admin/yakpanel-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6dea3b43072bd0074e91d30a1321a1a5377affec
yakpanel-core/class/panelSite.py
Niranjan 2826d3e7f3 Initial YakPanel commit
2026-04-07 02:04:22 +05:30

6281 lines
268 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# coding: utf-8
# -------------------------------------------------------------------
# YakPanel
# -------------------------------------------------------------------
# Copyright (c) 2015-2017 YakPanel(www.yakpanel.com) All rights reserved.
# -------------------------------------------------------------------
# Author: hwliang <hwl@yakpanel.com>
# -------------------------------------------------------------------
# ------------------------------
# 网站管理类
#------------------------------
import io,re,public,os,sys,shutil,json,hashlib,socket,time
try:
import OpenSSL
except:
os.system("btpip install pyOpenSSL -I")
import OpenSSL
import base64
try:
from YakPanel import session
except:
pass
from panelRedirect import panelRedirect
import site_dir_auth
import one_key_wp
from ssl_manage import SSLManger
class panelSite(panelRedirect):
siteName = None # 网站名称
sitePath = None # 根目录
sitePort = None # 端口
phpVersion = None # PHP版本
setupPath = None # 安装路径
isWriteLogs = None # 是否写日志
nginx_conf_bak = '/tmp/backup_nginx.conf'
apache_conf_bak = '/tmp/backup_apache.conf'
is_ipv6 = False
def __init__(self):
self.setupPath = public.get_setup_path()
path = self.setupPath + '/panel/vhost/nginx'
if not os.path.exists(path): public.ExecShell("mkdir -p " + path + " && chmod -R 644 " + path)
path = self.setupPath + '/panel/vhost/apache'
if not os.path.exists(path): public.ExecShell("mkdir -p " + path + " && chmod -R 644 " + path)
path = self.setupPath + '/panel/vhost/rewrite'
if not os.path.exists(path): public.ExecShell("mkdir -p " + path + " && chmod -R 644 " + path)
path = self.setupPath + '/stop'
if not os.path.exists(path + '/index.html'):
public.ExecShell('mkdir -p ' + path)
public.ExecShell('wget -O ' + path + '/index.html ' + public.get_url() + '/stop_en.html &')
self.__proxyfile = '{}/data/proxyfile.json'.format(public.get_panel_path())
self.OldConfigFile()
if os.path.exists(self.nginx_conf_bak): os.remove(self.nginx_conf_bak)
if os.path.exists(self.apache_conf_bak): os.remove(self.apache_conf_bak)
self.is_ipv6 = os.path.exists(self.setupPath + '/panel/data/ipv6.pl')
sys.setrecursionlimit(1000000)
self._proxy_path = '/www/server/proxy_project'
self._proxy_config_path = self._proxy_path + '/sites'
# 默认配置文件
def check_default(self):
nginx = self.setupPath + '/panel/vhost/nginx'
httpd = self.setupPath + '/panel/vhost/apache'
httpd_default = '''<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot "/www/server/apache/htdocs"
ServerName bt.default.com
<Directory "/www/server/apache/htdocs">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html
</Directory>
</VirtualHost>'''
listen_ipv6 = ''
if self.is_ipv6: listen_ipv6 = "\n listen [::]:80;"
nginx_default = '''server
{
listen 80;%s
server_name _;
index index.html;
root /www/server/nginx/html;
}''' % listen_ipv6
if not os.path.exists(httpd + '/0.default.conf') and not os.path.exists(
httpd + '/default.conf'): public.writeFile(httpd + '/0.default.conf', httpd_default)
if not os.path.exists(nginx + '/0.default.conf') and not os.path.exists(
nginx + '/default.conf'): public.writeFile(nginx + '/0.default.conf', nginx_default)
# 添加apache端口
def apacheAddPort(self, port):
port = str(port)
filename = self.setupPath + '/apache/conf/extra/httpd-ssl.conf'
if os.path.exists(filename):
ssl_conf = public.readFile(filename)
if ssl_conf:
if ssl_conf.find('Listen 443') != -1:
ssl_conf = ssl_conf.replace('Listen 443', '')
public.writeFile(filename, ssl_conf)
filename = self.setupPath + '/apache/conf/httpd.conf'
if not os.path.exists(filename): return
allConf = public.readFile(filename)
rep = r"Listen\s+([0-9]+)\n"
tmp = re.findall(rep, allConf)
if not tmp: return False
for key in tmp:
if key == port: return False
listen = "\nListen " + tmp[0] + "\n"
listen_ipv6 = ''
# if self.is_ipv6: listen_ipv6 = "\nListen [::]:" + port
allConf = allConf.replace(listen, listen + "Listen " + port + listen_ipv6 + "\n")
public.writeFile(filename, allConf)
return True
# 添加到apache
def apacheAdd(self):
import time
listen = ''
if self.sitePort != '80': self.apacheAddPort(self.sitePort)
acc = public.md5(str(time.time()))[0:8]
try:
httpdVersion = public.readFile(self.setupPath + '/apache/version.pl').strip()
except:
httpdVersion = ""
if httpdVersion == '2.2':
vName = ''
if self.sitePort != '80' and self.sitePort != '443':
vName = "NameVirtualHost *:" + self.sitePort + "\n"
phpConfig = ""
apaOpt = "Order allow,deny\n\t\tAllow from all"
else:
vName = ""
phpConfig = '''
#PHP
<FilesMatch \\.php$>
SetHandler "proxy:%s"
</FilesMatch>
''' % (public.get_php_proxy(self.phpVersion, 'apache'),)
apaOpt = 'Require all granted'
conf = r'''%s<VirtualHost *:%s>
