Merge branch '6017-ssl-for-nginx-apps-vhost' into 'develop'

Marius Burkard · Marius Burkard · commit f5bd972f40e3 · 2021-02-27T09:10:44.000Z
Resolve "SSL for nginx apps vhost"

Closes #6017 and #6007

See merge request ispconfig/ispconfig3!1422
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -2553,7 +2553,7 @@ public function configure_apps_vhost() {
 			$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
 			$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
 			$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
-			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
+			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
 				$tpl->setVar('ssl_comment','');
 			} else {
 				$tpl->setVar('ssl_comment','#');
@@ -2636,6 +2636,15 @@ public function configure_apps_vhost() {
 			// Dont just copy over the virtualhost template but add some custom settings
 			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_apps.vhost.master', 'tpl/nginx_apps.vhost.master');
 
+			// Enable SSL if a cert is in place.
+			if(is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.crt') && is_file($conf['ispconfig_install_dir'].'/interface/ssl/ispserver.key')) {
+				$content = str_replace('{ssl_on}', 'ssl', $content);
+				$content = str_replace('{ssl_comment}', '', $content);
+			} else {
+				$content = str_replace('{ssl_on}', '', $content);
+				$content = str_replace('{ssl_comment}', '#', $content);
+			}
+
 			if($conf['web']['apps_vhost_ip'] == '_default_'){
 				$apps_vhost_ip = '';
 			} else {
@@ -2678,10 +2687,6 @@ public function configure_apps_vhost() {
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
 
-			// SSL in apps vhost is off by default. Might change later.
-			$content = str_replace('{ssl_on}', '', $content);
-			$content = str_replace('{ssl_comment}', '#', $content);
-
 			// Fix socket path on PHP 7 systems
 			if(file_exists('/var/run/php/php7.0-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
 			if(file_exists('/var/run/php/php7.1-fpm.sock'))	$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.1-fpm.sock', $content);
diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master
@@ -7,7 +7,7 @@ server {
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 
         # redirect to https if accessed with http
-        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
+        {ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
 
         server_name {apps_vhost_servername};
 
diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master
@@ -7,7 +7,7 @@ server {
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 
         # redirect to https if accessed with http
-        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
+        {ssl_comment}error_page 497 https://$host:{apps_vhost_port}$request_uri;
 
         server_name {apps_vhost_servername};
 
diff --git a/server/plugins-available/apps_vhost_plugin.inc.php b/server/plugins-available/apps_vhost_plugin.inc.php
@@ -206,16 +206,14 @@ function update($event_name, $data) {
 				$use_socket = '#';
 			}
 
-                        /* Check if SSL should be enabled: */
-                        if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+            /* Check if SSL should be enabled: */
+            if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{ssl_on}', 'ssl', $content);
-                                $content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
-                        } else {
+            } else {
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = preg_replace('/(\s)\{ssl_on\}/', '', $content);
-				$content = str_replace('{vhost_port}', $web_config['apps_vhost_port'], $content);
-                        }
+			}
 	 
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
