/CHANGELOG |
---|
4,6 → 4,7 |
-------------------- 3.1.3 -------------------- |
NEWS |
- Add Let's Encrypt integration. |
- Change the ALCASAR CA certificate extension to .crt (to be added more easily in Firefox). |
- Allow hostname different than "alcasar". |
- Check/remove conf file of removed NIC. |
/alcasar.sh |
---|
47,6 → 47,7 |
# fail2ban : Fail2ban IDS installation and configuration |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd) |
# msec : Mandriva security package configuration |
# letsencrypt : Let's Encrypt client |
# post_install : Security, log rotation, etc. |
DATE=`date '+%d %B %Y - %Hh%M'` |
1848,6 → 1849,12 |
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1 |
EOF |
# Renew the Let's Encrypt certificate |
cat <<EOF > /etc/cron.d/alcasar-letsencrypt |
# Automatic renew of the Let's Encrypt certificate |
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1 |
EOF |
# removing the users crons |
rm -f /var/spool/cron/* |
} # End cron |
1981,7 → 1988,57 |
} # END msec() |
################################################################## |
## Fonction "letsencrypt" ## |
## - Install Let's Encrypt client ## |
## - Prepare Let's Encrypt ALCASAR configuration file ## |
################################################################## |
letsencrypt() |
{ |
echo "Installing Let's Encrypt client..." |
# Extract acme.sh |
tar xzf ./conf/letsencrypt-client/acme.sh-*.tar.gz -C /tmp/ |
pwdInstall=$(pwd) |
cd /tmp/acme.sh-* |
acmesh_installDir="/opt/acme.sh" |
acmesh_confDir="/usr/local/etc/letsencrypt" |
acmesh_userAgent="ALCASAR/$VERSION" |
# Install acme.sh |
./acme.sh --install \ |
--home $acmesh_installDir \ |
--config-home $acmesh_confDir/data \ |
--certhome $acmesh_confDir/certs \ |
--accountkey $acmesh_confDir/ca/account.key \ |
--accountconf $acmesh_confDir/data/account.conf \ |
--useragent $acmesh_userAgent \ |
--nocron |
if [ $? -ne 0 ]; then |
echo "Error during installation of Let's Encrypt client (acme.sh)." |
fi |
# Create configuration file |
cat <<EOF > /usr/local/etc/alcasar-letsencrypt |
email= |
dateIssueRequest= |
domainRequest= |
challenge= |
dateIssued= |
dnsapi= |
dateNextRenewal= |
EOF |
cd $pwdInstall |
rm -rf /tmp/acme.sh-* |
} # END letsencrypt() |
################################################################## |
## Fonction "post_install" ## |
## - Modifying banners (locals et ssh) & prompts ## |
## - SSH config ## |
2268,7 → 2325,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
mode="update" |
fi |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |
/conf/letsencrypt-client/acme.sh-2.7.2.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/sudoers |
---|
25,7 → 25,7 |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh # to manage the certificates |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh # to manage the certificates |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC |
48,4 → 48,4 |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL |
/scripts/alcasar-letsencrypt.sh |
---|
0,0 → 1,314 |
#!/bin/bash |
# |
# $Id$ |
# |
# alcasar-letsencrypt.sh |
# by Tom HOUDAYER |
# |
# This script is distributed under the Gnu General Public License (GPL) |
# |
# Manage Let's Encrypt for ALCASAR integration |
CONF_FILE="/usr/local/etc/alcasar-letsencrypt" |
ACCOUNT_EMAIL="" |
DOMAIN="" |
DNS_API="" |
DEBUG=false |
STAGING_SERVER="" |
FORCE="" |
OPT_PARAMS="" |
ACMESH_HOME="/usr/local/etc/letsencrypt" |
ACMESH_BIN="/opt/acme.sh/acme.sh" |
usage="Usage: alcasar-letsencrypt.sh |
--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging] |
--renew [-d alcasar.domain.tld] [--force] [--staging]" |
################################################################################ |
# ISSUE # |
################################################################################ |
issue() { |
if [ ! -f $ACMESH_BIN ]; then |
echo "The client does not seem to be installed." |
