Merge branch 'develop' of git.ispconfig.org:ispconfig/ispconfig3 into develop

florian030 · florian030 · commit ec9b13ed0714 · 2020-09-25T08:55:03.000+02:00
diff --git a/install/install.php b/install/install.php
@@ -536,7 +536,16 @@
 	$inst->configure_fail2ban();
 }
 
+// create acme vhost
+if($conf['nginx']['installed'] == true) {
+	$inst->make_acme_vhost('nginx'); // we need this config file but we don't want nginx to be restarted at this point
+}
+if($conf['apache']['installed'] == true) {
+	$inst->make_acme_vhost('apache'); // we need this config file but we don't want apache to be restarted at this point
+}
+
 //** Configure ISPConfig :-)
+$issue_tried = false;
 $install_ispconfig_interface_default = ($conf['mysql']['master_slave_setup'] == 'y')?'n':'y';
 if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPConfig Web Interface', array('y', 'n'), $install_ispconfig_interface_default,'install_ispconfig_web_interface')) == 'y') {
 	swriteln('Installing ISPConfig');
@@ -563,6 +572,7 @@
 
 	if(strtolower($inst->simple_query('Do you want a secure (SSL) connection to the ISPConfig web interface', array('y', 'n'), 'y','ispconfig_use_ssl')) == 'y') {
 		$inst->make_ispconfig_ssl_cert();
+		$issue_tried = true;
 	}
 	$inst->install_ispconfig_interface = true;
 
@@ -572,8 +582,9 @@
 
 // Create SSL certs for non-webserver(s)?
 if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
-    if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
+    if(!$issue_tried && strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y') {
         $inst->make_ispconfig_ssl_cert();
+	}
 } else {
 	swriteln('Certificate exists. Not creating a new one.');
 }
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -2721,9 +2721,15 @@ private function curl_request($url, $use_ipv6 = false) {
 		return $response;
 	}
 
-	private function make_acme_vhost($server_name, $server = 'apache', $restart = true) {
+	public function make_acme_vhost($server = 'apache') {
 		global $conf;
 
+		if($conf['hostname'] !== 'localhost' && $conf['hostname'] !== '') {
+			$server_name = $conf['hostname'];
+		} else {
+			$server_name = exec('hostname -f');
+		}
+
 		$use_template = 'apache_acme.conf.master';
 		$use_symlink = '999-acme.conf';
 		$use_name = 'acme.conf';
@@ -2759,15 +2765,6 @@ private function make_acme_vhost($server_name, $server = 'apache', $restart = tr
 		if(!@is_link($vhost_conf_enabled_dir.'' . $use_symlink)) {
 			symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);
 		}
-		if($restart === true) {
-			if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
-				if($this->is_update) {
-					system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
-				} else {
-					system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
-				}
-			}
-		}
 	}
 
 	public function make_ispconfig_ssl_cert() {
@@ -2838,12 +2835,18 @@ public function make_ispconfig_ssl_cert() {
 		}
 
 		swriteln('Using certificate path ' . $acme_cert_dir);
+		$ip_address_match = false;
 		if(!(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips)))) {
 			swriteln('Server\'s public ip(s) (' . $svr_ip4 . ($svr_ip6 ? ', ' . $svr_ip6 : '') . ') not found in A/AAAA records for ' . $hostname . ': ' . implode(', ', $dns_ips));
+			if(strtolower($inst->simple_query('Ignore DNS check and continue to request certificate?', array('y', 'n') , 'n','ignore_hostname_dns')) == 'y') {
+				$ip_address_match = true;
+			}
+		} else {
+			$ip_address_match = true;
 		}
 
 
-		if ((!@is_dir($acme_cert_dir) || !@file_exists($check_acme_file) || !@file_exists($ssl_crt_file) || md5_file($check_acme_file) != md5_file($ssl_crt_file)) && (($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips)))) {
+		if ((!@is_dir($acme_cert_dir) || !@file_exists($check_acme_file) || !@file_exists($ssl_crt_file) || md5_file($check_acme_file) != md5_file($ssl_crt_file)) && $ip_address_match == true) {
 
 			// This script is needed earlier to check and open http port 80 or standalone might fail
 			// Make executable and temporary symlink latest letsencrypt pre, post and renew hook script before install
@@ -2893,15 +2896,22 @@ public function make_ispconfig_ssl_cert() {
 			// first of all create the acme vhosts if not existing
 			if($conf['nginx']['installed'] == true) {
 				swriteln('Using nginx for certificate validation');
-				$this->make_acme_vhost($hostname, 'nginx');
+				$server = 'nginx';
 			} elseif($conf['apache']['installed'] == true) {
 				swriteln('Using apache for certificate validation');
 				if($this->is_update == false && @is_link($vhost_conf_enabled_dir.'/000-ispconfig.conf')) {
 					$restore_conf_symlink = true;
 					unlink($vhost_conf_enabled_dir.'/000-ispconfig.conf');
 				}
+				$server = 'apache';
+			}
 
