Replace current nginx template with suspended template (hestiacp#3641)

* Replace current nginx template with suspended template

Make sure  traffic hitting xxx.php is not routed trough php handler and proxy pass also stops to work...

* Fix bug in config-tests test

* Update test

* Improve test

Author: jaapmarcus

func/domain.sh

@@ -224,6 +224,11 @@ prepare_web_domain_values() {
 	if [ "$SUSPENDED" = 'yes' ]; then
 		docroot="$HESTIA/data/templates/web/suspend"
 		sdocroot="$HESTIA/data/templates/web/suspend"
+		if [ "$PROXY_SYSTEM" == "nginx" ]; then
+			PROXY="suspended"
+		else
+			TPL="suspended"
+		fi
 	fi
 }
 

install/deb/templates/web/nginx/php-fpm/suspended.stpl

@@ -0,0 +1,42 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_ssl_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	index       index.html;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate      %ssl_pem%;
+	ssl_certificate_key  %ssl_key%;
+	ssl_stapling on;
+	ssl_stapling_verify on;
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	location / {
+		location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
+			expires     max;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		try_files $uri /index.html;
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location ~ /\.(?!well-known\/|file) {
+	   deny all;
+	   return 404;
+	}
+
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/suspended.tpl

@@ -0,0 +1,36 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	index       index.html;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	location / {
+		location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
+			expires     max;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		try_files $uri /index.html;
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location ~ /\.(?!well-known\/|file) {
+	   deny all;
+	   return 404;
+	}
+
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/deb/templates/web/nginx/suspended.stpl

@@ -0,0 +1,44 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%proxy_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate      %ssl_pem%;
+	ssl_certificate_key  %ssl_key%;
+	ssl_stapling on;
+	ssl_stapling_verify on;
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	location / {
+		location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
+			expires     max;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		try_files $uri /index.html;
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location ~ /\.(?!well-known\/|file) {
+	   deny all;
+	   return 404;
+	}
+
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}
+

install/deb/templates/web/nginx/suspended.tpl

@@ -0,0 +1,36 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%proxy_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	location / {
+		location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
+			expires     max;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		try_files $uri /index.html;
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location ~ /\.(?!well-known\/|file) {
+	   deny all;
+	   return 404;
+	}
+
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

test/config-tests.bats

@@ -73,7 +73,7 @@ function setup() {
 
 @test "Proxy Config test" {
     if [ "$PROXY_SYSTEM" = "nginx" ]; then
-        for template in $(v-list-web-templates plain); do
+        for template in $(v-list-proxy-templates plain); do
             run v-change-web-domain-proxy-tpl $user testhestiacp.com $template
             assert_success
             refute_output

test/test.bats

@@ -39,6 +39,53 @@ function setup() {
     source $HESTIA/func/ip.sh
 }
 
+function validate_web_domain() {
+	local user=$1
+	local domain=$2
+	local webproof=$3
+	local webpath=${4}
+
+	refute [ -z "$user" ]
+	refute [ -z "$domain" ]
+	refute [ -z "$webproof" ]
+
+	source $HESTIA/func/ip.sh
+
+	run v-list-web-domain $user $domain
+	assert_success
+
+	USER_DATA=$HESTIA/data/users/$user
+	local domain_ip=$(get_object_value 'web' 'DOMAIN' "$domain" '$IP')
+	SSL=$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL')
+	domain_ip=$(get_real_ip "$domain_ip")
+
+	if [ ! -z $webpath ]; then
+		domain_docroot=$(get_object_value 'web' 'DOMAIN' "$domain" '$CUSTOM_DOCROOT')
+		if [ -n "$domain_docroot" ] && [ -d "$domain_docroot" ]; then
+			assert_file_exist "${domain_docroot}/${webpath}"
+		else
+			assert_file_exist "${HOMEDIR}/${user}/web/${domain}/public_html/${webpath}"
+		fi
+	fi
+
+	# Test HTTP
+	# Curl hates UTF domains so convert them to ascci.
+	domain_idn=$(idn2 $domain)
+	run curl --location --silent --show-error --insecure --resolve "${domain_idn}:80:${domain_ip}" "http://${domain_idn}/${webpath}"
+	assert_success
+	assert_output --partial "$webproof"
+
+	# Test HTTPS
+	if [ "$SSL" = "yes" ]; then
+		run v-list-web-domain-ssl $user $domain
+		assert_success
+
+		run curl --location --silent --show-error --insecure --resolve "${domain_idn}:443:${domain_ip}" "https://${domain_idn}/${webpath}"
+		assert_success
+		assert_output --partial "$webproof"
+	fi
+}
+
 function validate_web_domain() {
     local user=$1
     local domain=$2
@@ -767,7 +814,10 @@ function check_ip_not_banned(){
     assert_success
     refute_output
 
+	echo -e "<?php\necho 'Hestia Test:'.(4*3);" > $HOMEDIR/$user/web/$domain/public_html/php-test.php
     validate_web_domain $user $domain 'This site is currently suspended'
+	validate_web_domain $user $domain 'This site is currently suspended' 'php-test.php'
+	rm $HOMEDIR/$user/web/$domain/public_html/php-test.php
 }
 
 @test "WEB: Unsuspend web domain" {