bin/v-add-web-domain-ssl

#!/bin/bash
# info: adding ssl for domain
# options: USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]
#
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
# to directory where 2 or 3 ssl files can be found. Certificate file 
# domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory  parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.


#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

# Argument defenition
user=$1
domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain")
ssl_dir=$3
ssl_home=${4-same}
restart="$5"

# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/func/ip.sh
source $VESTA/conf/vesta.conf


#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '3' "$#" 'USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]'
validate_format 'user' 'domain' 'ssl_dir'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
is_object_value_empty 'web' 'DOMAIN' "$domain" '$SSL'
is_web_domain_cert_valid


#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Adding certificate to user data directory
cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.crt
cp -f $ssl_dir/$domain.key $USER_DATA/ssl/$domain.key
cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.pem
if [ -e "$ssl_dir/$domain.ca" ]; then
    cp -f $ssl_dir/$domain.ca $USER_DATA/ssl/$domain.ca
    echo >> $USER_DATA/ssl/$domain.pem
    cat $USER_DATA/ssl/$domain.ca >> $USER_DATA/ssl/$domain.pem
fi
chmod 660 $USER_DATA/ssl/$domain.*

# Parsing domain values
get_domain_values 'web'
conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf"
tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl"
SSL_HOME="$ssl_home"
ip=$(get_real_ip $IP)

# Preparing domain values for the template substitution
upd_web_domain_values

# Adding domain to the web config
add_web_config

chown root:$user $conf
chmod 640 $conf

# Adding certificate to user dir
cp -f $USER_DATA/ssl/$domain.crt $HOMEDIR/$user/conf/web/ssl.$domain.crt
cp -f $USER_DATA/ssl/$domain.key $HOMEDIR/$user/conf/web/ssl.$domain.key
cp -f $USER_DATA/ssl/$domain.pem $HOMEDIR/$user/conf/web/ssl.$domain.pem
if [ -e "$USER_DATA/ssl/$domain.ca" ]; then
    cp -f $USER_DATA/ssl/$domain.ca $HOMEDIR/$user/conf/web/ssl.$domain.ca
fi

# Running template trigger
if [ -x $WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$template.sh ]; then
    $WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$template.sh \
        $user $domain $ip $HOMEDIR $sdocroot
fi

# Checking web config
web_conf="/etc/$WEB_SYSTEM/conf.d/vesta.conf"
if [ -z "$(grep "$conf" $web_conf)" ]; then
    echo "Include $conf" >> $web_conf
fi

# Checking proxy
if [ ! -z "$PROXY" ]; then
    conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf"
    tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl"
    add_web_config

    chown root:$user $conf
    chmod 640 $conf

    # Checking proxy config
    proxy_conf="/etc/$PROXY_SYSTEM/conf.d/vesta.conf"
    if [ -z "$(grep "$conf" $proxy_conf )" ]; then
        echo "include $conf;" >> $proxy_conf
    fi
fi


#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# Increasing domain value
increase_user_value "$user" '$U_WEB_SSL'

# Adding ssl values
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HOME' "$SSL_HOME"
update_object_value 'web' 'DOMAIN' "$domain" '$SSL' "yes"

# Restart web server
if [ "$restart" != 'no' ]; then
    $BIN/v-restart-web
    if [ $? -ne 0 ]; then
        exit $E_RESTART
    fi

    $BIN/v-restart-proxy
    if [ $? -ne 0 ]; then
        exit $E_RESTART
    fi
fi

# Logging
log_history "enabled ssl support for $domain"
log_event "$OK" "$EVENT"

exit