-				$this->make_acme_vhost($hostname, 'apache');
+			if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
+				if($this->is_update) {
+					system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+				} else {
+					system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+				}
 			}
 
 			$issued_successfully = false;
@@ -2934,6 +2944,8 @@ public function make_ispconfig_ssl_cert() {
 						rename($ssl_pem_file, $ssl_pem_file . '-' . $date->format('YmdHis') . '.bak');
 					}
 
+					$check_acme_file = $ssl_crt_file;
+
 					// Define LE certs name and path, then install them
 					//$acme_cert = "--cert-file $acme_cert_dir/cert.pem";
 					$acme_key = "--key-file " . escapeshellarg($ssl_key_file);
@@ -2999,10 +3011,7 @@ public function make_ispconfig_ssl_cert() {
 				}
 			}
 		} else {
-			if($conf['apache']['installed'] == true) {
-				$this->make_acme_vhost($hostname, 'apache', false); // we need this config file but we don't want apache to be restarted at this point
-			}
-			if(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {
+			if($ip_address_match) {
 				// the directory already exists so we have to assume that it was created previously
 				$issued_successfully = true;
 			}
diff --git a/install/update.php b/install/update.php
@@ -519,6 +519,15 @@
 //** Configure ISPConfig
 swriteln('Updating ISPConfig');
 
+$issue_tried = false;
+// create acme vhost
+if($conf['nginx']['installed'] == true) {
+	$inst->make_acme_vhost('nginx'); // we need this config file but we don't want nginx to be restarted at this point
+}
+if($conf['apache']['installed'] == true) {
+	$inst->make_acme_vhost('apache'); // we need this config file but we don't want apache to be restarted at this point
+}
+
 if ($inst->install_ispconfig_interface) {
 	//** Customise the port ISPConfig runs on
 	$ispconfig_port_number = get_ispconfig_port_number();
@@ -533,13 +542,15 @@
 	// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
 	if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate', array('yes', 'no'), 'no','create_new_ispconfig_ssl_cert')) == 'yes') {
 		$inst->make_ispconfig_ssl_cert();
+		$issue_tried = true;
 	}
 }
 
 // Create SSL certs for non-webserver(s)?
 if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
-    if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
+    if(!$issue_tried && strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y') {
         $inst->make_ispconfig_ssl_cert();
+	}
 } else {
 	swriteln('Certificate exists. Not creating a new one.');
 }
diff --git a/server/conf/sieve_filter.master b/server/conf/sieve_filter.master
@@ -29,6 +29,8 @@ redirect "<tmpl_var name='address'>";
 # You can create and activate a per-user sieve script (manually or via managesieve),
 # which will execute before this.
 
+require ["fileinto", "mailbox", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
+
 <tmpl_if name="move_junk" op="==" value="a">
 # Move spam to spam folder
 if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
diff --git a/server/plugins-available/powerdns_plugin.inc.php b/server/plugins-available/powerdns_plugin.inc.php
@@ -449,7 +449,7 @@ function zoneRediscover() {
 
 	function notifySlave($data) {
 		global $app;
-		
+
 		$pdns_control = $this->find_pdns_control();
 		if ( $pdns_control != false ) {
 			$app->system->exec_safe($pdns_control . ' notify ?', rtrim($data["new"]["origin"],"."));
@@ -458,7 +458,7 @@ function notifySlave($data) {
 
 	function fetchFromMaster($data) {
 		global $app;
-		
+
 		$pdns_control = $this->find_pdns_control();
 		if ( $pdns_control != false ) {
 			$app->system->exec_safe($pdns_control . ' retrieve ?', rtrim($data["new"]["origin"],"."));
@@ -502,7 +502,7 @@ function handle_dnssec($data) {
 		}
 
 		// If DNSSEC is wanted, enable it
-		if ($data['new']['dnssec_wanted'] === 'Y' && $data['old']['dnssec_wanted'] === 'N') {
+		if ($data['new']['dnssec_wanted'] === 'Y' && (is_null($data['old']['dnssec_wanted']) || $data['old']['dnssec_wanted'] === 'N')) {
 			$this->soa_dnssec_create($data);
 		}
 	}
