add setting to disable LE self-check; set version to 0.9.38.8 for mai…

…ntenance/bugfix release Signed-off-by: Michael Kaufmann (d00p) <[email protected]>
froxlor · Dec 31, 2017 · 66a4309 · 66a4309
1 parent 57277eb
commit 66a4309
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 13 deletions.
diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php
@@ -165,6 +165,14 @@
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField'
+				),
+				'system_disable_le_selfcheck' => array(
+					'label' => $lng['serversettings']['disable_le_selfcheck'],
+					'settinggroup' => 'system',
+					'varname' => 'disable_le_selfcheck',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)

diff --git a/install/froxlor.sql b/install/froxlor.sql
@@ -554,6 +554,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'hsts_preload', '0'),
 	('system', 'leregistered', '0'),
 	('system', 'nssextrausers', '0'),
+	('system', 'disable_le_selfcheck', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -585,8 +586,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
-	('panel', 'version', '0.9.38.7'),
-	('panel', 'db_version', '201708240');
+	('panel', 'version', '0.9.38.8'),
+	('panel', 'db_version', '201712310');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3633,3 +3633,16 @@
 
 	updateToDbVersion('201708240');
 }
+
+if (isDatabaseVersion('201708240')) {
+
+	showUpdateStep("Adding new 'disable LE self-check' setting");
+	$system_disable_le_selfcheck = isset($_POST['system_disable_le_selfcheck']) ? (int) $_POST['system_disable_le_selfcheck'] : 0;
+	Settings::AddNew('system.disable_le_selfcheck', $system_disable_le_selfcheck);
+	lastStepStatus(0);
+
+	updateToDbVersion('201712310');
+
+	showUpdateStep("Updating from 0.9.38.7 to 0.9.38.8", false);
+	updateToVersion('0.9.38.8');
+}
diff --git a/install/updates/preconfig/0.9/preconfig_0.9.inc.php b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -717,4 +717,14 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= makeyesno('system_nssextrausers', '1', '0', '0') . '<br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201712310')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some onfigurations.<br /><br />';
+			$question = '<strong>Disable Let\'s Encrypt self-check?</strong><br />';
+			$question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }
diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php
@@ -227,16 +227,19 @@ public function signDomains(array $domains, $domainkey = null, $csr = null)
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
 
 			// simple self check
-			$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
-			$selfcheckContext = stream_context_create($selfcheckContextOptions);
-			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
-				$errmsg = json_encode(error_get_last());
-				if ($errmsg != "null") {
-					$errmsg = "; PHP error: " . $errmsg;
-				} else {
-					$errmsg = "";
+			if (Settings::Get('system.disable_le_selfcheck') == '0')
+			{
+				$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
+				$selfcheckContext = stream_context_create($selfcheckContextOptions);
+				if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
 				}
-				$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
 			}
 
 			$this->log("Sending request to challenge");

diff --git a/lib/version.inc.php b/lib/version.inc.php
@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.38.7';
+$version = '0.9.38.8';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201708240';
+$dbversion = '201712310';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';
diff --git a/lng/english.lng.php b/lng/english.lng.php
@@ -2080,3 +2080,5 @@
 $lng['admin']['domain_http2']['description'] = 'See <a target="_blank" href="https://en.wikipedia.org/wiki/HTTP/2">Wikipedia</a> for a detailed explanation of HTTP2';
 $lng['admin']['testmail'] = 'SMTP test';
 $lng['success']['testmailsent'] = 'Test mail sent successfully';
+$lng['serversettings']['disable_le_selfcheck']['title'] = "Disable Let's Encrypt local self-check";
+$lng['serversettings']['disable_le_selfcheck']['description'] = "If activated, froxlor will <strong>not</strong> perform its self-check for token accessability. Needed for NATed IP's or similar.";
diff --git a/lng/german.lng.php b/lng/german.lng.php
@@ -1731,3 +1731,5 @@
 $lng['admin']['domain_http2']['description'] = 'Siehe <a target="_blank" href="https://de.wikipedia.org/wiki/Hypertext_Transfer_Protocol#HTTP.2F2">Wikipedia</a> für eine ausführliche Beschreibung von HTTP2';
 $lng['admin']['testmail'] = 'SMTP Test';
 $lng['success']['testmailsent'] = 'Test E-Mail erfolgreich gesendet';
+$lng['serversettings']['disable_le_selfcheck']['title'] = "Deaktiviere Let's Encrypt lokale Selbstprüfung";
+$lng['serversettings']['disable_le_selfcheck']['description'] = "Wenn aktiviert wird Froxlor <strong>keine</strong> Erreichbarkeitsprüfung des Tokens vornehmen. Nötig bei ge-NAT-eten IP's oder Ähnlichem";