return 1 |
fi |
TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE) |
if [ ! -z $ACCOUNT_EMAIL ]; then |
emailField=" --accountemail $ACCOUNT_EMAIL" |
sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE |
else |
emailField="" |
fi |
$DEBUG && debugOpt=" --debug" || debugOpt="" |
$ACMESH_BIN --config-home $ACMESH_HOME/data \ |
$STAGING_SERVER $FORCE $debugOpt \ |
$emailField \ |
--issue --dns $DNS_API -d $DOMAIN \ |
$OPT_PARAMS \ |
> $TMP_OUTPUT 2>&1 |
exitCode=$? |
$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n" |
sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE |
sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE |
sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE |
if ! _handle_client_response $TMP_OUTPUT; then |
if [ $exitCode -ne 0 ]; then |
echo -e "Error!\n" |
cat $TMP_OUTPUT |
rm -f $TMP_OUTPUT |
return 1 |
else |
echo -e "Unknown state\n" |
cat $TMP_OUTPUT |
fi |
fi |
rm -f $TMP_OUTPUT |
} |
################################################################################ |
# RENEW # |
################################################################################ |
renew() { |
if [ ! -f $ACMESH_BIN ]; then |
echo "The client does not seem to be installed." |
return 1 |
fi |
TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE) |
$DEBUG && debugOpt=" --debug" || debugOpt="" |
$ACMESH_BIN --config-home $ACMESH_HOME/data \ |
$STAGING_SERVER $FORCE $debugOpt \ |
--renew -d $DOMAIN \ |
$OPT_PARAMS \ |
> $TMP_OUTPUT 2>&1 |
exitCode=$? |
$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n" |
if ! _handle_client_response $TMP_OUTPUT; then |
if [ $exitCode -ne 0 ]; then |
echo -e "Error!\n" |
cat $TMP_OUTPUT |
rm -f $TMP_OUTPUT |
return 1 |
else |
echo -e "Unknown state\n" |
cat $TMP_OUTPUT |
fi |
fi |
rm -f $TMP_OUTPUT |
} |
################################################################################ |
# CRON TASK # |
################################################################################ |
cron_task() { |
if [ $(grep '^dateNextRenewal=' $CONF_FILE | cut -d'=' -f2) -le $(date +%s) ]; then |
logger -t alcasar-letsencrypt "Launch CRON task." |
renew |
fi |
} |
################################################################################ |
# HANDLE CLIENT RESPONSE # |
################################################################################ |
_handle_client_response() { |
[ $# -lt 1 ] && return 1 |
responseFile=$1 |
# issue / renew |
if [ $(cat $responseFile | grep "Add the following TXT record:" -c) -ne 0 ]; then |
challenge=$(cat $responseFile | grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o | cut -d"'" -f2) |
sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE |
echo "Add the following TXT record:" |
echo "Domain: '_acme-challenge.$DOMAIN'" |
echo "TXT value: '$challenge'" |
elif [ $(cat $responseFile | grep "Cert success." -c) -ne 0 ]; then |
sed -i "s/^challenge=.*/challenge=/" $CONF_FILE |
sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE |
sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE |
install_cert |
logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported." |
echo "Certificate imported." |
[ -z $DNS_API ] && echo "Note: you can delete the TXT record." |
elif [ $(cat $responseFile | grep "Domains not changed." -c) -ne 0 ]; then |
echo "Domain not changed" |
elif [ $(cat $responseFile | grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then |
echo "Domain already verified" |
elif [ $(cat $responseFile | grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then |
echo "Error add txt for domain:_acme-challenge.$DOMAIN" |
elif [ $(cat $responseFile | grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then |
echo "Dns record not added yet, you need to add it manually and retry again." |
elif [ $(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then |
