use new options in apache2 and nginx plugins #6477

Andreas Palm · Andreas Palm · commit da8798a60daf · 2023-03-21T22:49:42.000+01:00
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
@@ -7,6 +7,11 @@ server {
 </tmpl_if>
 <tmpl_if name='ipv6_enabled'>
         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
+<tmpl_if name='use_proxy_protocol_ipv6' op='==' value='y'>
+<tmpl_if name='proxy_protocol_http' op='>' value='0'>
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='proxy_protocol_http'> proxy_protocol;
+</tmpl_if>
+</tmpl_if>
 </tmpl_if>
 <tmpl_if name='ipv6_wildcard'>
         listen [::]:<tmpl_var name='http_port'>;
@@ -28,6 +33,11 @@ server {
 		# ssl_prefer_server_ciphers on;
 <tmpl_if name='ipv6_enabled'>
         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl http2;
+<tmpl_if name='use_proxy_protocol_ipv6' op='==' value='y'>
+<tmpl_if name='proxy_protocol_https' op='>' value='0'>
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='proxy_protocol_https'> ssl http2 proxy_protocol;
+</tmpl_if>
+</tmpl_if>
 </tmpl_if>
 <tmpl_if name='ipv6_wildcard'>
         listen [::]:<tmpl_var name='https_port'> ssl http2;
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
@@ -1773,6 +1773,13 @@ function update($event_name, $data) {
 
 		//* create empty vhost array
 		$vhosts = array();
+		$proxy_protocol_protocols = explode(',', $web_config['vhost_proxy_protocol_protocols']);
+		$proxy_protocol_ipv4 = in_array('ipv4', $proxy_protocol_protocols);
+		$proxy_protocol_ipv6 = in_array('ipv6', $proxy_protocol_protocols);
+		$proxy_protocol_site = $web_config['vhost_proxy_protocol_enabled'] == 'all';
+		$proxy_protocol_site |= $web_config['vhost_proxy_protocol_enabled'] == 'y' && $data['new']['proxy_protocol'] == 'y';
+		$proxy_protocol_http_port = isset($web_config['vhost_proxy_protocol_http_port']) ? (int)$web_config['vhost_proxy_protocol_http_port'] : 0;
+		$proxy_protocol_https_port = isset($web_config['vhost_proxy_protocol_https_port']) ? (int)$web_config['vhost_proxy_protocol_https_port'] : 0;
 
 		//* Add vhost for ipv4 IP
 
@@ -1789,13 +1796,11 @@ function update($event_name, $data) {
 		if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
 		$vhosts[] = $tmp_vhost_arr;
 
-		//if proxy protocol is enabled we need to add a new port to lsiten to
-		if($web_config['vhost_proxy_protocol_enabled'] == 'y' && $data['new']['proxy_protocol'] == 'y'){
-			if(isset($web_config['vhost_proxy_protocol_http_port']) && (int)$web_config['vhost_proxy_protocol_http_port'] > 0) {
-				$tmp_vhost_arr['port']           = (int)$web_config['vhost_proxy_protocol_http_port'];
-				$tmp_vhost_arr['use_proxy_protocol'] = $data['new']['proxy_protocol'];
-				$vhosts[]                        = $tmp_vhost_arr;
-			}
+		//if proxy protocol is enabled we need to add a new port to listen to
+		if ($proxy_protocol_site && $proxy_protocol_ipv4 && $proxy_protocol_http_port > 0) {
+			$tmp_vhost_arr['port'] = $proxy_protocol_http_port;
+			$tmp_vhost_arr['use_proxy_protocol'] = 'y';
+			$vhosts[] = $tmp_vhost_arr;
 		}
 
 		unset($tmp_vhost_arr);
@@ -1813,13 +1818,11 @@ function update($event_name, $data) {
 			if(count($ipv4_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv4_ssl_alias_seo_redirects);
 			$vhosts[] = $tmp_vhost_arr;
 
