Bugfix 0505 forcessl (hestiacp#290)

* Change forcessl object key in web.conf

- Fixes an issue where forcessl is wrongly enabled when SSL is added to a web domain

* Upgrade script: Added migration for web object key change (FORCESSL -> SSL_FORCE)

Author: Lupul

bin/v-add-web-domain

@@ -165,7 +165,7 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 
 # Adding domain in web.conf
 echo "DOMAIN='$domain' IP='$ip' IP6='' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\
- SSL='no' FORCESSL='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_MD5=''\
+ SSL='no' SSL_FORCE='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_MD5=''\
  BACKEND='$BACKEND_TEMPLATE' PROXY='$PROXY_TEMPLATE' PROXY_EXT='$PROXY_EXT'\
  STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='0' U_BANDWIDTH='0'\
  SUSPENDED='no' TIME='$time' DATE='$date'" >> $USER_DATA/web.conf

bin/v-add-web-domain-ssl-force

@@ -68,12 +68,12 @@ fi
 #                       Hestia                             #
 #----------------------------------------------------------#
 
-if [ -z "$FORCESSL" ]; then
-    add_object_key "web" 'DOMAIN' "$domain" 'FORCESSL' 'SSL'
+if [ -z "$SSL_FORCE" ]; then
+    add_object_key "web" 'DOMAIN' "$domain" 'SSL_FORCE' 'SSL_HOME'
 fi
 
 # Set forcessl flag to enabled
-update_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL' 'yes'
+update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' 'yes'
 
 # Restart web server
 $BIN/v-restart-web

bin/v-delete-web-domain-ssl-force

@@ -28,7 +28,7 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
-is_object_valid 'web' 'DOMAIN' "$domain" "$FORCESSL"
+is_object_valid 'web' 'DOMAIN' "$domain" "$SSL_FORCE"
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -49,11 +49,11 @@ fi
 #                       Hestia                             #
 #----------------------------------------------------------#
 
-if [ -z "$FORCESSL" ]; then
-    add_object_key "web" 'DOMAIN' "$domain" 'FORCESSL' 'SSL'
+if [ -z "$SSL_FORCE" ]; then
+    add_object_key "web" 'DOMAIN' "$domain" 'SSL_FORCE' 'SSL_HOME'
 fi
 
-update_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL' 'no'
+update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' 'no'
 
 # Restart services if requested
 if [ ! -z "$restart" ]; then

bin/v-list-web-domain

@@ -30,7 +30,7 @@ json_list() {
         "STATS": "'$STATS'",
         "STATS_USER": "'$STATS_USER'",
         "SSL": "'$SSL'",
-        "FORCESSL": "'$FORCESSL'",
+        "SSL_FORCE": "'$SSL_FORCE'",
         "SSL_HOME": "'$SSL_HOME'",
         "LETSENCRYPT": "'$LETSENCRYPT'",
         "FTP_USER": "'$FTP_USER'",
@@ -61,8 +61,8 @@ shell_list() {
         if [ ! -z "$LETSENCRYPT" ] && [ "$LETSENCRYPT" != 'no' ]; then
          echo "LETSENCRYPT:    $LETSENCRYPT"
         fi
-        if [ ! -z "$FORCESSL" ]; then
-         echo "FORCESSL:       $FORCESSL"
+        if [ ! -z "$SSL_FORCE" ]; then
+         echo "SSL_FORCE:       $SSL_FORCE"
         fi
     fi
     echo "TEMPLATE:       $TPL"
@@ -92,18 +92,18 @@ shell_list() {
 # PLAIN list function
 plain_list() {
     echo -ne "$DOMAIN\t$IP\t$IP6\t$U_DISK\t$U_BANDWIDTH\t$TPL\t"
-    echo -ne "$ALIAS\t$STATS\t$STATS_USER\t$SSL\t$FORCESSL\t$SSL_HOME\t,$LETSENCRYPT"
+    echo -ne "$ALIAS\t$STATS\t$STATS_USER\t$SSL\t$SSL_FORCE\t$SSL_HOME\t,$LETSENCRYPT"
     echo -ne "$FTP_USER\t$FTP_PATH\t$AUTH_USER\t$BACKEND\t$PROXY\t"
     echo -e "$PROXY_EXT\t$SUSPENDED\t$TIME\t$DATE"
 }
 