errorMsg=$(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' | sed 's/.*new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}.*/\1/') |
echo "Incorrect domain name" |
echo "$errorMsg" |
elif [ $(cat $responseFile | grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then |
echo "'$DOMAIN' is not a issued domain" |
# renew |
elif [ $(cat $responseFile | grep "Skip, Next renewal time is: " -c) -ne 0 ]; then |
nextRenewal=$(cat $responseFile | grep 'Skip, Next renewal time is: ' | sed 's/.*Skip, Next renewal time is: \(.*\)/\1/') |
echo "Skip, Next renewal time is: $nextRenewal" |
echo "Add '--force' to force to renew." |
elif [ $(cat $responseFile | grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then |
echo "Correct value not found for DNS challenge" |
elif [ $(cat $responseFile | grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then |
echo "The challenge is not pending. You need to issue." |
else |
return 2 |
fi |
return 0 |
} |
################################################################################ |
# INSTALL CERTIFICATE # |
################################################################################ |
install_cert() { |
echo "Importing certificate to ALCASAR..." |
if [ ! -f $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer ]; then |
echo "Certificate not found." |
return 1 |
fi |
/usr/local/bin/alcasar-importcert.sh \ |
-i $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer \ |
-k $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".key \ |
-c $ACMESH_HOME/certs/"$DOMAIN"/fullchain.cer \ |
> /dev/null 2>&1 |
if [ $? -ne 0 ]; then |
echo "Error." |
return 1 |
fi |
} |
################################################################################ |
# MAIN # |
################################################################################ |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ]; then |
echo "$usage" |
exit 1 |
fi |
cmd="" |
while [ $# -gt 0 ]; do |
case $1 in |
-\? | -h | --help) |
echo "$usage" |
exit 0 |
;; |
--issue) |
cmd="issue" |
shift 1 |
;; |
--renew) |
cmd="renew" |
shift 1 |
;; |
--cron) |
cmd="cron" |
shift 1 |
;; |
--install-cert) |
cmd="install-cert" |
shift 1 |
;; |
--email) |
ACCOUNT_EMAIL="$2" |
shift 2 |
;; |
--domain | -d) |
DOMAIN="$2" |
shift 2 |
;; |
--dns-api) |
DNS_API="$2" |
shift 2 |
;; |
--force) |
FORCE="--force" |
shift 1 |
;; |
--staging) |
STAGING_SERVER="--staging" |
shift 1 |
;; |
--debug) |
DEBUG=true |
shift 1 |
;; |
*) |
found=false |
for param in "--dnssleep"; do |
if [ $1 == $param ]; then |
OPT_PARAMS="$OPT_PARAMS $1 $2" |
shift 2 |
found=true |
break |
fi |
done |
if ! $found; then |
echo "Unknown argument: $1" |
echo "$usage" |
exit 1 |
fi |
;; |
esac |
done |
if [ -z $DOMAIN ]; then |
if [ $(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2 | wc --chars) -gt 1 ]; then |
DOMAIN="$(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2)" |
else |
DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf | cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf | cut -d'=' -f2)" |
fi |
fi |
case $cmd in |
issue) |
issue |
;; |
renew) |
renew |
;; |
cron) |
cron_task |
;; |
install-cert) |
install_cert |
;; |
*) exit 1 ;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id |
\ No newline at end of property |
/scripts/alcasar-uninstall.sh |
---|
247,6 → 247,10 |
fi |
sleep 1 |
echo -en "\n- letsencrypt-client (1) : " |
[ -e /opt/acme.sh ] && acme.sh --uninstall --nocron && echo -n "1" |
sleep 1 |
if [ mode == "full" ] |
then |
echo -en "\n- network(9) : " |
/web/acc/admin/network.php |
---|
1,4 → 1,6 |
<?php |
# $Id$ |
/* written by steweb57 & Rexy */ |
/******************** |
8,7 → 10,8 |
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers"); |
define ("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info"); |
define ("DNS_LOCAL_FILE", "/usr/local/etc/alcasar-dns-name"); |
$conf_files=array(CONF_FILE,ETHERS_FILE,ETHERS_INFO_FILE,DNS_LOCAL_FILE); |
