generated from smedev/Template-for-SMEServer-Core-Package
Compare commits
2 Commits
11_0-8_el8
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 16b33e6683 | |||
| b85c294ce4 |
@@ -3,131 +3,90 @@
|
|||||||
use warnings;
|
use warnings;
|
||||||
use esmith::ConfigDB;
|
use esmith::ConfigDB;
|
||||||
|
|
||||||
|
# $domain : current domain name
|
||||||
|
# $DomainName : primary domain name
|
||||||
|
# $domainname : domain name related to current host
|
||||||
|
|
||||||
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
|
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
|
||||||
my $domainsDB = esmith::ConfigDB->open_ro('domains')
|
my $domainsDB = esmith::ConfigDB->open_ro('domains')
|
||||||
or die("can't connect to domains database");
|
or die("can't connect to domains database");
|
||||||
my $hostsDB = esmith::ConfigDB->open_ro('hosts')
|
my $hostsDB = esmith::ConfigDB->open_ro('hosts')
|
||||||
or die("can't connect to hosts database");
|
or die("can't connect to hosts database");
|
||||||
|
|
||||||
# my $dbKey = 'domain';
|
|
||||||
|
|
||||||
# my $systemMode = $configDB->get("SystemMode")->value;
|
|
||||||
|
|
||||||
# if ( $systemMode ne 'servergateway' ) {
|
|
||||||
# $OUT .= "# System not in Server Gateway mode\n";
|
|
||||||
# }
|
|
||||||
|
|
||||||
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|
||||||
|| 'disabled';
|
|| 'disabled';
|
||||||
|
|
||||||
if ( $letsencryptStatus ne 'disabled' ) {
|
return "# letsencrypt is disabled\n" if ( $letsencryptStatus eq 'disabled' ) ;
|
||||||
|
|
||||||
# This should get all the connections in an array
|
# if disabled will only ask certs for host pointing to self.
|
||||||
|
# if set otherwise, will try to get one even if host set as remote or local.
|
||||||
my @domains = $domainsDB->keys;
|
my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' )
|
||||||
my @hosts = $hostsDB->keys;
|
|
||||||
|
|
||||||
# print "@domains\n";
|
|
||||||
|
|
||||||
# Need to check here if we want ALL set
|
|
||||||
# all, domains, hosts, both, none
|
|
||||||
my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none';
|
|
||||||
|
|
||||||
# First get all the domains
|
|
||||||
# We could do this BUT only once as the array drops $vars
|
|
||||||
|
|
||||||
# my $dom = shift @domains;
|
|
||||||
|
|
||||||
# Patch from JPP
|
|
||||||
# Put Primary domain at top
|
|
||||||
my $DomainName = $configDB->get('DomainName')->value;
|
|
||||||
my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' )
|
|
||||||
|| 'disabled';
|
|
||||||
$OUT .= "$DomainName " unless $mainDomainStatus eq 'disabled';
|
|
||||||
|
|
||||||
foreach my $domain (@domains) {
|
|
||||||
|
|
||||||
# If we are all or domains then lets do all regardless
|
|
||||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) {
|
|
||||||
|
|
||||||
# Check for self
|
|
||||||
#my $domainStatus =
|
|
||||||
# $domainsDB->get_prop( "Nameservers", 'HostType' ) || '';
|
|
||||||
#
|
|
||||||
#if ( $domainStatus eq 'Localhost' ) {
|
|
||||||
$OUT .= "$domain ";
|
|
||||||
|
|
||||||
#}
|
|
||||||
}
|
|
||||||
|
|
||||||
else {
|
|
||||||
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
|
||||||
|| 'disabled';
|
|
||||||
|
|
||||||
if ( $domainEnabled eq 'enabled' ) {
|
|
||||||
$OUT .= "$domain " unless $DomainName eq $domain;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Now check for hosts
|
|
||||||
|
|
||||||
# Buggered if I remember why we check that
|
|
||||||
# the host has a domain name in domains !
|
|
||||||
# Must have been a reason
|
|
||||||
|
|
||||||
foreach my $fqdn (@hosts) {
|
|
||||||
|
|
||||||
# If we are set to all or hosts just do it
|
|
||||||
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) {
|
|
||||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Just do selected entries
|
|
||||||
else {
|
|
||||||
# Lets get the hostname
|
|
||||||
my $hostname = $fqdn;
|
|
||||||
$hostname =~ s/\..*//;
|
|
||||||
|
|
||||||
# print "$hostname\n";
|
|
||||||
|
|
||||||
# Lets get the domain name
|
|
||||||
my $domainname = $fqdn;
|
|
||||||
$domainname =~ s/.*?\.//;