 # CSV list function
 csv_list() {
     echo -n "DOMAIN,IP,IP6,U_DISK,U_BANDWIDTH,TPL,ALIAS,STATS,STATS_USER,SSL,"
-    echo -n "FORCESSL,SSL_HOME,LETSENCRYPT,FTP_USER,FTP_PATH,AUTH_USER,BACKEND,PROXY,PROXY_EXT,"
+    echo -n "SSL_FORCE,SSL_HOME,LETSENCRYPT,FTP_USER,FTP_PATH,AUTH_USER,BACKEND,PROXY,PROXY_EXT,"
     echo "SUSPENDED,TIME,DATE"
     echo -n "$DOMAIN,$IP,$IP6,$U_DISK,$U_BANDWIDTH,$TPL,\"$ALIAS\",$STATS"
-    echo -n "\"$STATS_USER\",$SSL,$SSL_HOME,$LETSENCRYPT,\"$FTP_USER\",\"$FTP_PATH\","
+    echo -n "\"$STATS_USER\",$SSL,$SSL_FORCE,$SSL_HOME,$LETSENCRYPT,\"$FTP_USER\",\"$FTP_PATH\","
     echo -n "\"$AUTH_USER\",$BACKEND,$PROXY,\"$PROXY_EXT\",$SUSPENDED,$TIME,"
     echo  "$DATE"
 }

bin/v-list-web-domain-ssl

@@ -32,7 +32,7 @@ json_list() {
     echo "        \"SIGNATURE\": \"$signature\","
     echo "        \"PUB_KEY\": \"$pub_key\","
     echo "        \"ISSUER\": \"$issuer\","
-    echo "        \"FORCESSL\": \"$forcessl\""
+    echo "        \"SSL_FORCE\": \"$SSL_FORCE\""
     echo -e "\t}\n}"
 }
 
@@ -59,7 +59,7 @@ shell_list() {
         echo "SIGNATURE:      $signature"
         echo "PUB_KEY:        $pub_key"
         echo "ISSUER:         $issuer"
-        echo "FORCESSL:       $forcessl"
+        echo "SSL_FORCE:      $SSL_FORCE"
     fi
 }
 
@@ -82,17 +82,17 @@ plain_list() {
         echo "$signature"
         echo "$pub_key"
         echo "$issuer"
-        echo "$forcessl"
+        echo "$SSL_FORCE"
     fi
 
 }
 
 # CSV list function
 csv_list() {
     echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
-    echo "PUB_KEY,ISSUER,FORCESSL"
+    echo "PUB_KEY,ISSUER,SSL_FORCE"
     echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
-    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\",\"$forcessl\""
+    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\",\"$SSL_FORCE\""
 }
 
 
@@ -109,6 +109,9 @@ is_object_valid 'web' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
 # Parsing domain SSL certificate
 if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
     crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')

install/upgrade/0.10.0-190430.sh

@@ -255,6 +255,26 @@ sed -i "s/STATS_SYSTEM='webalizer,awstats'/STATS_SYSTEM='awstats'/g" $HESTIA/con
 # Run sftp jail once
 $HESTIA/bin/v-add-sys-sftp-jail
 
+# Remove and migrate obsolete object keys
+for user in `ls /usr/local/hestia/data/users/`; do
+    USER_DATA=$HESTIA/data/users/$user
+
+    # Web keys
+    for domain in $($BIN/v-list-web-domains $user plain |cut -f 1); do
+        obskey=$(get_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL')
+        if [ ! -z "$obskey" ]; then
+            echo "(*) Fixing HTTP-to-HTTPS redirection for $domain"
+            update_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL' ''
+
+            # copy value under new key name
+            add_object_key "web" 'DOMAIN' "$domain" 'SSL_FORCE' 'SSL_HOME'
+            update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' "$obskey"
+        fi
+        unset FORCESSL
+    done
+    sed -i "s/\sFORCESSL=''//g" $USER_DATA/web.conf
+done
+
 # Rebuild user
 for user in `ls /usr/local/hestia/data/users/`; do
     echo "(*) Rebuilding domains and account for user: $user..."

web/edit/web/index.php

@@ -60,7 +60,7 @@
     $v_ssl_signature = $ssl_str[$v_domain]['SIGNATURE'];
     $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY'];
     $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
-    $v_ssl_forcessl = $data[$v_domain]['FORCESSL'];
+    $v_ssl_forcessl = $data[$v_domain]['SSL_FORCE'];
 }
 $v_letsencrypt = $data[$v_domain]['LETSENCRYPT'];
 if (empty($v_letsencrypt)) $v_letsencrypt = 'no';