define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt'); |
$conf_files=array(CONF_FILE,ETHERS_FILE,ETHERS_INFO_FILE,DNS_LOCAL_FILE, LETS_ENCRYPT_FILE); |
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/'; |
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/'; |
$network_modification=0; |
37,7 → 40,7 |
$l_dhcp_state = "Mode actuel"; |
$l_DHCP_on = "actif"; |
$l_DHCP_off = "inactif"; |
$l_DHCP_off_explain = "! Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation)."; |
$l_DHCP_off_explain = "/!\\ Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation)."; |
$l_static_dhcp_title = "Réservation d'adresses IP statiques"; |
$l_mac_address = "Adresse MAC"; |
$l_ip_address = "Adresse IP"; |
68,7 → 71,7 |
$l_dhcp_state = "Current mode"; |
$l_DHCP_on = "enabled"; |
$l_DHCP_off = "disabled"; |
$l_DHCP_off_explain = "! Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)"; |
$l_DHCP_off_explain = "/!\\ Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)"; |
$l_static_dhcp_title = "Static IP addresses reservation"; |
$l_mac_address = "MAC Address"; |
$l_ip_address = "IP Address"; |
307,12 → 310,12 |
</script> |
</head> |
<body> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<table width="100%" cellspacing="0" cellpadding="0" border="0"> |
<tr><th><?php echo $l_network_title; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<? echo "<form action=".$_SERVER['PHP_SELF']." method='post'>";?> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<table width="100%" cellspacing="0" cellpadding="5" border="1"> |
<tr><td valign="middle" align="left"> |
<fieldset> |
<legend><?php echo $l_internet_legend; |
326,27 → 329,27 |
<table> |
<tr><td><?php echo $l_ip_public." : ".$IP_PUB;?></td></tr> |
<?php |
echo "<tr><td>".$l_ip_dns1." <input style='width:120px' type='text' name='dns1' value=".$conf["DNS1"]."/></td></tr>"; |
echo "<tr><td>".$l_ip_dns2." <input style='width:120px' type='text' name='dns2' value=".$conf["DNS2"]."/></td></tr>"; |
echo '<tr><td>'.$l_ip_dns1.' <input style="width:120px" type="text" name="dns1" value="'.$conf['DNS1'].'" /></td></tr>'; |
echo '<tr><td>'.$l_ip_dns2.' <input style="width:120px" type="text" name="dns2" value="'.$conf['DNS2'].'" /></td></tr>'; |
?> |
</table> |
</fieldset> |
</td><td> |
<fieldset> |
<legend><?php echo $conf["EXTIF"].$l_extif_legend; ?></legend> |
<legend><?php echo $conf['EXTIF'].$l_extif_legend; ?></legend> |
<table> |
<?php |
echo "<tr><td>".$l_ip_address." <input style='width:150px' type='text' name='ip_public' value=".$conf['PUBLIC_IP']."/></td></tr>"; |
echo "<tr><td>".$l_ip_router." <input style='width:120px' type='text' name='ip_gw' value=".$conf['GW']."/></td></tr>"; |
echo '<tr><td>'.$l_ip_address.' <input style="width:150px" type="text" name="ip_public" value="'.$conf['PUBLIC_IP'].'" /></td></tr>'; |
echo '<tr><td>'.$l_ip_router.' <input style="width:120px" type="text" name="ip_gw" value="'.$conf['GW'].'" /></td></tr>'; |
?> |
</table> |
</fieldset> |
</td><td> |
<fieldset> |
<legend><?php echo $conf["INTIF"].$l_intif_legend; ?></legend> |
<legend><?php echo $conf['INTIF'].$l_intif_legend; ?></legend> |
<table> |
<?php |
echo "<tr><td>".$l_ip_address."</td><td> <input style='width:150px' type='text' name='ip_private' value=".$conf['PRIVATE_IP']." /></td></tr>"; |
echo '<tr><td>'.$l_ip_address.'</td><td> <input style="width:150px" type="text" name="ip_private" value="'.$conf['PRIVATE_IP'].'" /></td></tr>'; |
?> |
</table> |
</fieldset> |
356,11 → 359,11 |
</td></tr> |
</table> |
</form> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<table width="100%" cellspacing="0" cellpadding="0" border="0"> |
<tr><th><?php echo $l_dhcp_title;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=0> |
<table width="100%" cellspacing="0" cellpadding="5" border="1"> |
<tr><td colspan="2" valign="middle" align="left"> |
<? |
$dhcp_state=trim($conf["DHCP"]); |
376,16 → 379,16 |
