Implement SSL for mail domains and webmail subdomain support

Author: Kristan Kenney

bin/v-add-backup-host

@@ -169,9 +169,7 @@ fi
 
 # Adding backup host
 if [ $type != 'local' ]; then
-    time_n_date=$(date +'%T %F')
-    time=$(echo "$time_n_date" |cut -f 1 -d \ )
-    date=$(echo "$time_n_date" |cut -f 2 -d \ )
+    new_timestamp
     str="HOST='$host'\nUSERNAME='$user'\nPASSWORD='$password'"
     str="$str\nBPATH='$path'\nPORT='$port'\nTIME='$time'\nDATE='$date'"
     echo -e "$str" > $HESTIA/conf/$type.backup.conf

bin/v-add-letsencrypt-domain

@@ -83,11 +83,11 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Rework domain and alieses for mail.
+# Generate correct variables for mail domain SSL certificates
 if [ ! -z "$mail" ]; then
-    original_domain=$domain
-    aliases="webmail.$domain,autodiscover.$domain"
-    domain="mail.$domain"
+    root_domain=$domain
+    domain="mail.$root_domain"
+    aliases="$WEBMAIL_ALIAS.$root_domain,autodiscover.$root_domain"
 fi
 
 # Registering LetsEncrypt user account
@@ -162,34 +162,38 @@ for auth in $authz; do
         $BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record
         check_result $? "DNS _acme-challenge record wasn't created"
     else
-        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
-            if [ -z "$mail" ]; then
-                conf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.conf_letsencrypt"
-                sconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
-            else
-                conf="$HOMEDIR/$user/conf/mail/$original_domain/$PROXY_SYSTEM.conf_letsencryptmail"
-                sconf="$HOMEDIR/$user/conf/mail/$original_domain/$PROXY_SYSTEM.ssl.conf_letsencryptmail"
-            fi
-
-            if [ ! -e "$conf" ]; then
-                echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
-                    > $conf
-                echo '    default_type text/plain;' >> $conf
-                echo '    return 200 "$1.'$THUMB'";' >> $conf
-                echo '}' >> $conf
-            fi
-            if [ ! -e "$sconf" ]; then
-                ln -s "$conf" "$sconf"
-            fi
-            $BIN/v-restart-proxy
-            check_result $? "Proxy restart failed" > /dev/null
+        if [ -z "$mail" ]; then
+            if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
+                if [ ! -z "$mail" ]; then
+                    conf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.conf_letsencrypt"
+                    sconf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
+                else
+                    conf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.conf_letsencrypt"
+                    sconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
+                fi
+
+                if [ ! -e "$conf" ]; then
+                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
+                        > $conf
+                    echo '    default_type text/plain;' >> $conf
+                    echo '    return 200 "$1.'$THUMB'";' >> $conf
+                    echo '}' >> $conf
+                fi
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                $BIN/v-restart-proxy
+                check_result $? "Proxy restart failed" > /dev/null
 
-        else
-            if [ -z "$mail" ]; then
-                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
             else
-                well_known="/var/lib/roundcube/.well-known"
+                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+                acme_challenge="$well_known/acme-challenge"
+                mkdir -p $acme_challenge
+                echo "$token.$THUMB" > $acme_challenge/$token
+                chown -R $user:$user $well_known
             fi
+        else
+            well_known="/var/lib/roundcube/.well-known"
             acme_challenge="$well_known/acme-challenge"
             mkdir -p $acme_challenge
             echo "$token.$THUMB" > $acme_challenge/$token
@@ -262,14 +266,23 @@ if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
     sed -i '1,2d' $ssl_dir/$domain.ca
 fi
 
+# Rename certs for mail
+if [ ! -z "$mail" ]; then
+    mv $ssl_dir/$domain.ca $ssl_dir/$root_domain.ca
+    mv $ssl_dir/$domain.crt $ssl_dir/$root_domain.crt
+    mv $ssl_dir/$domain.csr $ssl_dir/$root_domain.csr
+    mv $ssl_dir/$domain.key $ssl_dir/$root_domain.key
+    mv $ssl_dir/$domain.pem $ssl_dir/$root_domain.pem
+fi
+
 # Adding SSL
 if [ -z "$mail" ]; then
     ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
     $BIN/v-delete-web-domain-ssl $user $domain > /dev/null 2>&1
     $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
 else
-    $BIN/v-delete-mail-domain-ssl $user $domain >/dev/null 2>&1
-    $BIN/v-add-mail-domain-ssl $user $domain $ssl_dir
+    $BIN/v-delete-mail-domain-ssl $user $root_domain >/dev/null 2>&1
+    $BIN/v-add-mail-domain-ssl $user $root_domain $ssl_dir
 fi
 
 if [ "$?" -ne '0' ]; then
@@ -295,9 +308,9 @@ if [ -z "$mail" ]; then
     update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 else
     if [ -z "$LETSENCRYPT" ]; then
-        add_object_key "mail" 'DOMAIN' "$original_domain" 'LETSENCRYPT'
+        add_object_key "mail" 'DOMAIN' "$root_domain" 'LETSENCRYPT'
     fi
-    update_object_value 'mail' 'DOMAIN' "$original_domain" '$LETSENCRYPT' 'yes'
+    update_object_value 'mail' 'DOMAIN' "$root_domain" '$LETSENCRYPT' 'yes'
 fi
 
 #----------------------------------------------------------#

bin/v-add-mail-domain

@@ -127,6 +127,14 @@ if [ ! -z "$DNS_SYSTEM" ] && [ "$dkim" = 'yes' ]; then
     fi
 fi
 