ServerAdmin webmaster@example.com
DocumentRoot "%s"
ServerName %s.%s
ServerAlias %s
#errorDocument 404 /404.html
ErrorLog "%s-error_log"
CustomLog "%s-access_log" combined
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
%s
#PATH
<Directory "%s">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
%s
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>''' % (vName, self.sitePort, self.sitePath, acc, self.siteName, self.siteName,
public.GetConfigValue('logs_path') + '/' + self.siteName,
public.GetConfigValue('logs_path') + '/' + self.siteName, phpConfig, self.sitePath, apaOpt)
htaccess = self.sitePath + '/.htaccess'
if not os.path.exists(htaccess): public.writeFile(htaccess, ' ')
public.ExecShell('chmod -R 644 ' + htaccess)
public.ExecShell('chown -R www:www ' + htaccess)
filename = self.setupPath + '/panel/vhost/apache/' + self.siteName + '.conf'
public.writeFile(filename, conf)
return True
# 添加到nginx
def nginxAdd(self):
listen_ipv6 = ''
if self.is_ipv6: listen_ipv6 = "\n listen [::]:%s;" % self.sitePort
conf = r'''server
{{
listen {listen_port};{listen_ipv6}
server_name {site_name};
index index.php index.html index.htm default.php default.htm default.html;
root {site_path};
#SSL-START {ssl_start_msg}
#error_page 404/404.html;
#SSL-END
#ERROR-PAGE-START {err_page_msg}
error_page 404 /404.html;
error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START {php_info_start}
include enable-php-{php_version}.conf;
#PHP-INFO-END
#REWRITE-START {rewrite_start_msg}
include {setup_path}/panel/vhost/rewrite/{site_name}.conf;
#REWRITE-END
{description}
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{{
return 404;
}}
{description1}
location ~ \.well-known{{
allow all;
}}
#Prohibit putting sensitive files in certificate verification directory
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {{
return 403;
}}
location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$
{{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}}
location ~ .*\\.(js|css)?$
{{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}}
access_log {log_path}/{site_name}.log;
error_log {log_path}/{site_name}.error.log;
}}'''.format(
listen_port=self.sitePort,
listen_ipv6=listen_ipv6,
site_path=self.sitePath,
ssl_start_msg=public.lang("SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules"),
err_page_msg=public.lang("Error page configuration, allowed to be commented, deleted or modified"),
php_info_start=public.lang("PHP reference configuration, allowed to be commented, deleted or modified"),
php_version=self.phpVersion,
setup_path=self.setupPath,
rewrite_start_msg=public.lang("URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel"),
description=("# Forbidden files or directories"),
description1=("# Directory verification related settings for one-click application for SSL certificate"),
log_path=public.GetConfigValue('logs_path'),
site_name=self.siteName
)
# 写配置文件
filename = self.setupPath + '/panel/vhost/nginx/' + self.siteName + '.conf'
public.writeFile(filename, conf)
# 生成伪静态文件
urlrewritePath = self.setupPath + '/panel/vhost/rewrite'
urlrewriteFile = urlrewritePath + '/' + self.siteName + '.conf'
if not os.path.exists(urlrewritePath): os.makedirs(urlrewritePath)
open(urlrewriteFile, 'w+').close()
if not os.path.exists(urlrewritePath):
public.writeFile(urlrewritePath, '')
return True
# 重新生成nginx配置文件
def rep_site_config(self, get):
self.siteName = get.siteName
siteInfo = public.M('sites').where('name=?', (self.siteName,)).field('id,path,port').find()
siteInfo['domains'] = public.M('domains').where('pid=?', (siteInfo['id'],)).field('name,port').select()
siteInfo['binding'] = public.M('binding').where('pid=?', (siteInfo['id'],)).field('domain,path').select()
# openlitespeed
def openlitespeed_add_site(self, get, init_args=None):
# 写主配置httpd_config.conf
# 操作默认监听配置
if not self.sitePath:
return public.return_msg_gettext(False, public.lang("Not specify parameter [sitePath]"))
if init_args:
self.siteName = init_args['sitename']
self.phpVersion = init_args['phpv']
self.sitePath = init_args['rundir']
conf_dir = self.setupPath + '/panel/vhost/openlitespeed/'
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
file = conf_dir + self.siteName + '.conf'
v_h = """
#VHOST_TYPE YP_SITENAME START
virtualhost YP_SITENAME {
vhRoot YP_RUN_PATH
configFile /www/server/panel/vhost/openlitespeed/detail/YP_SITENAME.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 0
}
#VHOST_TYPE YP_SITENAME END
"""
self.old_name = self.siteName
if hasattr(get, "dirName"):
self.siteName = self.siteName + "_" + get.dirName
# sub_dir = self.sitePath + "/" + get.dirName
v_h = v_h.replace("VHOST_TYPE", "SUBDIR")
v_h = v_h.replace("YP_SITENAME", self.siteName)
v_h = v_h.replace("YP_RUN_PATH", self.sitePath)
# extp_name = self.siteName + "_" + get.dirName
else:
self.openlitespeed_domain(get)
v_h = v_h.replace("VHOST_TYPE", "VHOST")