echo "</FORM>"; |
echo "</td></tr>"; |
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');} |
else { echo "</TABLE>"; } |
else { echo "</table>"; } |
$maxsize=100000; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<table width="100%" cellspacing="0" cellpadding="0" border="0"> |
<tr><th><?php echo $l_local_dns;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border="1" cellspacing="0" cellpadding="0"> |
<tr><td colspan=2 align="center"> |
<table width="100%" cellspacing="0" cellpadding="5" border="1"> |
<tr><td width="50%" align="center"> |
<? |
echo "<FORM action='network.php' method='POST'>"; |
echo "<table cellspacing=2 cellpadding=3 border=1>"; |
416,7 → 419,7 |
echo "<input type='hidden' name='choix' value='del_host'>"; |
echo "<input type='submit' value='$l_apply'>"; |
} |
echo "</form></td><td valign='middle' align='center'>"; |
echo "</form></td><td width=\"50%\" valign='middle' align='center'>"; |
echo "<FORM name='new_host' action='network.php' method='POST'>"; |
echo "<table cellspacing=2 cellpadding=3 border=1>"; |
echo "<tr><th>$l_host_name<th>$l_ip_address"; |
430,16 → 433,18 |
</form> |
</td></tr> |
</table> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<table width="100%" cellspacing="0" cellpadding="0" border="0"> |
<tr><th><?php echo $l_import_cert;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border="1" cellspacing="0" cellpadding="0"> |
<tr><td> |
<table width="100%" cellspacing="0" cellpadding="5" border="1"> |
<tr> |
<td width="50%"> |
<h3>Importer un certificat existant</h3> |
<form method="post" action="network.php" enctype="multipart/form-data"> |
<?php echo $l_private_key;?><input type="file" name="key"><br> |
<?php echo $l_certificate;?><input type="file" name="crt"><br> |
<?php echo $l_server_chain;?><input type="file" name="sc"> |
<?php echo $l_private_key;?> <input type="file" name="key"><br> |
<?php echo $l_certificate;?> <input type="file" name="crt"><br> |
<?php echo $l_server_chain;?> <input type="file" name="sc"> |
<input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?>><br> |
<input type="submit" <?php echo "value=\"".$l_import."\""?>> |
</form> |
461,12 → 466,101 |
<h4><?= $l_validated ?></h4> |
Common name : <?= $CAdomain ?><br> |
Organization : <?= $CAorganization ?><br> |
</td><td> |
<br> |
<form method="post" action="network.php"> |
<input type="hidden" name="default"> |
<input type="submit" <?php echo "value=\"".$l_default_cert."\""; if(!file_exists("/etc/pki/tls/certs/alcasar.crt.old") || !file_exists("/etc/pki/tls/private/alcasar.key.old")){ echo " disabled";}?>> |
</form> |
</td> |
<td width="50%" valign="top"> |
<?php |
// Let's Encrypt actions |
if ((isset($_POST['action']) && ($_POST['action'] === 'le_issueCert'))) { |
// TODO: check ndd & mail format |
$email = $_POST['email']; |
$domainName = $_POST['domainname']; |
exec('sudo /usr/local/bin/alcasar-letsencrypt.sh --issue --email '.escapeshellarg($email).' --domain '.escapeshellarg($domainName), $output, $exitCode); |
$cmdResponse = implode("<br>\n", $output); |
} |
if ((isset($_POST['action']) && ($_POST['action'] === 'le_renewCert'))) { |
if ((isset($_POST['recheck'])) && ((!empty($_POST['recheck'])) || (!empty($_POST['recheck_force'])))) { |
$forceOpt = (!empty($_POST['recheck_force'])) ? ' --force' : ''; |
exec('sudo /usr/local/bin/alcasar-letsencrypt.sh --renew' . $forceOpt, $output, $exitCode); |
$cmdResponse = implode("<br>\n", $output); |
} else if ((isset($_POST['cancel'])) && (!empty($_POST['cancel']))) { |
file_put_contents(LETS_ENCRYPT_FILE, preg_replace('/challenge=.*/','challenge=', file_get_contents(LETS_ENCRYPT_FILE))); |
file_put_contents(LETS_ENCRYPT_FILE, preg_replace('/domainRequest=.*/','domainRequest=', file_get_contents(LETS_ENCRYPT_FILE))); |
} |
} |
// Read Let's Encrypt configuration file |
$file_conf_LE = fopen(LETS_ENCRYPT_FILE, 'r'); |
if (!$file_conf_LE) { |
