added SSL CA-bundle support

Author: serghey-rodin

bin/v_add_sys_user_ssl

@@ -198,14 +198,14 @@ increase_user_value "$user" '$U_WEB_DOMAINS'
 
 # Defining domain variables
 v_str="DOMAIN='$domain'"
-v_str="$v_str IP='$ip'"
+v_str="$v_str IP='$ip' IP6=''"
 v_str="$v_str U_DISK='0'"
 v_str="$v_str U_BANDWIDTH='0'"
 v_str="$v_str TPL='$template'"
 v_str="$v_str ALIAS='$aliases'"
 v_str="$v_str $template_data"    # Inserting PHP, CGI and ELOG keys
 v_str="$v_str STATS='' STATS_AUTH=''"
-v_str="$v_str SSL='' SSL_HOME=''"
+v_str="$v_str SSL='no' SSL_HOME='single'"
 v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'"
 
 # Registering domain

bin/v_add_web_domain

@@ -82,7 +82,7 @@ upd_web_domain_values
 del_web_config
 add_web_config
 
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
     conf="$V_HOME/$user/conf/shttpd.conf"
     del_web_config
@@ -96,7 +96,7 @@ if [ ! -z "$NGINX" ]; then
     del_web_config
     add_web_config
 
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
         conf="$V_HOME/$user/conf/snginx.conf"

bin/v_add_web_domain_alias

@@ -64,7 +64,7 @@ del_web_config
 add_web_config
 
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
     conf="$V_HOME/$user/conf/shttpd.conf"
     del_web_config

bin/v_add_web_domain_cgi

@@ -64,7 +64,7 @@ del_web_config
 add_web_config
 
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
     conf="$V_HOME/$user/conf/shttpd.conf"
     del_web_config
@@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
     del_web_config
     add_web_config
 
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
         conf="$V_HOME/$user/conf/snginx.conf"

bin/v_add_web_domain_elog

@@ -68,7 +68,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
 upd_web_domain_values
 add_web_config
 
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
     proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
     conf="$V_HOME/$user/conf/snginx.conf"

bin/v_add_web_domain_nginx

@@ -9,7 +9,7 @@
 user=$1
 domain=$(idn -t --quiet -u "$2" )
 domain_idn=$(idn -t --quiet -a "$domain")
-ssl=$3
+ssl_dir=$3
 ssl_home=${4-single}
 
 # Importing variables
@@ -25,10 +25,10 @@ source $V_FUNC/ip.func
 #----------------------------------------------------------#
 
 # Checking arg number
-check_args '3' "$#" 'user domain ssl [sslhome]'
+check_args '3' "$#" 'user domain ssl_dir [ssl_home]'
 
 # Checking argument format
-format_validation 'user' 'domain' 'ssl'
+format_validation 'user' 'domain' 'ssl_dir'
 
 # Checking web system is enabled
 is_system_enabled 'web'
@@ -59,12 +59,20 @@ is_web_domain_cert_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Adding certificate to user data directory
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
+cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
+if [ -e "$ssl_dir/$domain.ca" ]; then
+    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
+    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
+fi
+
 # Parsing domain values
 get_web_domain_values
 conf="$V_HOME/$user/conf/shttpd.conf"
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
-SSL=$ssl
-SSL_HOME=$ssl_home
+SSL_HOME="$ssl_home"
 
 # Checking ip ownership
 is_sys_ip_owner
@@ -76,8 +84,12 @@ upd_web_domain_values
 add_web_config
 
 # Adding certificate to user dir
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
+if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
+fi
 
 # Running template trigger
 if [ -x $V_WEBTPL/apache_$template.sh ]; then
@@ -115,8 +127,8 @@ fi
 increase_user_value "$user" '$U_WEB_SSL'
 
 # Adding ssl values
-update_web_domain_value '$SSL' "$SSL"
 update_web_domain_value '$SSL_HOME' "$SSL_HOME"
+update_web_domain_value '$SSL' 'yes'
 
 # Logging
 log_history "$V_EVENT" "v_del_web_domain_ssl $user $domain"

bin/v_add_web_domain_ssl

@@ -100,31 +100,6 @@ if [ -e "$V_USERS/$user/backup.excludes" ]; then
     cp -r $V_USERS/$user/backup.excludes $tmpdir/vesta/
 fi
 
-if [ -e "$V_USERS/$user/cron.conf" ]; then
-    echo -e "$(date "+%F %T") cron.conf"
-    cp -r $V_USERS/$user/cron.conf $tmpdir/vesta/
-fi
-
-if [ -e "$V_USERS/$user/db.conf" ]; then
-    echo -e "$(date "+%F %T") db.conf"
-    cp -r $V_USERS/$user/db.conf $tmpdir/vesta/
-fi
-
-if [ -e "$V_USERS/$user/dns.conf" ]; then
-    echo -e "$(date "+%F %T") dns.conf"
-    cp -r $V_USERS/$user/dns.conf $tmpdir/vesta/
-fi
-
-if [ -e "$V_USERS/$user/mail.conf" ]; then
-    echo -e "$(date "+%F %T") mail.conf"
-    cp -r $V_USERS/$user/mail.conf $tmpdir/vesta/
-fi
-
-
-if [ -e "$V_USERS/$user/web.conf" ]; then
-    echo -e "$(date "+%F %T") web.conf"
-    cp -r $V_USERS/$user/web.conf $tmpdir/vesta/
-fi
 
 echo
 
@@ -205,7 +180,7 @@ then
             sed -n "$top_line,$bottom_line p" $conf > conf/httpd.conf
 