v_h = v_h.replace("YP_SITENAME", self.siteName)
v_h = v_h.replace("YP_RUN_PATH", self.sitePath)
# extp_name = self.siteName
public.writeFile(file, v_h, "a+")
# 写vhost
conf = '''docRoot $VH_ROOT
vhDomain $VH_NAME
adminEmails example@example.com
enableGzip 1
enableIpGeo 1
index {
useServer 0
indexFiles index.php,index.html
}
errorlog /www/wwwlogs/$VH_NAME_ols.error_log {
useServer 0
logLevel ERROR
rollingSize 10M
}
accesslog /www/wwwlogs/$VH_NAME_ols.access_log {
useServer 0
logFormat '%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"'
logHeaders 5
rollingSize 10M
keepDays 10 compressArchive 1
}
scripthandler {
add lsapi:YP_EXTP_NAME php
}
extprocessor YP_OLS_NAME {
type lsapi
address UDS://tmp/lshttpd/YP_EXTP_NAME.sock
maxConns 20
env LSAPI_CHILDREN=20
initTimeout 600
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphpYP_PHP_V/bin/lsphp
extUser www
extGroup www
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}
phpIniOverride {
php_admin_value open_basedir "/tmp/:YP_RUN_PATH"
}
expires {
enableExpires 1
expiresByType image/*=A43200,text/css=A43200,application/x-javascript=A43200,application/javascript=A43200,font/*=A43200,application/x-font-ttf=A43200
}
rewrite {
enable 1
autoLoadHtaccess 1
include /www/server/panel/vhost/openlitespeed/proxy/YP_OLS_NAME/urlrewrite/*.conf
include /www/server/panel/vhost/apache/redirect/YP_OLS_NAME/*.conf
include /www/server/panel/vhost/openlitespeed/redirect/YP_OLS_NAME/*.conf
}
include /www/server/panel/vhost/openlitespeed/proxy/YP_OLS_NAME/*.conf
'''
open_base_path = self.sitePath
if self.sitePath[-1] != '/':
open_base_path = self.sitePath + '/'
conf = conf.replace('YP_RUN_PATH', open_base_path)
conf = conf.replace('YP_EXTP_NAME', self.siteName)
conf = conf.replace('YP_PHP_V', self.phpVersion)
conf = conf.replace('YP_OLS_NAME', self.siteName)
# 写配置文件
conf_dir = self.setupPath + '/panel/vhost/openlitespeed/detail/'
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
file = conf_dir + self.siteName + '.conf'
# if hasattr(get,"dirName"):
# file = conf_dir + self.siteName +'_'+get.dirName+ '.conf'
public.writeFile(file, conf)
# 生成伪静态文件
# urlrewritePath = self.setupPath + '/panel/vhost/rewrite'
# urlrewriteFile = urlrewritePath + '/' + self.siteName + '.conf'
# if not os.path.exists(urlrewritePath): os.makedirs(urlrewritePath)
# open(urlrewriteFile, 'w+').close()
return True
# 上传CSV文件
# def upload_csv(self, get):
# import files
# f = files.files()
# get.f_path = '/tmp/multiple_website.csv'
# result = f.upload(get)
# return result
# 处理CSV内容
def __process_cvs(self, key):
import csv
with open('/tmp/multiple_website.csv')as f:
f_csv = csv.reader(f)
# result = [i for i in f_csv]
return [dict(zip(key, i)) for i in [i for i in f_csv if "FTP" not in i]]
# 批量创建网站
def __create_website_mulitiple(self, websites_info, site_path, get):
create_successfully = {}
create_failed = {}
for data in websites_info:
if not data:
continue
try:
domains = data['website'].split(',')
website_name = domains[0].split(':')[0]
data['port'] = '80' if len(domains[0].split(':')) < 2 else domains[0].split(':')[1]
get.webname = json.dumps({"domain": website_name, "domainlist": domains[1:], "count": 0})
get.path = data['path'] if 'path' in data and data['path'] != '0' and data[
'path'] != '1' else site_path + '/' + website_name
get.version = data['version'] if 'version' in data and data['version'] != '0' else '00'
get.ftp = 'true' if 'ftp' in data and data['ftp'] == '1' else False
get.sql = 'true' if 'sql' in data and data['sql'] == '1' else False
get.port = data['port'] if 'port' in data else '80'
get.codeing = 'utf8'
get.type = 'PHP'
get.type_id = '0'
get.ps = ''
create_other = {}
create_other['db_status'] = False
create_other['ftp_status'] = False
if get.sql == 'true':
create_other['db_pass'] = get.datapassword = public.gen_password(16)
create_other['db_user'] = get.datauser = website_name.replace('.', '_')
create_other['db_status'] = True
if get.ftp == 'true':
create_other['ftp_pass'] = get.ftp_password = public.gen_password(16)
create_other['ftp_user'] = get.ftp_username = website_name.replace('.', '_')
create_other['ftp_status'] = True
result = self.AddSite(get, multiple=1)
if 'status' in result:
create_failed[domains[0]] = result['msg']
continue
create_successfully[domains[0]] = create_other
except:
create_failed[domains[0]] = public.lang("There was an error creating, please try again.")
return {'status': True, 'msg': public.lang('Create the website [ {} ] successfully', ','.join(create_successfully)),
'error': create_failed,
'success': create_successfully}
# 批量创建网站
def create_website_multiple(self, get):
'''
@name 批量创建网站
@author zhwen<2020-11-26>
@param create_type txt/csv txt格式为 “网站名|网站路径|是否创建FTP|是否创建数据库|PHP版本” 每个网站一行
"aaa.com:88,bbb.com|/www/wwwserver/aaa.com/或1|1/0|1/0|0/73"
csv格式为 “网站名|网站端口|网站路径|PHP版本|是否创建数据库|是否创建FTP”
@param websites_content "[[aaa.com|80|/www/wwwserver/aaa.com/|1|1|73]...."
