file $ssl_crt_file > $ssl_pem_file; chmod 600 $ssl_pem_file");
2477+
2478+
// Extend LE SSL certs to postfix
2479+
if ($conf['postfix']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig LE SSL certs to postfix?', array('y', 'n'), 'y')) == 'y') {
2480+
2481+
// Define folder, file(s)
2482+
$cf = $conf['postfix'];
2483+
$postfix_dir = $cf['config_dir'];
2484+
if(!is_dir($postfix_dir)) $this->error("The postfix configuration directory '$postfix_dir' does not exist.");
2485+
$smtpd_crt = $postfix_dir.'/smtpd.cert';
2486+
$smtpd_key = $postfix_dir.'/smtpd.key';
2487+
2488+
// Backup existing postfix ssl files
2489+
if (file_exists($smtpd_crt)) rename($smtpd_crt, $smtpd_crt . '-' .$date->format('YmdHis') . '.bak');
2490+
if (file_exists($smtpd_key)) rename($smtpd_key, $smtpd_key . '-' .$date->format('YmdHis') . '.bak');
2491+
2492+
// Create symlink to ISPConfig SSL files
2493+
symlink($ssl_crt_file, $smtpd_crt);
2494+
symlink($ssl_key_file, $smtpd_key);
2495+
}
2496+
2497+
// Extend LE SSL certs to pureftpd
2498+
if ($conf['pureftpd']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig LE SSL certs to pureftpd? Creating dhparam file takes some times.', array('y', 'n'), 'y')) == 'y') {
2499+
2500+
// Define folder, file(s)
2501+
$pureftpd_dir = '/etc/ssl/private';
2502+
if(!is_dir($pureftpd_dir)) mkdir($pureftpd_dir, 0755, true);
2503+
$pureftpd_pem = $pureftpd_dir.'/pure-ftpd.pem';
2504+
2505+
// Backup existing pureftpd ssl files
2506+
if (file_exists($pureftpd_pem)) rename($pureftpd_pem, $pureftpd_pem . '-' .$date->format('YmdHis') . '.bak');
2507+
2508+
// Create symlink to ISPConfig SSL files
2509+
symlink($ssl_pem_file, $pureftpd_pem);
2510+
if (!file_exists("$pureftpd_dir/pure-ftpd-dhparams.pem"))
2511+
exec("cd $pureftpd_dir; openssl dhparam -out dhparam4096.pem 4096; ln -sf dhparam4096.pem pure-ftpd-dhparams.pem");
2512+
}
2513+
2514+
exec("chown -R root:root $install_dir/interface/ssl");
25302515

25312516
}
25322517

0 commit comments

Comments
 (0)