fix for hestiacp#2176, hestiacp#2041 - Temporarily disable HTTPS redirection and force SSL when renewing LE certificate (hestiacp#2304)

safhome · SAF · jaapmarcus · web-flow · commit a5af334e91a7 · 2021-12-21T09:27:55.000+01:00
* fix for hestiacp#2176, hestiacp#2041 * Resolve comments on PR - Replace source conf with the more secure: parse_object_kv_list - $SSL_FORCE, $REDIRECT_CODE and $REDIRECT where allready availble and don't require a lookup - Add a final restart of the webservers when command is complete to make sure the config has been reloaded with the correct settings * Fix shellcheck error * Remove irrelevant spaces. Co-authored-by: SAF <saf@advina.ru> Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com> Co-authored-by: Raphael Schneeberger <rs@scit.ch>
diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl
@@ -67,8 +67,8 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
             aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
 
-            # Source domain.conf
-            source <(cat $HESTIA/data/users/$user/web.conf | grep "DOMAIN='$domain'")
+            # Parsing domain
+            parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
             # Split aliases into array
             IFS=',' read -r -a ALIASES <<< "$ALIAS"
@@ -88,7 +88,18 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
             if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
 
             # Write the filtered alias list to the default var
-            aliases=$f_aliases
+            aliases=$f_aliases    
+
+            domain_redirect="$REDIRECT"
+            if [[ -n "$domain_redirect"  ]] ; then
+            	domain_redirect_code="$REDIRECT_CODE"
+                $BIN/v-delete-web-domain-redirect $user $domain
+            fi
+
+            domain_forcessl="$SSL_FORCE"
+            if [[ "$domain_forcessl" == 'yes' ]] ; then
+                $BIN/v-delete-web-domain-ssl-force $user $domain
+            fi
 
             msg=$($BIN/v-add-letsencrypt-domain "$user" "$domain" "$aliases")
             if [ $? -ne 0 ]; then
@@ -103,6 +114,13 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
             else
                 $BIN/v-log-action "$user" "Info" "Web" "Let's Encrypt SSL certificate renewed (Domain: $domain)."
             fi
+            if [[ "$domain_forcessl" == 'yes' ]] ; then
+                $BIN/v-add-web-domain-ssl-force $user $domain
+            fi
+            if [[ -n "$domain_redirect" ]] ; then
+                $BIN/v-add-web-domain-redirect $user $domain $domain_redirect $domain_redirect_code
+            fi
+
         fi
     done
 
@@ -147,6 +165,12 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
 
 done
 
+$HESTIA/bin/v-restart-web yes
+if [ -n "$PROXY_SYSTEM" ]; then
+    $HESTIA/bin/v-restart-proxy yes
+fi
+
+
 #----------------------------------------------------------#
 #                        Hestia                            #
 #----------------------------------------------------------#