'''
key = ['website', 'path', 'ftp', 'sql', 'version']
site_path = public.M('config').getField('sites_path')
if get.create_type == 'txt':
websites_info = [dict(zip(key, i)) for i in
[i.strip().split('|') for i in json.loads(get.websites_content)]]
else:
websites_info = self.__process_cvs(key)
res = self.__create_website_mulitiple(websites_info, site_path, get)
public.serviceReload()
return res
# 检测enable-php-00.conf
def check_php_conf(self):
try:
file = '/www/server/nginx/conf/enable-php.conf'
if public.get_webserver() != "nginx":
return
if os.path.exists(file):
return
php_v = os.listdir('/www/server/php')
if not php_v:
return
conf = public.readFile('/www/server/nginx/conf/enable-php-{}.conf'.format(php_v[0]))
public.writeFile(file,conf)
except:
pass
# 添加站点
def AddSite(self, get, multiple=None):
if not get.path:
return public.return_msg_gettext(False, public.lang("Please fill in the website path"))
if get.path == "/":
return public.return_msg_gettext(False, public.lang("The website path cannot be the root directory [/]"))
rep_email = r"[\w!#$%&'*+/=?^_`{|}~-]+(?:\.[\w!#$%&'*+/=?^_`{|}~-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[\w](?:[\w-]*[\w])?"
if hasattr(get, 'email'):
if not re.search(rep_email,get.email):
return public.return_msg_gettext(False, public.lang("Please check if the [Email] format correct"))
if hasattr(get,'password') and hasattr(get,'pw_weak'):
l = public.check_password(get.password)
if l == 0 and get.pw_weak == 'off':
return public.return_msg_gettext(False, public.lang("Password very weak, if you are sure to use it, please tick [ Allow weak passwords ]"))
#判断Mysql PHP 没有安装不能继续
if not os.path.exists("/www/server/mysql") or not os.path.exists("/www/server/php"):
return public.return_msg_gettext(False, public.lang("Please install Mysql and PHP first!"))
self.check_default()
self.check_php_conf()
isError = public.checkWebConfig()
if isError != True:
return public.return_msg_gettext(False, 'ERROR: %s<br><br><a style="color:red;">' % public.lang(
'An error was detected in the configuration file. Please solve it before proceeding') + isError.replace("\n", '<br>') + '</a>')
import json,files
get.path = self.__get_site_format_path(get.path)
if not public.check_site_path(get.path):
a,c = public.get_sys_path()
return public.return_msg_gettext(False, public.lang("Please do not set the website root directory to the system main directory:<br> {}", "<br>".join(a+c)))
try:
siteMenu = json.loads(get.webname)
except:
return public.return_msg_gettext(False, public.lang("The format of the webname parameter is incorrect, it should be a parseable JSON string"))
self.siteName = self.ToPunycode(siteMenu['domain'].strip().split(':')[0]).strip().lower()
self.sitePath = self.ToPunycodePath(self.GetPath(get.path.replace(' ', ''))).strip()
self.sitePort = get.port.strip().replace(' ', '')
if self.sitePort == "": get.port = "80"
if not public.checkPort(self.sitePort): return public.return_msg_gettext(False, public.lang("Port range is incorrect! should be between 100-65535"))
for domain in siteMenu['domainlist']:
if not len(domain.split(':')) == 2:
continue
if not public.checkPort(domain.split(':')[1]): return public.return_msg_gettext(False, public.lang("Port range is incorrect! should be between 100-65535"))
if hasattr(get, 'version'):
self.phpVersion = get.version.replace(' ', '')
else:
self.phpVersion = '00'
if not self.phpVersion: self.phpVersion = '00'
php_version = self.GetPHPVersion(get)
is_phpv = False
for php_v in php_version:
if self.phpVersion == php_v['version']:
is_phpv = True
break
if not is_phpv: return public.return_msg_gettext(False, public.lang("Requested PHP version does NOT exist!"))
domain = None
# if siteMenu['count']:
# domain = get.domain.replace(' ','')
#表单验证
if not self.__check_site_path(self.sitePath): return public.return_msg_gettext(False, public.lang("System critical directory cannot be used as site directory"))
if len(self.phpVersion) < 2: return public.return_msg_gettext(False, public.lang("PHP version cannot be empty"))
reg = r"^([\w\-\*]{1,100}\.){1,24}([\w\-]{1,24}|[\w\-]{1,24}\.[\w\-]{1,24})$"
if not re.match(reg, self.siteName): return public.return_msg_gettext(False, public.lang("Format of primary domain is incorrect"))
if self.siteName.find('*') != -1: return public.return_msg_gettext(False, public.lang("Primary domain cannot be wildcard DNS record"))
if self.sitePath[-1] == '.': return public.return_msg_gettext(False, 'DIR_END_WITH', ("'.'",))
if not domain: domain = self.siteName
# 是否重复
sql = public.M('sites')
if sql.where("name=?", (self.siteName,)).count(): return public.return_msg_gettext(False, public.lang("The site you tried to add already exists!"))
opid = public.M('domain').where("name=?", (self.siteName,)).getField('pid')
if opid:
if public.M('sites').where('id=?', (opid,)).count():
return public.return_msg_gettext(False, public.lang("The domain you tried to add already exists!"))
public.M('domain').where('pid=?', (opid,)).delete()
if public.M('binding').where('domain=?', (self.siteName,)).count():
return public.return_msg_gettext(False, public.lang("The domain you tried to add already exists!"))
