Improve HSTS backend and add UI checkbox

Author: ScIT-Raphael

bin/v-change-web-domain-hsts bin/v-add-web-domain-ssl-hstsbin/v-change-web-domain-hsts renamed to bin/v-add-web-domain-ssl-hsts

@@ -1,9 +1,8 @@
 #!/bin/bash
-# info: add/remove HSTS support from a domain
-# options: USER DOMAIN STATUS
+# info: Adding hsts to a domain
+# options: USER DOMAIN
 #
-# This function will enable or disable HSTS (HTTP Strict Transport Security)
-# for a web domain.
+# The function enables HSTS for the requested domain.
 
 
 #----------------------------------------------------------#
@@ -13,14 +12,12 @@
 # Argument definition
 user=$1
 domain=$2
-domain_idn=$2
-status=$3
 
 # Includes
 source $HESTIA/func/main.sh
-source $HESTIA/func/domain.sh
 source $HESTIA/conf/hestia.conf
 
+
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -32,6 +29,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
@@ -52,18 +50,9 @@ else
     hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
 fi
 
-if [ "$status" = "on" ]; then
-    echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
-    nginx -s reload
-    echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
-elif [ "$status" = "off" ]; then
-    rm -f $hstsconf
-    nginx -s reload
-    echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
-else
-    echo "Error: Invalid mode specified."
-    echo "Usage: v-change-web-domain-hsts USER DOMAIN [ON / OFF]"
-fi
+echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
+echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
+
 
 #----------------------------------------------------------#
 #                       Hestia                             #
@@ -73,4 +62,12 @@ fi
 log_history "Turned HTTP Strict Transport Security $status for $domain."
 log_event "$OK" "$ARGUMENTS"
 
+# Restart web server
+$BIN/v-restart-web
+check_result $? "Web restart failed" > /dev/null
+
+# Restart proxy
+$BIN/v-restart-proxy
+check_result $? "Proxy restart failed" > /dev/null
+
 exit

bin/v-delete-web-domain-ssl-hsts

@@ -0,0 +1,64 @@
+#!/bin/bash
+# info: remove ssl force from domain
+# options: USER DOMAIN [RESTART]
+#
+# The function removes force SSL configurations.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_valid 'web' 'DOMAIN' "$domain" "$SSL_FORCE"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Check for Apache/Nginx or Nginx/PHP-FPM configuration
+if [ -z $PROXY_SYSTEM ]; then
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
+else
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
+fi
+
+rm -f $hstsconf
+echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Restart services if requested
+if [ ! -z "$restart" ]; then
+    $BIN/v-restart-web
+    check_result $? "Web restart failed" >/dev/null
+
+    $BIN/v-restart-proxy
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+exit

web/edit/web/index.php

@@ -61,6 +61,7 @@
     $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY'];
     $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
     $v_ssl_forcessl = $data[$v_domain]['SSL_FORCE'];
+    $v_ssl_hsts = $data[$v_domain]['SSL_HSTS'];
 }
 $v_letsencrypt = $data[$v_domain]['LETSENCRYPT'];
 if (empty($v_letsencrypt)) $v_letsencrypt = 'no';
@@ -372,6 +373,7 @@
         $v_ssl_ca = '';
         $v_ssl = 'no';
         $v_ssl_forcessl = 'no';
+        $v_ssl_hsts = 'no';
         $restart_web = 'yes';
         $restart_proxy = 'yes';
     }
@@ -463,6 +465,14 @@
         unset($output);
         $v_ssl_forcessl = 'yes';
     }
+
+    // Add SSL HSTS
+    if ((!empty($_POST['v_ssl_hsts'])) && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+        exec (HESTIA_CMD."v-add-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_ssl_hsts = 'yes';
+    }
 
     // Delete Force SSL
     if (( $v_ssl_forcessl == 'yes' ) && (empty($_POST['v_ssl_forcessl'])) && (empty($_SESSION['error_msg']))) {
@@ -472,6 +482,14 @@
         $v_ssl_forcessl = 'no';
     }
 
+    // Delete SSL HSTS
+    if (( $v_ssl_hsts == 'yes' ) && (empty($_POST['v_ssl_hsts'])) && (empty($_SESSION['error_msg']))) {
+        exec (HESTIA_CMD."v-delete-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain)." yes", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_ssl_hsts = 'no';
+    }
+
     // Delete web stats
     if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
         exec (HESTIA_CMD."v-delete-web-domain-stats ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);

web/templates/admin/edit_web.html

@@ -251,6 +251,11 @@
                                               <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_forcessl" <?php if($v_ssl_forcessl == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_forcessl(this)"> <?php print __('Force SSL/HTTPS');?></label>
                                           </td>
                                       </tr>
+                                      <tr>
+                                          <td class="input-label vst-text">
+                                              <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_hsts" <?php if($v_ssl_hsts == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_hsts(this)"> <?php print __('Enable SSL HSTS');?></label>
+                                          </td>
+                                      </tr>
                                       <tr>
                                         <td class="input-label vst-text">
                                             <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>

web/templates/user/edit_web.html

@@ -251,6 +251,11 @@
                                               <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_forcessl" <?php if($v_ssl_forcessl == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_forcessl(this)"> <?php print __('Force SSL/HTTPS');?></label>
                                           </td>
                                       </tr>
+                                      <tr>
+                                          <td class="input-label vst-text">
+                                              <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_hsts" <?php if($v_ssl_hsts == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_hsts(this)"> <?php print __('Enable SSL HSTS');?></label>
+                                          </td>
+                                      </tr>
                                       <tr>
                                         <td class="input-label vst-text">
                                             <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>