exit('Error opening the file '.LETS_ENCRYPT_FILE); |
} |
while (!feof($file_conf_LE)) { |
$buffer = fgets($file_conf_LE, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$LE_conf[trim($tmp[0])] = trim($tmp[1]); |
} |
} |
fclose($file_conf_LE); |
// Get step |
if (empty($LE_conf['domainRequest'])) { |
$step = 1; |
} else if (!empty($LE_conf['challenge'])) { |
$step = 2; |
} else if (($domain === $LE_conf['domainRequest']) && (empty($LE_conf['challenge']))) { |
$step = 3; |
} else { |
$step = 1; |
} |
?> |
<h3>Intégration Let's Encrypt</h3> |
<?php if ($step === 1) : ?> |
<form method="post" action="network.php"> |
<input type="hidden" name="action" value="le_issueCert"> |
Status : Inactif<br> |
Email : <input type="text" name="email" placeholder="adresse@email.com"<?= ((!empty($LE_conf['email'])) ? ' value="'.$LE_conf['email'].'"' : '') ?>><br> |
Nom de domaine : <input type="text" name="domainname" placeholder="alcasar.domain.tld" required><br> |
<input type="submit" name="issue" value="Envoyer"><br> |
</form> |
<?php elseif ($step === 2): ?> |
<form method="post" action="network.php"> |
<input type="hidden" name="action" value="le_renewCert"> |
Status : En attente de validation<br> |
Nom de domaine : <?= $LE_conf['domainRequest'] ?><br> |
Demandé le : <?= date('d-m-Y H:i:s', $LE_conf['dateIssueRequest']) ?><br> |
Entrée DNS TXT : "<?= '_acme-challenge.'.$LE_conf['domainRequest'] ?>"<br> |
Challenge : "<?= $LE_conf['challenge'] ?>"<br> |
<input type="submit" name="recheck" value="Revérifier"> <input type="submit" name="cancel" value="Annuler"><br> |
</form> |
<?php elseif ($step === 3): ?> |
<form method="post" action="network.php"> |
<input type="hidden" name="action" value="le_renewCert"> |
Status : Actif<br> |
Nom de domaine : <?= $LE_conf['domainRequest'] ?><br> |
API : <?= $LE_conf['dnsapi'] ?><br> |
Prochain renouvellement : <?= date('d-m-Y', $LE_conf['dateNextRenewal']) ?><br> |
<?php if ($LE_conf['dateNextRenewal'] <= date('U')): ?> |
<input type="submit" name="recheck" value="Renouveller"><br> |
<?php else: ?> |
<input type="submit" name="recheck_force" value="Renouveller (forcer)"><br> |
<?php endif; ?> |
</form> |
<?php endif; ?> |
<?php if (isset($cmdResponse)): ?> |
<p><?= $cmdResponse ?></p> |
<?php endif; ?> |
</td> |
</tr> |
</table> |
</body> |
478,7 → 572,6 |
exec("sudo alcasar-importcert.sh -d"); |
} |
if(isset($_POST['MAX_FILE_SIZE'])){ |
echo "changement"; |
$maxsize = 100000; |
if(isset($_FILES['key']) && isset($_FILES['crt']) && $_FILES['key']['error'] == 0 && $_FILES['crt']['error'] == 0){ |
$dest = "/tmp/"; |
497,6 → 590,9 |
move_uploaded_file($_FILES['key']['tmp_name'], $keypath); |
move_uploaded_file($_FILES['crt']['tmp_name'], $crtpath); |
exec("sudo alcasar-importcert.sh -i $crtpath -k $keypath -c $scpath"); |
if (file_exists($crtpath)) unlink($crtpath); |
if (file_exists($keypath)) unlink($keypath); |
if (file_exists($scpath)) unlink($scpath); |
} |
} |
} |
Property changes: |
Added: svn:keywords |
+Id |
\ No newline at end of property |
/web/acc/admin/network2.php |
---|
1,7 → 1,7 |
<tr><td colspan=2 align="center"> |
<? |
<?php |
echo "$l_static_dhcp_title</td></tr>"; |
echo "<tr><td align='center' valign='middle'>"; |
echo "<tr><td width=\"50%\" align='center' valign='middle'>"; |
echo "<FORM action='network.php' method='POST'>"; |
echo "<table cellspacing=2 cellpadding=3 border=1>"; |
echo "<tr><th>$l_mac_address<th>$l_ip_address<th>Info<th>$l_del</tr>"; |
44,7 → 44,7 |
echo "<input type='hidden' name='choix' value='del_mac'>"; |
echo "<input type='submit' value='$l_apply'>"; |
} |
echo "</form></td><td valign='middle' align='center'>"; |
echo "</form></td><td width=\"50%\" valign='middle' align='center'>"; |
echo "<FORM name='new_mac' action='network.php' method='POST'>"; |
echo "<table cellspacing=2 cellpadding=3 border=1>"; |
echo "<tr><th>$l_mac_address<th>$l_ip_address<th>Info"; |