             # SSL check
-            if [ ! -z "$SSL" ]; then
+            if [ "$SSL" = 'yes' ]; then
                 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
                 conf="$V_HOME/$user/conf/shttpd.conf"
                 get_web_config_brds
@@ -221,7 +196,7 @@ then
             sed -n "$top_line,$bottom_line p" $conf > conf/nginx.conf
 
             # SSL check
-            if [ ! -z "$SSL" ] ; then
+            if [ "$SSL" = 'yes' ] ; then
                 tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
                 conf="$V_HOME/$user/conf/snginx.conf"
                 get_web_config_brds
@@ -235,8 +210,8 @@ then
         done
 
         # SSL Certificates
-        if [ ! -z "$SSL" ] ; then
-            cp $V_HOME/$user/conf/$SSL.* ssl/
+        if [ "$SSL" = 'yes' ] ; then
+            cp $V_HOME/$user/conf/ssl.$domain.* ssl/
         fi
 
         tar -rf $tmpdir/web/$domain/$domain.tar conf ssl
@@ -353,23 +328,6 @@ then
     echo
 fi
 
-# SSL CERTIFICATES
-if [ ! -z "$WEB_SSL" ] && [ "$WEB_SSL" != 'no' ] && [ "$SSL" != '*' ]; then
-    echo "-- SSL --"
-    mkdir $tmpdir/ssl
-
-    # Backingup ssl certificates
-    cert_list=$(ls $V_USERS/$user/ssl/ | grep ".crt" |\
-                sed -e "s/\.crt$//" |\
-                tr '\n' ' ' |\
-                sed -e 's/ $//' )
-    for cert in $cert_list; do
-        echo -e "$(date "+%F %T") $cert"
-        cp $V_USERS/$user/ssl/$cert.* $tmpdir/ssl/
-    done
-    echo
-fi
-
 # Get backup size
 size="$(du -shm $tmpdir | cut -f 1)"
 
@@ -539,7 +497,6 @@ backup_str="$backup_str WEB='${web_list// /,}'"
 backup_str="$backup_str DNS='${dns_list// /,}'"
 backup_str="$backup_str MAIL='${mail_list// /,}'"
 backup_str="$backup_str DB='${db_list// /,}'"
-backup_str="$backup_str SSL='${cert_list// /,}'"
 backup_str="$backup_str CRON='$cron_list'"
 echo "$backup_str" >> $V_USERS/$user/backup.conf
 

bin/v_backup_sys_user

@@ -61,7 +61,7 @@ new=$ip
 replace_web_config
 
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
     conf="$V_HOME/$user/conf/shttpd.conf"
     replace_web_config
@@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
 fi
 
 # Checking nginx
-if [ ! -z "$SSL" ] && [ ! -z "$NGINX" ]; then 
+if [ "$SSL" = 'yes' ] && [ ! -z "$NGINX" ]; then 
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
     conf="$V_HOME/$user/conf/snginx.conf"
     replace_web_config

bin/v_change_web_domain_ip

@@ -9,7 +9,7 @@
 user=$1
 domain=$(idn -t --quiet -u "$2" )
 domain_idn=$(idn -t --quiet -a "$domain")
-ssl=$3
+ssl_dir=$3
 
 # Importing variables
 source $VESTA/conf/vars.conf
@@ -54,53 +54,39 @@ is_web_domain_cert_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Parsing domain values
-get_web_domain_values
-tpl_file="$V_WEBTPL/apache_$TPL.stpl"
-conf="$V_HOME/$user/conf/shttpd.conf"
-old_ssl="$SSL"
-SSL="$ssl"
-
-# Preparing domain values for the template substitution
-upd_web_domain_values
-
-# Recreating vhost
-del_web_config
-add_web_config
-
-# Checking nginx
-if [ ! -z "$NGINX" ]; then
-    proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
-    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
-    conf="$V_HOME/$user/conf/snginx.conf"
-    del_web_config
-    add_web_config
+# Deleting old certificate
+tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
+rm -f $V_HOME/$user/conf/ssl.$domain.*
+mv $V_USERS/$user/ssl/$domain.* $tmpdir
+chown -R $user:$user $tmpdir
+
+# Adding new certificate to user data directory
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
+cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
+if [ -e "$ssl_dir/$domain.ca" ]; then
+    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
+    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 fi
 
 # Adding new certificate to user dir
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
-
-# Deleting old certificate
-check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
-if [ "$check_cert"  -lt 2 ]; then
-    rm -f $V_HOME/$user/conf/$old_ssl.crt
-    rm -f $V_HOME/$user/conf/$old_ssl.key
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
+if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
 fi
 
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-# Adding sslcert in config
-update_web_domain_value '$SSL' "$SSL"
-
 # Adding task to the vesta pipe
 restart_schedule 'web'
 
 # Logging
-log_history "$V_EVENT" "$V_SCRIPT $user $domain $old_ssl"
+log_history "$V_EVENT" "$V_SCRIPT $user $domain $tmpdir"
 log_event 'system' "$V_EVENT"
 
 exit