+# Add webmail configuration to mail domain
+if [ ! -z "$WEB_SYSTEM" ]; then
+    add_webmail_config "$WEB_SYSTEM" "default.tpl"
+fi
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    add_webmail_config "$PROXY_SYSTEM" "default.tpl"
+fi
+
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
@@ -138,6 +146,14 @@ if [ "$dkim" = 'yes' ]; then
     increase_user_value "$user" '$U_MAIL_DKIM'
 fi
 
+# Restarting web server
+$BIN/v-restart-web $restart
+check_result $? "Web restart failed" >/dev/null
+
+# Restarting proxy server
+$BIN/v-restart-proxy $restart
+check_result $? "Proxy restart failed" >/dev/null
+
 # Logging
 log_history "added mail domain $domain"
 log_event "$OK" "$ARGUMENTS"

bin/v-add-mail-domain-ssl

@@ -65,31 +65,37 @@ is_web_domain_cert_valid
 # Call routine to add SSL configuration to mail domain
 add_mail_ssl_config
 
+# Add webmail configuration to mail domain
+if [ ! -z "$WEB_SYSTEM" ]; then
+    add_webmail_config "$WEB_SYSTEM" "default.stpl"
+fi
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    add_webmail_config "$PROXY_SYSTEM" "default.stpl"
+fi
+
 # Increase value for domain
 increase_user_value "$user" '$U_MAIL_SSL'
 
 # Set SSL as enabled in configuration
 update_object_value 'mail' 'DOMAIN' "$domain" '$SSL' "yes"
 
-# Refresh webmail configuration
-if [ ! -z "$WEB_SYSTEM" ]; then
-    add_ssl_webmail_config
-
-    # Restart web services for webmail changes to take effect
-    $BIN/v-restart-web $restart
-    $BIN/v-restart-proxy $restart
-fi
-
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
 
 # Restarting mail server
 $BIN/v-restart-mail $restart
 $BIN/v-restart-service $IMAP_SYSTEM $restart
-
 check_result $? "Mail restart failed" >/dev/null
 
+# Restarting web server
+$BIN/v-restart-web $restart
+check_result $? "Web restart failed" >/dev/null
+
+# Restarting proxy server
+$BIN/v-restart-proxy $restart
+check_result $? "Proxy restart failed" >/dev/null
+
 # Logging
 log_history "enabled mail ssl support for $domain"
 log_event "$OK" "$ARGUMENTS"

bin/v-add-webmail

@@ -0,0 +1,94 @@
+#!/bin/bash
+# info: add webmail support for a domain
+# options: USER DOMAIN [RESTART]
+#
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart="$3"
+
+# Additional argument formatting
+if [[ "$domain" =~ [[:upper:]] ]]; then
+    domain=$(echo "$domain" |tr '[:upper:]' '[:lower:]')
+fi
+if [[ "$domain" =~ ^www\..* ]]; then
+    domain=$(echo "$domain" |sed -e "s/^www.//")
+fi
+if [[ "$domain" =~ .*\.$ ]]; then
+    domain=$(echo "$domain" |sed -e "s/\.$//")
+fi
+
+domain=$(idn -t --quiet -u "$domain" )
+domain_idn=$(idn -t --quiet -a "$domain")
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/func/ip.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+get_user_ip
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_unsuspended 'mail' 'DOMAIN' "$domain"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Add webmail configuration to mail domain
+if [ ! -z "$WEB_SYSTEM" ]; then
+    add_webmail_config "$WEB_SYSTEM" "default.tpl"
+fi
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    add_webmail_config "$PROXY_SYSTEM" "default.tpl"
+fi
+
+# Enable SSL for webmail if available
+if [ -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt ]; then
+    if [ ! -z "$WEB_SYSTEM" ]; then
+        add_webmail_config "$WEB_SYSTEM" "default.stpl"
+    fi
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        add_webmail_config "$PROXY_SYSTEM" "default.stpl"
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+if [ ! -z "$3" ]; then 
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+# Logging
+log_history "enabled webmail support for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-mail-domain

@@ -67,6 +67,9 @@ if [ "$SSL" = 'yes' ]; then
     del_mail_ssl_config
 fi
 
+# Delete webmail configuration
+del_webmail_config
+
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#

bin/v-delete-mail-domain-ssl

@@ -42,11 +42,6 @@ is_object_value_exist 'mail' 'DOMAIN' "$domain" '$SSL'
 # Delete mail domain SSL configuration
 del_mail_ssl_config
 
-# Delete SSL webmail configuration
-if [ ! -z "$WEB_SYSTEM" ]; then
-    del_webmail_ssl_config
-fi
-
 #----------------------------------------------------------#
 #                       Hestia                              #
 #----------------------------------------------------------#

bin/v-delete-webmail

@@ -0,0 +1,62 @@
+#!/bin/bash
+# info: delete webmail support for a domain
+# options: USER DOMAIN [RESTART]
+#
+# The function delete ssl certificates.
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+# Argument definition
+user=$1
+domain=$2
+restart="$3"
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_unsuspended 'mail' 'DOMAIN' "$domain"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Delete webmail configuration
+del_webmail_config
+
+#----------------------------------------------------------#
+#                       Hestia                              #
+#----------------------------------------------------------#
+
+if [ ! -z "$3" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+# Logging
+log_history "disabled webmail support for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-list-sys-rrd

@@ -21,9 +21,7 @@ json_list() {
     echo "{"
 
     # Generating timestamp
-    time_n_date=$(date +'%T %F')
-    TIME=$(echo "$time_n_date" |cut -f 1 -d \ )
-    DATE=$(echo "$time_n_date" |cut -f 2 -d \ )
+    new_timestamp
 
     for type in $rrd_types; do
         for rrd in $(ls $RRD/$type |grep rrd$ |sed "s/\.rrd$//g"); do