|
|
||||||
|
|
||||||
# print "$domainname\n";
|
|
||||||
|
|
||||||
# is the domain name from the hosts file
|
|
||||||
# the same as that in the domains file ?
|
|
||||||
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
|
||||||
|| 'disabled';
|
|| 'disabled';
|
||||||
|
|
||||||
if ( $domainname eq $domain && $hostEnabled eq 'enabled' ) {
|
my @domains = $domainsDB->keys;
|
||||||
|
my @hosts = $hostsDB->keys;
|
||||||
|
|
||||||
# Are we self ?
|
# Need to check here if we want ALL set if not explicitly disabled
|
||||||
my $type = $hostsDB->get_prop( "$fqdn", 'HostType' );
|
# all, domains, hosts, both, none
|
||||||
my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' )
|
my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none';
|
||||||
|| 'disabled';
|
|
||||||
|
|
||||||
# print "Override $hostOverride";
|
# Put Primary domain at top : needs to be the main cert domain.
|
||||||
|
my $DomainName = $configDB->get('DomainName')->value;
|
||||||
|
my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' )
|
||||||
|
|| 'disabled';
|
||||||
|
$OUT = "$DomainName " unless $mainDomainStatus eq 'disabled';
|
||||||
|
|
||||||
if ( $hostOverride eq 'yes' ) {
|
foreach my $domain (@domains) {
|
||||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
|
||||||
}
|
|
||||||
|
|
||||||
elsif ( $type eq 'Self' ) {
|
# If default set to all or domains then do all except if explicitly disabled
|
||||||
|
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) {
|
||||||
# print "Here: $fqdn $type\n";
|
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
||||||
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
|
|| 'enabled';
|
||||||
}
|
$OUT .= "$domain " unless ( $domainEnabled eq 'disabled' || $DomainName eq $domain) ;
|
||||||
|
}
|
||||||
}
|
# otherwise only do if explicitly enabled
|
||||||
}
|
else {
|
||||||
|
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|
||||||
|
|| 'disabled';
|
||||||
|
if ( $domainEnabled eq 'enabled' ) {
|
||||||
|
$OUT .= "$domain " unless $DomainName eq $domain;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
# Now check for this domain hosts
|
||||||
|
foreach my $fqdn (@hosts) {
|
||||||
|
|
||||||
else {
|
# exclude host identical to primary domain, already done
|
||||||
$OUT .= "# letsencrypt is disabled\n";
|
next if $DomainName eq $fqdn;
|
||||||
|
# exclude host identical to current domain, already done
|
||||||
|
next if $domain eq $fqdn;
|
||||||
|
|
||||||
|
# overide hostOverride : default disabled do not ask if host is not self
|
||||||
|
my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ) || "Self";
|
||||||
|
next unless ( $type eq "Self" || $hostOverride eq "disabled");
|
||||||
|
|
||||||
|
# check if host related to current domain
|
||||||
|
# Lets get the hostname
|
||||||
|
my $hostname = $fqdn;
|
||||||
|
$hostname =~ s/\..*//;
|
||||||
|
# Lets get the domain name
|
||||||
|
my $domainname = $fqdn;
|
||||||
|
$domainname =~ s/.*?\.//;
|
||||||
|
next unless ($domainname eq $domain);
|
||||||
|
|
||||||
|
# If we are set to all or hosts just do it
|
||||||
|
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) {
|
||||||
|
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
||||||
|
|| 'enabled';
|
||||||
|
$OUT .= "$fqdn " unless $hostEnabled eq 'disabled';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# the same as that in the domains file ?
|
||||||
|
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|
||||||
|
|| 'disabled';
|
||||||
|
$OUT .= "$fqdn " unless $hostEnabled eq 'disabled';
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
%define name smeserver-certificates
|
%define name smeserver-certificates
|
||||||
%define version 11.0
|
%define version 11.0
|
||||||
%define release 8
|
%define release 10
|
||||||
Summary: This is what smeserver-certificates does.
|
Summary: This is what smeserver-certificates does.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
@@ -25,8 +25,12 @@ AutoReqProv: no
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 10 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-10.sme
|
||||||
|
- fix unexpected behaviour when item set as disabled [SME: 13136]
|
||||||
|
rewrite of 10Domains fragment
|
||||||
|
|
||||||
* Mon Aug 25 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0-8.sme
|
* Mon Aug 25 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0-8.sme
|
||||||
- Set KEY_ALFO default to rsa - thanks Knuddi [SME: 13109]
|
- Set KEY_ALGO default to rsa - thanks Knuddi [SME: 13109]
|
||||||
- bump server-manager version
|
- bump server-manager version
|
||||||
|
|
||||||
* Fri Jun 27 2025 Brian Read <brianr@koozali.org> 11.0-7.sme
|
* Fri Jun 27 2025 Brian Read <brianr@koozali.org> 11.0-7.sme
|
||||||
|
|||||||
Reference in New Issue
Block a user