-			//if proxy protocol is enabled we need to add a new port to lsiten to
-			if($web_config['vhost_proxy_protocol_enabled'] == 'y' && $data['new']['proxy_protocol'] == 'y'){
-				if((int)$web_config['vhost_proxy_protocol_https_port'] > 0) {
-					$tmp_vhost_arr['port']           = (int)$web_config['vhost_proxy_protocol_https_port'];
-					$tmp_vhost_arr['use_proxy_protocol'] = $data['new']['proxy_protocol'];
-					$vhosts[]                        = $tmp_vhost_arr;
-				}
+			//if proxy protocol is enabled we need to add a new port to listen to
+			if ($proxy_protocol_site && $proxy_protocol_ipv4 && $proxy_protocol_https_port > 0) {
+				$tmp_vhost_arr['port'] = $proxy_protocol_https_port;
+				$tmp_vhost_arr['use_proxy_protocol'] = 'y';
+				$vhosts[] = $tmp_vhost_arr;
 			}
 
 			unset($tmp_vhost_arr, $ipv4_ssl_alias_seo_redirects);
@@ -1845,6 +1848,13 @@ function update($event_name, $data) {
 			if(count($rewrite_rules) > 0)  $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
 			if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
 			$vhosts[] = $tmp_vhost_arr;
+
+			//if proxy protocol is enabled we need to add a new port to listen to
+			if ($proxy_protocol_site && $proxy_protocol_ipv6 && $proxy_protocol_http_port > 0) {
+				$tmp_vhost_arr['port'] = $proxy_protocol_http_port;
+				$tmp_vhost_arr['use_proxy_protocol'] = 'y';
+				$vhosts[] = $tmp_vhost_arr;
+			}
 			unset($tmp_vhost_arr);
 
 			//* Add vhost for ipv6 IP with SSL
@@ -1859,6 +1869,14 @@ function update($event_name, $data) {
 				}
 				if(count($ipv6_ssl_alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $ipv6_ssl_alias_seo_redirects);
 				$vhosts[] = $tmp_vhost_arr;
+
+				//if proxy protocol is enabled we need to add a new port to listen to
+				if ($proxy_protocol_site && $proxy_protocol_ipv6 && $proxy_protocol_https_port > 0) {
+					$tmp_vhost_arr['port'] = $proxy_protocol_https_port;
+					$tmp_vhost_arr['use_proxy_protocol'] = 'y';
+					$vhosts[] = $tmp_vhost_arr;
+				}
+
 				unset($tmp_vhost_arr, $ipv6_ssl_alias_seo_redirects);
 				$app->log('Enable SSL for IPv6: '.$domain, LOGLEVEL_DEBUG);
 			}
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
@@ -1599,17 +1599,15 @@ function update($event_name, $data) {
 		}
 
 		//proxy protocol settings
-		if($web_config['vhost_proxy_protocol_enabled'] == "y"){
-		    if((int)$web_config['vhost_proxy_protocol_https_port'] > 0) {
-			    $vhost_data['use_proxy_protocol'] = $data['new']['proxy_protocol'];
-			    $vhost_data['proxy_protocol_http'] = (int)$web_config['vhost_proxy_protocol_http_port'];
-			    $vhost_data['proxy_protocol_https'] = (int)$web_config['vhost_proxy_protocol_https_port'];
-		    } else {
-		        $vhost_data['use_proxy_protocol'] = "n";
-		    }
-		}else{
-			$vhost_data['use_proxy_protocol'] = "n";
-		}
+		$proxy_protocol_protocols = explode(',', $web_config['vhost_proxy_protocol_protocols']);
+		$proxy_protocol_ipv4 = in_array('ipv4', $proxy_protocol_protocols);
+		$proxy_protocol_ipv6 = in_array('ipv6', $proxy_protocol_protocols);
+		$proxy_protocol_site = $web_config['vhost_proxy_protocol_enabled'] == 'all';
+		$proxy_protocol_site |= $web_config['vhost_proxy_protocol_enabled'] == 'y' && $data['new']['proxy_protocol'] == 'y';
+		$vhost_data['proxy_protocol_http'] = isset($web_config['vhost_proxy_protocol_http_port']) ? (int)$web_config['vhost_proxy_protocol_http_port'] : 0;
+		$vhost_data['proxy_protocol_https'] = isset($web_config['vhost_proxy_protocol_https_port']) ? (int)$web_config['vhost_proxy_protocol_https_port'] : 0;
+		$vhost_data['use_proxy_protocol'] = ($proxy_protocol_site && $proxy_protocol_ipv4) ? 'y' : 'n';
+		$vhost_data['use_proxy_protocol_ipv6'] = ($proxy_protocol_site && $proxy_protocol_ipv6) ? 'y' : 'n';
 
 		// set logging variable
 		$vhost_data['logging'] = $web_config['logging'];
