diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java index 8450d7a..5e59988 100644 --- a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java +++ b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java @@ -44,8 +44,7 @@ public class DomainModuleImpl extends AbstractModuleImpl { DOMOPT_MULTIVIEWS, DOMOPT_INDEXES, DOMOPT_HTDOCSFALLBACK, - DOMOPT_INCLUDES, - DOMOPT_LETSENCRYPT + DOMOPT_INCLUDES }; @Override @@ -226,6 +225,11 @@ public class DomainModuleImpl extends AbstractModuleImpl { opt.setId(((DomainOption) list.get(0)).getId()); } } + for (DomainOption opt : domainOptions) { + if ("letsencrypt".equals(opt.getName()) && updatedDom.getServeraliases().contains("*")) { + throw new HSAdminException("invalid domain option: " + opt.getName() + " for woldcard subdomain"); + } + } needsWriteAccessOn(oldDom, "update"); return super.update(existingEntity); } diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java index eb57b33..3a0e3ce 100644 --- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java +++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java @@ -53,7 +53,9 @@ public class DomainProcessorFactory implements EntityProcessorFactory { Domain dom = (Domain) entity; UnixUser domUser = dom.getUser(); Pac pac = domUser.getPac(); - WaitingTasksProcessor processor = new WaitingTasksProcessor(createApacheVHostSetupProcessor(em, dom)); + final Processor apacheVHostSetupProcessor = createApacheVHostSetupProcessor(em, dom); + final Processor letencryptSetupProcessor = createLetencryptSetupProcessor(em, dom); + WaitingTasksProcessor processor = new WaitingTasksProcessor(new CompoundProcessor(apacheVHostSetupProcessor, letencryptSetupProcessor)); Config config = Config.getInstance(); for (String queueName : config.getProperty("queues.mail").split(",")) { processor.appendProcessor(queueName, createMailinSetupProcessor(em, dom, pac), queueName + ".hostsharing.net"); @@ -75,6 +77,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory { mainProcessor.appendProcessor(queueName, createMailinUnsetupProcessor(em, dom), queueName + ".hostsharing.net"); } mainProcessor.appendProcessor(dom.getHiveName(), createApacheVHostDeleteProcessor(dom), "remove apache vhost"); + mainProcessor.appendProcessor(dom.getHiveName(), createLetencryptUnsetProcessor(dom), "remove letsencrypt config"); return mainProcessor; } @@ -323,4 +326,32 @@ public class DomainProcessorFactory implements EntityProcessorFactory { return vhostDelProcessor; } + private Processor createLetencryptSetupProcessor(final EntityManager em, final Domain dom) { + final Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname"); + final String domName = dom.getName(); + query.setParameter("domname", domName); + query.setParameter("option", "letsencrypt"); + if (query.getResultList().isEmpty()) { + // remove LE config + return createLetencryptUnsetProcessor(dom); + } else { + // setup LE + return new ShellProcessor("mkdir -p /var/lib/letsencrypt/webroot/" + domName + + " && chown root:root /var/lib/letsencrypt/webroot/" + domName + + " && chmod 0755 /var/lib/letsencrypt/webroot/" + domName + + " && mkdir -p /etc/letsencrypt/renwal/" + domName + + " && mkdir -p /etc/letsencrypt/live/" + domName + + " && mkdir -p /etc/letsencrypt/archive/" + domName + + " && echo \"" + dom.getValidsubdomainnames() + "\" > /etc/letsencrypt/renwal/" + domName + ".conf" ); + } + } + + private Processor createLetencryptUnsetProcessor(final Domain dom) { + final String domName = dom.getName(); + return new ShellProcessor("rm -rf /var/lib/letsencrypt/webroot/" + domName + + " && rm -rf /etc/letsencrypt/archive/" + domName + + " && rm -rf /etc/letsencrypt/live/" + domName + + " && rm -f /etc/letsencrypt/renwal/" + domName + ".conf"); + } + }