vesta/bin/v-add-web-domain-ssl

#!/bin/bash
# info: adding ssl for domain
# options: USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]
#
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
# to directory where 2 or 3 ssl files can be found. Certificate file 
# domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory  parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.


#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

# Argument definition
user=$1
domain=$2
ssl_dir=$3
ssl_home=${4-same}
restart="$5"

# Additional argument formatting
if [[ "$domain" =~ [[:upper:]] ]]; then
    domain=$(echo "$domain" |tr '[:upper:]' '[:lower:]')
fi
if [[ "$domain" =~ ^www\..* ]]; then
    domain=$(echo "$domain" |sed -e "s/^www.//")
fi
if [[ "$domain" =~ .*\.$ ]]; then
    domain=$(echo "$domain" |sed -e "s/\.$//")
fi

domain=$(idn -t --quiet -u "$domain" )
domain_idn=$(idn -t --quiet -a "$domain")

# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/func/ip.sh
source $VESTA/conf/vesta.conf

# Additional argument formatting
format_domain
format_domain_idn


#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '3' "$#" 'USER DOMAIN SSL_DIR [SSL_HOME] [RESTART]'
is_format_valid 'user' 'domain' 'ssl_dir'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
is_object_value_empty 'web' 'DOMAIN' "$domain" '$SSL'
is_web_domain_cert_valid


#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Adding certificate to user data directory
cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.crt
cp -f $ssl_dir/$domain.key $USER_DATA/ssl/$domain.key
cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.pem
if [ -e "$ssl_dir/$domain.ca" ]; then
    cp -f $ssl_dir/$domain.ca $USER_DATA/ssl/$domain.ca
    echo >> $USER_DATA/ssl/$domain.pem
    cat $USER_DATA/ssl/$domain.ca >> $USER_DATA/ssl/$domain.pem
fi
chmod 660 $USER_DATA/ssl/$domain.*

# Adding certificate to user dir
cp -f $USER_DATA/ssl/$domain.crt $HOMEDIR/$user/conf/web/ssl.$domain.crt
cp -f $USER_DATA/ssl/$domain.key $HOMEDIR/$user/conf/web/ssl.$domain.key
cp -f $USER_DATA/ssl/$domain.pem $HOMEDIR/$user/conf/web/ssl.$domain.pem
if [ -e "$USER_DATA/ssl/$domain.ca" ]; then
    cp -f $USER_DATA/ssl/$domain.ca $HOMEDIR/$user/conf/web/ssl.$domain.ca
fi

# Parsing domain values
get_domain_values 'web'
local_ip=$(get_real_ip $IP)

# Preparing domain values for the template substitution
SSL_HOME="$ssl_home"
prepare_web_domain_values

# Adding domain to the web config
add_web_config "$WEB_SYSTEM" "$TPL.stpl"

# Checking proxy config
if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then
    add_web_config "$PROXY_SYSTEM" "$PROXY.stpl"
fi


#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# Increasing domain value
increase_user_value "$user" '$U_WEB_SSL'

# Adding ssl values
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HOME' "$SSL_HOME"
update_object_value 'web' 'DOMAIN' "$domain" '$SSL' "yes"

# Restarting web server
$BIN/v-restart-web $restart
check_result $? "Web restart failed" >/dev/null

$BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null

if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
    hostname=$(hostname)
    if [ "$hostname" = "$domain" ]; then
        $BIN/v-update-host-certificate $user $domain
    fi
fi

# Logging
log_history "enabled ssl support for $domain"
log_event "$OK" "$ARGUMENTS"

exit