generated from smedev/Template-for-SMEServer-Core-Package
Compare commits
2 Commits
11_0-8_el8
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 16b33e6683 | |||
| b85c294ce4 |
@@ -2,132 +2,91 @@
|
||||
use strict;
|
||||
use warnings;
|
||||
use esmith::ConfigDB;
|
||||
|
||||
# $domain : current domain name
|
||||
# $DomainName : primary domain name
|
||||
# $domainname : domain name related to current host
|
||||
|
||||
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
|
||||
my $domainsDB = esmith::ConfigDB->open_ro('domains')
|
||||
or die("can't connect to domains database");
|
||||
my $hostsDB = esmith::ConfigDB->open_ro('hosts')
|
||||
or die("can't connect to hosts database");
|
||||
|
||||
# my $dbKey = 'domain';
|
||||
|
||||
# my $systemMode = $configDB->get("SystemMode")->value;
|
||||
|
||||
# if ( $systemMode ne 'servergateway' ) {
|
||||
# $OUT .= "# System not in Server Gateway mode\n";
|
||||
# }
|
||||
|
||||
|
||||
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|
||||
|| 'disabled';
|
||||
|
||||
if ( $letsencryptStatus ne 'disabled' ) {
|
||||
|
||||
# This should get all the connections in an array
|
||||
|
||||
my @domains = $domainsDB->keys;
|
||||
my @hosts = $hostsDB->keys;
|
||||
|
||||
# print "@domains\n";
|
||||
|
||||
# Need to check here if we want ALL set
|
||||
# all, domains, hosts, both, none
|
||||
my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none';
|
||||
|
||||
# First get all the domains
|
||||
# We could do this BUT only once as the array drops $vars
|
||||
|
||||
# my $dom = shift @domains;
|
||||
|
||||
# Patch from JPP
|
||||
# Put Primary domain at top
|
||||
my $DomainName = $configDB->get('DomainName')->value;
|
||||
my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' )
|
||||
|| 'disabled';
|
||||
$OUT .= "$DomainName " unless $mainDomainStatus eq 'disabled';
|
||||
|
||||
foreach my $domain (@domains) {
|
||||
|
||||
# If we are all or domains then lets do all regardless
|
||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) {
|
||||
|
||||
# Check for self
|
||||
#my $domainStatus =
|
||||
# $domainsDB->get_prop( "Nameservers", 'HostType' ) || '';
|
||||
#
|
||||
#if ( $domainStatus eq 'Localhost' ) {
|
||||
$OUT .= "$domain ";
|
||||
|
||||
#}
|
||||
}
|
||||
|
||||
else {
|
||||
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
||||
|| 'disabled';
|
||||
|
||||
if ( $domainEnabled eq 'enabled' ) {
|
||||
$OUT .= "$domain " unless $DomainName eq $domain;
|
||||
}
|
||||
}
|
||||
|
||||
# Now check for hosts
|
||||
|
||||
# Buggered if I remember why we check that
|
||||
# the host has a domain name in domains !
|
||||
# Must have been a reason
|
||||
|
||||
foreach my $fqdn (@hosts) {
|
||||
|
||||
# If we are set to all or hosts just do it
|
||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) {
|
||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
||||
}
|
||||
|
||||
# Just do selected entries
|
||||
else {
|
||||
# Lets get the hostname
|
||||
my $hostname = $fqdn;
|
||||
$hostname =~ s/\..*//;
|
||||
|
||||
# print "$hostname\n";
|
||||
|
||||
# Lets get the domain name
|
||||
my $domainname = $fqdn;
|
||||
$domainname =~ s/.*?\.//;
|
||||
|
||||
# print "$domainname\n";
|
||||
|
||||
# is the domain name from the hosts file
|
||||
# the same as that in the domains file ?
|
||||
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
||||
|
||||
return "# letsencrypt is disabled\n" if ( $letsencryptStatus eq 'disabled' ) ;
|
||||
|
||||
# if disabled will only ask certs for host pointing to self.
|
||||
# if set otherwise, will try to get one even if host set as remote or local.
|
||||
my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' )
|
||||
|| 'disabled';