# 创建根目录
if not os.path.exists(self.sitePath):
try:
os.makedirs(self.sitePath)
except Exception as ex:
return public.return_msg_gettext(False, 'Failed to create site document root, {}', (ex,))
public.ExecShell('chmod -R 755 ' + self.sitePath)
public.ExecShell('chown -R www:www ' + self.sitePath)
# 创建basedir
self.DelUserInI(self.sitePath)
userIni = self.sitePath + '/.user.ini'
if not os.path.exists(userIni):
public.writeFile(userIni, 'open_basedir=' + self.sitePath + '/:/tmp/')
public.ExecShell('chmod 644 ' + userIni)
public.ExecShell('chown root:root ' + userIni)
public.ExecShell('chattr +i ' + userIni)
ngx_open_basedir_path = self.setupPath + '/panel/vhost/open_basedir/nginx'
if not os.path.exists(ngx_open_basedir_path):
os.makedirs(ngx_open_basedir_path, 384)
ngx_open_basedir_file = ngx_open_basedir_path + '/{}.conf'.format(self.siteName)
ngx_open_basedir_body = '''set $bt_safe_dir "open_basedir";
set $bt_safe_open "{}/:/tmp/";'''.format(self.sitePath)
public.writeFile(ngx_open_basedir_file, ngx_open_basedir_body)
# 创建默认文档
index = self.sitePath + '/index.html'
if not os.path.exists(index):
public.writeFile(index, public.readFile('data/defaultDoc.html'))
public.ExecShell('chmod -R 644 ' + index)
public.ExecShell('chown -R www:www ' + index)
# 创建自定义404页
doc404 = self.sitePath + '/404.html'
if not os.path.exists(doc404):
public.writeFile(doc404, public.readFile('data/404.html'))
public.ExecShell('chmod -R 644 ' + doc404)
public.ExecShell('chown -R www:www ' + doc404)
# 创建自定义502页面
doc502 = self.sitePath + '/502.html'
if not os.path.exists(doc502) and os.path.exists('data/502.html'):
public.writeFile(doc502, public.readFile('data/502.html'))
public.ExecShell('chmod -R 644 ' + doc502)
public.ExecShell('chown -R www:www ' + doc502)
# 写入配置
result = self.nginxAdd()
result = self.apacheAdd()
result = self.openlitespeed_add_site(get)
# 检查处理结果
if not result: return public.return_msg_gettext(False, public.lang("Failed to add, write configuraton ERROR!"))
ps = public.xssencode2(get.ps)
# 添加放行端口
if self.sitePort != '80':
import firewalls
get.port = self.sitePort
get.ps = self.siteName
firewalls.firewalls().AddAcceptPort(get)
if not hasattr(get,'type_id'): get.type_id = 0
if not hasattr(get,'project_type'): get.project_type = "PHP"
public.check_domain_cloud(self.siteName)
# 统计wordpress安装次数
if get.project_type == 'WP':
public.count_wp()
#写入数据库
get.pid = sql.table('sites').add('name,path,status,ps,type_id,addtime,project_type',(self.siteName,self.sitePath,'1',ps,get.type_id,public.getDate(),get.project_type))
#添加更多域名
for domain in siteMenu['domainlist']:
get.domain = domain
get.webname = self.siteName
get.id = str(get.pid)
self.AddDomain(get, multiple)
sql.table('domain').add('pid,name,port,addtime', (get.pid, self.siteName, self.sitePort, public.getDate()))
data = {}
data['siteStatus'] = True
data['siteId'] = get.pid
# 添加FTP
data['ftpStatus'] = False
if 'ftp' not in get:
get.ftp = False
if get.ftp == 'true':
import ftp
get.ps = self.siteName
result = ftp.ftp().AddUser(get)
if result['status']:
data['ftpStatus'] = True
data['ftpUser'] = get.ftp_username
data['ftpPass'] = get.ftp_password
# 添加数据库
data['databaseStatus'] = False
if 'sql' not in get:
get.sql = False
if get.sql == 'true' or get.sql == 'MySQL':
import database
if len(get.datauser) > 16: get.datauser = get.datauser[:16]
get.name = get.datauser
get.db_user = get.datauser
get.password = get.datapassword
get.address = '127.0.0.1'
get.ps = self.siteName
result = database.database().AddDatabase(get)
if result['status']:
data['databaseStatus'] = True
data['databaseUser'] = get.datauser
data['databasePass'] = get.datapassword
data['d_id'] = str(public.M('databases').where('pid=?',(get.pid,)).field('id').find()['id'])
if not multiple:
public.serviceReload()
data = self._set_ssl(get, data, siteMenu)
data = self._set_redirect(get, data)
public.write_log_gettext('Site manager', 'Successfully added site [{}]!', (self.siteName,))
return data
def _set_redirect(self, get, data):
try:
if not hasattr(get, 'redirect') and not get.redirect:
data['redirect'] = False
return data
import panelRedirect
get.redirectdomain = json.dumps([get.redirect])
get.sitename = get.webname
get.redirectname = 'Default'
get.redirecttype = '301'
get.holdpath = '1'
get.type = '1'
get.domainorpath = 'domain'
get.redirectpath = ''
if data['ssl']:
