Merge pull request hestiacp#1916 from jaapmarcus/fix/1913-ssl-rainloop

Multiple issues with Rainloop and FastCGI Cache

Author: jaapmarcus

CHANGELOG.md

@@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file.
 ### Features
 
 - Include DMARC record in DNS record list #1836
-- Enabled phpMyAdmin Single Sign On support
+- Enabled phpMyAdmin Single Sign On support #1460
 - Add command to add / delete from API_ALLOWED_IP list (#1904)
 
 ### Bugfixes
@@ -22,9 +22,11 @@ All notable changes to this project will be documented in this file.
 - Keep changes made by /install/upgrade/manual/install_awstats_geopip.sh on update HestiaCP (via Discord)
 - Refactor/improve PHP and HTML code @s0t (#1860)
 - Fixed XSS vulnerability in login page and a few other locations @briansemrau / @numanturle
-- Delete old session after after session_regenerate_id() @briansemrau
+- Delete old session after session_regenerate_id() @briansemrau
 - Improve error message when domain all ready exists on different account.
 - Fixed an issue where phpmyadmin did not update when Postgresql was available.
+- Webmail clients set to rainloop where not able to create a SSL certificate via LE #1913
+- Fixed an issue where plugin-hestia-change-pasword did not change the port on v-change-sys-port (Rainloop) #1895
 - Fixed an issue where HELO message was not set / error was created on NAT IP
 
 ## [1.4.2] - Service release

bin/v-add-fastcgi-cache

@@ -31,7 +31,7 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN DEBUG'
+check_args '2' "$#" 'USER DOMAIN [DURATION] [DEBUG] [RESTART]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
@@ -85,7 +85,7 @@ cat << EOF > $fastcgi
     set $no_cache 0;
 EOF
 
-if [ ! -z "$debug" ]; then
+if [ "$debug" = 'yes' ]; then
     echo "    add_header \"X-STATUS\" \"$status\";" >> $fastcgi
 fi
 

bin/v-add-letsencrypt-domain

@@ -315,11 +315,31 @@ for auth in $authz; do
                 chown -R $user:$user $well_known
             fi
         else
-            well_known="/var/lib/roundcube/.well-known"
-            acme_challenge="$well_known/acme-challenge"
-            mkdir -p $acme_challenge
-            echo "$token.$THUMB" > $acme_challenge/$token
-            chown -R $user:$user $well_known
+            if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
+                conf="$HOMEDIR/$user/conf/mail/$root_domain/nginx.conf_letsencrypt"
+                sconf="$HOMEDIR/$user/conf/mail/$root_domain/nginx.ssl.conf_letsencrypt"
+                echo 'location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {' \
+                    > $conf
+                echo '    default_type text/plain;' >> $conf
+                echo '    return 200 "$1.'$THUMB'";' >> $conf
+                echo '}' >> $conf
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                if [ ! -z "$PROXY_SYSTEM" ]; then
+                    $BIN/v-restart-proxy
+                    check_result $? "Proxy restart failed" > /dev/null
+                fi
+            else  
+                get_object_value 'mail' 'DOMAIN' "$domain" "WEBMAIL" 
+                if [ ! -z "$WEBMAIL" ]; then 
+                    well_known="/var/lib/$WEBMAIL/.well-known"
+                    acme_challenge="$well_known/acme-challenge"
+                    mkdir -p $acme_challenge
+                    echo "$token.$THUMB" > $acme_challenge/$token
+                    chown -R $user:$user $well_known
+                fi
+            fi
         fi
         if [ "$WEB_SYSTEM" = 'nginx' ]; then
             $BIN/v-restart-web

bin/v-change-sys-port

@@ -71,6 +71,9 @@ else
     if [ -d /etc/roundcube/ ]; then
         sed -i "/password_hestia_port/c\$rcmail_config['password_hestia_port'] = '$PORT';" /etc/roundcube/plugins/password/config.inc.php
     fi
+    if [ -d /etc/rainloop/ ]; then
+        sed -i "/hestia_port/c\hestia_port = $PORT" /etc/rainloop/data/_data_/_default_/configs/plugin-hestia-change-password.ini
+    fi
     sed -i "/COMMENT='HESTIA'/c\RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='$PORT' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'" $HESTIA/data/firewall/rules.conf
 
     # Restart services

install/deb/templates/mail/apache2/rainloop.stpl

@@ -10,9 +10,9 @@ SSLVerifyClient none
 SSLCertificateFile         %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.crt
 SSLCertificateKeyFile      %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.key
 
-<Directory /var/lib/roundcube/>
+<Directory /var/lib/rainloop/>
     Options +FollowSymLinks
-    # This is needed to parse /var/lib/roundcube/.htaccess. See its
+    # This is needed to parse /var/lib/rainloop/.htaccess. See its
     # content before setting AllowOverride to None.
     AllowOverride All
     order allow,deny

web/add/mail/index.php

@@ -276,10 +276,9 @@
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = sprintf(_('MAIL_ACCOUNT_CREATED_OK'),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
+        $_SESSION['ok_msg'] = sprintf(_('MAIL_ACCOUNT_CREATED_OK'),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']));
         unset($v_account);
         unset($v_password);
-        unset($v_password);
         unset($v_aliases);
         unset($v_fwd);
         unset($v_quota);