From 2629718b229fc7ef7518d38d32be5a55c5224086 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Tue, 23 Jan 2024 00:01:12 +0100 Subject: [PATCH] add new 'http2 on' directive for nginx >=1.25.1 Signed-off-by: Michael Kaufmann --- lib/Froxlor/Cron/Http/Nginx.php | 28 +++++++++++++++++++++++----- lib/Froxlor/UI/Callbacks/Domain.php | 2 +- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/lib/Froxlor/Cron/Http/Nginx.php b/lib/Froxlor/Cron/Http/Nginx.php index 08d8825446..49246134cb 100644 --- a/lib/Froxlor/Cron/Http/Nginx.php +++ b/lib/Froxlor/Cron/Http/Nginx.php @@ -46,10 +46,9 @@ class Nginx extends HttpConfigBase // protected protected $needed_htpasswds = []; - protected $auth_backend_loaded = false; + protected $http2_on_directive = false; protected $htpasswds_data = []; protected $known_htpasswdsfilenames = []; - protected $mod_accesslog_loaded = '0'; protected $vhost_root_autoindex = false; /** @@ -60,6 +59,18 @@ class Nginx extends HttpConfigBase */ private $deactivated = false; + public function __construct() + { + $nores = false; + $res = FileDir::safe_exec('nginx -v 2>&1', $nores, ['>', '&']); + $ver_str = array_shift($res); + $cNginxVer = substr($ver_str, strrpos($ver_str, "/") + 1); + if (version_compare($cNginxVer, '1.25.1', '>=')) { + // at least 1.25.1 + $this->http2_on_directive = true; + } + } + public function createVirtualHosts() { return; @@ -162,8 +173,10 @@ public function createIpPort() /** * this HAS to be set for the default host in nginx or else no vhost will work */ - $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; - + $this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n"; + if ($http2 && $this->http2_on_directive) { + $this->nginx_data[$vhost_filename] .= "\t" . 'http2 on;' . "\n"; + } $this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n"; $aliases = ""; @@ -481,6 +494,7 @@ protected function getVhostContent($domain, $ssl_vhost = false) $vhost_content = ''; $_vhost_content = ''; + $has_http2_on = false; $query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip` WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports "; @@ -531,7 +545,11 @@ protected function getVhostContent($domain, $ssl_vhost = false) } $http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1'); - $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n"; + $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n"; + if ($http2 && $this->http2_on_directive && !$has_http2_on) { + $vhost_content .= "\t" . 'http2 on;' . "\n"; + $has_http2_on = true; + } } // get all server-names diff --git a/lib/Froxlor/UI/Callbacks/Domain.php b/lib/Froxlor/UI/Callbacks/Domain.php index 3e01372e14..74a80625cc 100644 --- a/lib/Froxlor/UI/Callbacks/Domain.php +++ b/lib/Froxlor/UI/Callbacks/Domain.php @@ -179,7 +179,7 @@ public static function canEditSSL(array $attributes): bool { if (Settings::Get('system.use_ssl') == '1' && DDomain::domainHasSslIpPort($attributes['fields']['id']) - && (int)$attributes['fields']['caneditdomain'] == 1 + && (CurrentUser::isAdmin() || (!CurrentUser::isAdmin() && (int)$attributes['fields']['caneditdomain'] == 1)) && (int)$attributes['fields']['letsencrypt'] == 0 && (!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0)) && !$attributes['fields']['deactivated']