get.tourl = 'https://{}'.format(get.tourl)
else:
get.tourl = 'http://{}'.format(get.tourl)
panelRedirect.panelRedirect().CreateRedirect(get)
data['redirect'] = True
except:
data['redirect'] = str(public.get_error_info())
data['redirect'] = True
return data
def _set_ssl(self, get, data, siteMenu):
try:
if get.set_ssl != '1':
data['ssl'] = False
return data
import acme_v2
ssl_domain = siteMenu['domainlist']
ssl_domain.append(self.siteName)
get.id = str(get.pid)
get.auth_to = str(get.pid)
get.auth_type = 'http'
get.auto_wildcard = ''
get.domains = json.dumps(ssl_domain)
result = acme_v2.acme_v2().apply_cert_api(get)
get.type = '1'
get.siteName = self.siteName
get.key = result['private_key']
get.csr = result['cert'] + result['root']
self.SetSSL(get)
data['ssl'] = True
if hasattr(get, 'force_ssl') and get.force_ssl == '1':
get.siteName = self.siteName
self.HttpToHttps(get)
except:
data['ssl'] = str(public.get_error_info())
return data
def __get_site_format_path(self, path):
path = path.replace('//', '/')
if path[-1:] == '/':
path = path[:-1]
return path
def __check_site_path(self, path):
path = self.__get_site_format_path(path)
other_path = public.M('config').where("id=?", ('1',)).field('sites_path,backup_path').find()
if path == other_path['sites_path'] or path == other_path['backup_path']: return False
return True
def delete_website_multiple(self, get):
'''
@name 批量删除网站
@author zhwen<2020-11-17>
@param sites_id "1,2"
@param ftp 0/1
@param database 0/1
@param path 0/1
'''
sites_id = get.sites_id.split(',')
del_successfully = []
del_failed = {}
for site_id in sites_id:
get.id = site_id
get.webname = public.M('sites').where("id=?", (site_id,)).getField('name')
if not get.webname:
continue
try:
self.DeleteSite(get, multiple=1)
del_successfully.append(get.webname)
except:
del_failed[get.webname] = public.lang("There was an error deleting, please try again.")
pass
public.serviceReload()
return {'status': True, 'msg': public.lang('Delete website [{}] successfully', ','.join(del_successfully)),
'error': del_failed,
'success': del_successfully}
# 删除站点
def DeleteSite(self, get: public.dict_obj, multiple=None):
# 请求参数校验
get.validate([
public.validate.Param('id').Require().Integer(),
public.validate.Param('webname').Require().SafePath(),
public.validate.Param('path').Integer(),
], [public.validate.trim_filter()])
proxyconf = self.__read_config(self.__proxyfile)
id = get.id
if public.M('sites').where('id=?', (id,)).count() < 1: return public.return_msg_gettext(False, public.lang("Specified site does NOT exist"))
siteName = get.webname
get.siteName = siteName
self.CloseTomcat(get)
# 删除反向代理
for i in range(len(proxyconf) - 1, -1, -1):
if proxyconf[i]["sitename"] == siteName:
del proxyconf[i]
self.__write_config(self.__proxyfile, proxyconf)
m_path = self.setupPath + '/panel/vhost/nginx/proxy/' + siteName
if os.path.exists(m_path): public.ExecShell("rm -rf %s" % m_path)
m_path = self.setupPath + '/panel/vhost/apache/proxy/' + siteName
if os.path.exists(m_path): public.ExecShell("rm -rf %s" % m_path)
# 删除目录保护
_dir_aith_file = "%s/panel/data/site_dir_auth.json" % self.setupPath
_dir_aith_conf = public.readFile(_dir_aith_file)
if _dir_aith_conf:
try:
_dir_aith_conf = json.loads(_dir_aith_conf)
if siteName in _dir_aith_conf:
del (_dir_aith_conf[siteName])
except:
pass
self.__write_config(_dir_aith_file, _dir_aith_conf)
dir_aith_path = self.setupPath + '/panel/vhost/nginx/dir_auth/' + siteName
if os.path.exists(dir_aith_path): public.ExecShell("rm -rf %s" % dir_aith_path)
dir_aith_path = self.setupPath + '/panel/vhost/apache/dir_auth/' + siteName
if os.path.exists(dir_aith_path): public.ExecShell("rm -rf %s" % dir_aith_path)
# 删除重定向
__redirectfile = "%s/panel/data/redirect.conf" % self.setupPath
redirectconf = self.__read_config(__redirectfile)
for i in range(len(redirectconf) - 1, -1, -1):
if redirectconf[i]["sitename"] == siteName:
del redirectconf[i]
self.__write_config(__redirectfile, redirectconf)
m_path = self.setupPath + '/panel/vhost/nginx/redirect/' + siteName
if os.path.exists(m_path): public.ExecShell("rm -rf %s" % m_path)
m_path = self.setupPath + '/panel/vhost/apache/redirect/' + siteName
if os.path.exists(m_path): public.ExecShell("rm -rf %s" % m_path)
# 删除配置文件
confPath = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if os.path.exists(confPath): os.remove(confPath)
