add new 'http2 on' directive for nginx >=1.25.1

Signed-off-by: Michael Kaufmann <[email protected]>
froxlor · Jan 22, 2024 · 2629718 · 2629718
1 parent c4cf8ed
commit 2629718
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 6 deletions.
diff --git a/lib/Froxlor/Cron/Http/Nginx.php b/lib/Froxlor/Cron/Http/Nginx.php
@@ -46,10 +46,9 @@ class Nginx extends HttpConfigBase
 
 	// protected
 	protected $needed_htpasswds = [];
-	protected $auth_backend_loaded = false;
+	protected $http2_on_directive = false;
 	protected $htpasswds_data = [];
 	protected $known_htpasswdsfilenames = [];
-	protected $mod_accesslog_loaded = '0';
 	protected $vhost_root_autoindex = false;
 
 	/**
@@ -60,6 +59,18 @@ class Nginx extends HttpConfigBase
 	 */
 	private $deactivated = false;
 
+	public function __construct()
+	{
+		$nores = false;
+		$res = FileDir::safe_exec('nginx -v 2>&1', $nores, ['>', '&']);
+		$ver_str = array_shift($res);
+		$cNginxVer = substr($ver_str, strrpos($ver_str, "/") + 1);
+		if (version_compare($cNginxVer, '1.25.1', '>=')) {
+			// at least 1.25.1
+			$this->http2_on_directive = true;
+		}
+	}
+
 	public function createVirtualHosts()
 	{
 		return;
@@ -162,8 +173,10 @@ public function createIpPort()
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
-
+				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
+				if ($http2 && $this->http2_on_directive) {
+					$this->nginx_data[$vhost_filename] .= "\t" . 'http2 on;' . "\n";
+				}
 				$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
 
 				$aliases = "";
@@ -481,6 +494,7 @@ protected function getVhostContent($domain, $ssl_vhost = false)
 
 		$vhost_content = '';
 		$_vhost_content = '';
+		$has_http2_on = false;
 
 		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
 			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
@@ -531,7 +545,11 @@ protected function getVhostContent($domain, $ssl_vhost = false)
 			}
 			$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');
 
-			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
+			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
+			if ($http2 && $this->http2_on_directive && !$has_http2_on) {
+				$vhost_content .= "\t" . 'http2 on;' . "\n";
+				$has_http2_on = true;
+			}
 		}
 
 		// get all server-names

diff --git a/lib/Froxlor/UI/Callbacks/Domain.php b/lib/Froxlor/UI/Callbacks/Domain.php
@@ -179,7 +179,7 @@ public static function canEditSSL(array $attributes): bool
 	{
 		if (Settings::Get('system.use_ssl') == '1'
 			&& DDomain::domainHasSslIpPort($attributes['fields']['id'])
-			&& (int)$attributes['fields']['caneditdomain'] == 1
+			&& (CurrentUser::isAdmin() || (!CurrentUser::isAdmin() && (int)$attributes['fields']['caneditdomain'] == 1))
 			&& (int)$attributes['fields']['letsencrypt'] == 0
 			&& (!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0))
 			&& !$attributes['fields']['deactivated']