|
||||
|
||||
if ( $domainname eq $domain && $hostEnabled eq 'enabled' ) {
|
||||
|
||||
# Are we self ?
|
||||
my $type = $hostsDB->get_prop( "$fqdn", 'HostType' );
|
||||
my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' )
|
||||
|| 'disabled';
|
||||
|
||||
# print "Override $hostOverride";
|
||||
|
||||
if ( $hostOverride eq 'yes' ) {
|
||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
||||
}
|
||||
|
||||
elsif ( $type eq 'Self' ) {
|
||||
|
||||
# print "Here: $fqdn $type\n";
|
||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
my @domains = $domainsDB->keys;
|
||||
my @hosts = $hostsDB->keys;
|
||||
|
||||
# Need to check here if we want ALL set if not explicitly disabled
|
||||
# all, domains, hosts, both, none
|
||||
my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none';
|
||||
|
||||
# Put Primary domain at top : needs to be the main cert domain.
|
||||
my $DomainName = $configDB->get('DomainName')->value;
|
||||
my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' )
|
||||
|| 'disabled';
|
||||
$OUT = "$DomainName " unless $mainDomainStatus eq 'disabled';
|
||||
|
||||
foreach my $domain (@domains) {
|
||||
|
||||
# If default set to all or domains then do all except if explicitly disabled
|
||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) {
|
||||
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
||||
|| 'enabled';
|
||||
$OUT .= "$domain " unless ( $domainEnabled eq 'disabled' || $DomainName eq $domain) ;
|
||||
}
|
||||
# otherwise only do if explicitly enabled
|
||||
else {
|
||||
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
||||
|| 'disabled';
|
||||
if ( $domainEnabled eq 'enabled' ) {
|
||||
$OUT .= "$domain " unless $DomainName eq $domain;
|
||||
}
|
||||
}
|
||||
|
||||
# Now check for this domain hosts
|
||||
foreach my $fqdn (@hosts) {
|
||||
|
||||
# exclude host identical to primary domain, already done
|
||||
next if $DomainName eq $fqdn;
|
||||
# exclude host identical to current domain, already done
|
||||
next if $domain eq $fqdn;
|
||||
|
||||
}
|
||||
# overide hostOverride : default disabled do not ask if host is not self
|
||||
my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ) || "Self";
|
||||
next unless ( $type eq "Self" || $hostOverride eq "disabled");
|
||||
|
||||
else {
|
||||
$OUT .= "# letsencrypt is disabled\n";
|
||||
# check if host related to current domain
|
||||
# Lets get the hostname
|
||||
my $hostname = $fqdn;
|
||||
$hostname =~ s/\..*//;
|
||||
# Lets get the domain name
|
||||
my $domainname = $fqdn;
|
||||
$domainname =~ s/.*?\.//;
|
||||
next unless ($domainname eq $domain);
|
||||
|
||||
# If we are set to all or hosts just do it
|
||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) {
|
||||
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
||||
|| 'enabled';
|
||||
$OUT .= "$fqdn " unless $hostEnabled eq 'disabled';
|
||||
}
|
||||
else {
|
||||
# the same as that in the domains file ?
|
||||
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
||||
|| 'disabled';
|
||||
$OUT .= "$fqdn " unless $hostEnabled eq 'disabled';
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
%define name smeserver-certificates
|
||||
%define version 11.0
|
||||
%define release 8
|
||||
%define release 10
|
||||
Summary: This is what smeserver-certificates does.
|
||||
Name: %{name}
|
||||
Version: %{version}
|
||||
@@ -25,8 +25,12 @@ AutoReqProv: no
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Sep 10 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-10.sme
|
||||
- fix unexpected behaviour when item set as disabled [SME: 13136]
|
||||
rewrite of 10Domains fragment
|
||||
|
||||
* Mon Aug 25 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0-8.sme
|
||||
- Set KEY_ALFO default to rsa - thanks Knuddi [SME: 13109]
|
||||
- Set KEY_ALGO default to rsa - thanks Knuddi [SME: 13109]
|
||||
- bump server-manager version
|
||||
|
||||
* Fri Jun 27 2025 Brian Read <brianr@koozali.org> 11.0-7.sme
|
||||
|
||||
Reference in New Issue
Block a user