confPath = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if os.path.exists(confPath): os.remove(confPath)
open_basedir_file = self.setupPath + '/panel/vhost/open_basedir/nginx/' + siteName + '.conf'
if os.path.exists(open_basedir_file): os.remove(open_basedir_file)
# 删除openlitespeed配置
vhost_file = "/www/server/panel/vhost/openlitespeed/{}.conf".format(siteName)
if os.path.exists(vhost_file):
public.ExecShell('rm -f {}*'.format(vhost_file))
vhost_detail_file = "/www/server/panel/vhost/openlitespeed/detail/{}.conf".format(siteName)
if os.path.exists(vhost_detail_file):
public.ExecShell('rm -f {}*'.format(vhost_detail_file))
vhost_ssl_file = "/www/server/panel/vhost/openlitespeed/detail/ssl/{}.conf".format(siteName)
if os.path.exists(vhost_ssl_file):
public.ExecShell('rm -f {}*'.format(vhost_ssl_file))
vhost_sub_file = "/www/server/panel/vhost/openlitespeed/detail/{}_sub.conf".format(siteName)
if os.path.exists(vhost_sub_file):
public.ExecShell('rm -f {}*'.format(vhost_sub_file))
vhost_redirect_file = "/www/server/panel/vhost/openlitespeed/redirect/{}".format(siteName)
if os.path.exists(vhost_redirect_file):
public.ExecShell('rm -rf {}*'.format(vhost_redirect_file))
vhost_proxy_file = "/www/server/panel/vhost/openlitespeed/proxy/{}".format(siteName)
if os.path.exists(vhost_proxy_file):
public.ExecShell('rm -rf {}*'.format(vhost_proxy_file))
# 删除openlitespeed监听配置
self._del_ols_listen_conf(siteName)
# 删除伪静态文件
# filename = confPath+'/rewrite/'+siteName+'.conf'
filename = '/www/server/panel/vhost/rewrite/' + siteName + '.conf'
if os.path.exists(filename):
os.remove(filename)
public.ExecShell("rm -f " + confPath + '/rewrite/' + siteName + "_*")
# 删除日志文件
filename = public.GetConfigValue('logs_path') + '/' + siteName + '*'
public.ExecShell("rm -f " + filename)
# 删除证书
# crtPath = '/etc/letsencrypt/live/'+siteName
# if os.path.exists(crtPath):
# import shutil
# shutil.rmtree(crtPath)
# 删除日志
public.ExecShell("rm -f " + public.GetConfigValue('logs_path') + '/' + siteName + "-*")
# 删除备份
# public.ExecShell("rm -f "+session['config']['backup_path']+'/site/'+siteName+'_*')
# 删除根目录
if 'path' in get:
if get.path == '1':
import files
get.path = self.__get_site_format_path(public.M('sites').where("id=?",(id,)).getField('path'))
if self.__check_site_path(get.path):
if public.M('sites').where("path=?", (get.path,)).count() < 2:
files.files().DeleteDir(get)
get.path = '1'
# 重载配置
if not multiple:
public.serviceReload()
# 从数据库删除
public.M('sites').where("id=?", (id,)).delete()
public.M('binding').where("pid=?", (id,)).delete()
public.M('domain').where("pid=?", (id,)).delete()
public.M('wordpress_onekey').where("s_id=?", (id,)).delete()
public.write_log_gettext('Site manager', 'Successfully deleted site!', (siteName,))
# 是否删除关联数据库
if hasattr(get, 'database'):
if get.database == '1':
find = public.M('databases').where("pid=?", (id,)).field('id,name').find()
if find:
import database
get.name = find['name']
get.id = find['id']
database.database().DeleteDatabase(get)
# 是否删除关联FTP
if hasattr(get, 'ftp'):
if get.ftp == '1':
find = public.M('ftps').where("pid=?", (id,)).field('id,name').find()
if find:
import ftp
get.username = find['name']
get.id = find['id']
ftp.ftp().DeleteUser(get)
return public.return_msg_gettext(True, public.lang("Successfully deleted site!"))
def _del_ols_listen_conf(self, sitename):
conf_dir = '/www/server/panel/vhost/openlitespeed/listen/'
if not os.path.exists(conf_dir):
return False
for i in os.listdir(conf_dir):
file_name = conf_dir + i
if os.path.isdir(file_name):
continue
conf = public.readFile(file_name)
if not conf:
continue
map_rep = r'map\s+{}.*'.format(sitename)
conf = re.sub(map_rep, '', conf)
if "map" not in conf:
public.ExecShell('rm -f {}*'.format(file_name))
continue
public.writeFile(file_name, conf)
# 域名编码转换
def ToPunycode(self, domain):
import re
if sys.version_info[0] == 2: domain = domain.encode('utf8')
tmp = domain.split('.')
newdomain = ''
for dkey in tmp:
if dkey == '*': continue
# 匹配非ascii字符
match = re.search(u"[\x80-\xff]+", dkey)
if not match: match = re.search(u"[\u4e00-\u9fa5]+", dkey)
if not match:
newdomain += dkey + '.'
else:
if sys.version_info[0] == 2:
newdomain += 'xn--' + dkey.decode('utf-8').encode('punycode') + '.'
else:
newdomain += 'xn--' + dkey.encode('punycode').decode('utf-8') + '.'
if tmp[0] == '*': newdomain = "*." + newdomain
return newdomain[0:-1]
# 中文路径处理
def ToPunycodePath(self, path):
if sys.version_info[0] == 2: path = path.encode('utf-8')
if os.path.exists(path): return path
import re
match = re.search(u"[\x80-\xff]+", path)
if not match: match = re.search(u"[\u4e00-\u9fa5]+", path)
if not match: return path
npath = ''
for ph in path.split('/'):
npath += '/' + self.ToPunycode(ph)
return npath.replace('//', '/')
def export_domains(self, args):
'''
@name 导出域名列表
@author hwliang<2020-10-27>
@param args<dict_obj>{
siteName: string<网站名称>
}
@return string
'''
pid = public.M('sites').where('name=?', args.siteName).getField('id')
domains = public.M('domain').where('pid=?', pid).field('name,port').select()
text_data = []
for domain in domains:
text_data.append("{}:{}".format(domain['name'], domain['port']))
data = "\n".join(text_data)
return public.send_file(data, '{}_domains'.format(args.siteName))
def import_domains(self, args):
'''
@name 导入域名
@author hwliang<2020-10-27>
@param args<dict_obj>{
siteName: string<网站名称>
domains: string<域名列表> 每行一个 格式: 域名:端口
}
@return string
'''
domains_tmp = args.domains.split("\n")
get = public.dict_obj()
get.webname = args.siteName
get.id = public.M('sites').where('name=?', args.siteName).getField('id')
domains = []
for domain in domains_tmp:
if public.M('domain').where('name=?', domain.split(':')[0]).count():
continue
domains.append(domain)
get.domain = ','.join(domains)
return self.AddDomain(get)
# 添加域名
def AddDomain(self, get, multiple=None):
# 检查配置文件
isError = public.checkWebConfig()
if isError != True:
return public.return_msg_gettext(False, 'ERROR: %s<br><br><a style="color:red;">' % public.get_msg_gettext(
'An error was detected in the configuration file. Please solve it before proceeding') + isError.replace("\n", '<br>') + '</a>')
if not 'domain' in get: return public.return_msg_gettext(False, public.lang("Please enter the host domain name"))
if len(get.domain) < 3: return public.return_msg_gettext(False, public.lang("Domain cannot be empty!"))
domains = get.domain.replace(' ', '').split(',')
for domain in domains:
if domain == "": continue
domain = domain.strip().split(':')
get.domain = self.ToPunycode(domain[0]).lower()
get.port = '80'
# 判断通配符域名格式
if get.domain.find('*') != -1 and get.domain.find('*.') == -1:
return public.return_msg_gettext(False, public.lang("Domain name format is incorrect!"))
# 判断域名格式
reg = r"^([\w\-\*]{1,100}\.){1,24}([\w\-]{1,24}|[\w\-]{1,24}\.[\w\-]{1,24})$"
if not re.match(reg, get.domain): return public.return_msg_gettext(False, public.lang("Format of domain is invalid!"))
# 获取自定义端口
if len(domain) == 2:
get.port = domain[1]
if get.port == "": get.port = "80"
# 判断端口是否合法
if not public.checkPort(get.port): return public.return_msg_gettext(False, public.lang("Port range is incorrect! should be between 100-65535"))
# 检查域名是否存在
sql = public.M('domain')
opid = sql.where("name=? AND (port=? OR pid=?)", (get.domain, get.port, get.id)).getField('pid')
if opid:
siteName = public.M('sites').where('id=?',(opid,)).getField('name')
if siteName:
return public.return_msg_gettext(False, public.lang("The specified domain name has been bound by the website [{}]", siteName))
sql.where('pid=?', (opid,)).delete()
opid = public.M('binding').where('domain=?', (get.domain,)).getField('pid')
if opid:
siteName = public.M('sites').where('id=?',(opid,)).getField('name')
return public.returnMsg(False, public.lang("The specified domain name has been bound by a subdirectory of the website [{}]!", siteName))
# 写配置文件
self.NginxDomain(get)
try:
self.ApacheDomain(get)
self.openlitespeed_domain(get)
if self._check_ols_ssl(get.webname):
get.port = '443'
self.openlitespeed_domain(get)
get.port = '80'
except:
pass
# 检查实际端口
if len(domain) == 2: get.port = domain[1]
# 添加放行端口
if get.port != '80':
import firewalls
get.ps = get.domain
firewalls.firewalls().AddAcceptPort(get)
# 重载webserver服务
if not multiple:
public.serviceReload()
full_domain = get.domain
if not get.port in ['80','443']: full_domain += ':' + get.port
public.check_domain_cloud(full_domain)
public.write_log_gettext('Site manager', 'Site [{}] added domain [{}] successfully!', (get.webname, get.domain))
sql.table('domain').add('pid,name,port,addtime', (get.id, get.domain, get.port, public.getDate()))
return public.return_msg_gettext(True, public.lang("Successfully added site!"))
# 判断ols_ssl是否已经设置
def _check_ols_ssl(self, webname):
conf = public.readFile('/www/server/panel/vhost/openlitespeed/listen/443.conf')
if conf and webname in conf:
return True
return False
# 添加openlitespeed 80端口监听
def openlitespeed_set_80_domain(self, get, conf):
rep = r'map\s+{}.*'.format(get.webname)
domains = get.webname.strip().split(',')
if conf:
map_tmp = re.search(rep, conf)
if map_tmp:
map_tmp = map_tmp.group()
domains = map_tmp.strip().split(',')
if not public.inArray(domains, get.domain):
new_map = '{},{}'.format(conf, get.domain)
conf = re.sub(rep, new_map, conf)
else:
map_tmp = '\tmap\t{d} {d}\n'.format(d=domains[0])
listen_rep = r"secure\s*0"
conf = re.sub(listen_rep, "secure 0\n" + map_tmp, conf)
return conf
else:
rep_default = 'listener\\s+Default\\{(\n|[\\s\\w\\*\\:\\#\\.\\,])*'
tmp = re.search(rep_default, conf)
# domains = get.webname.strip().split(',')
if tmp:
tmp = tmp.group()
new_map = '\tmap\t{d} {d}\n'.format(d=domains[0])
tmp += new_map
conf = re.sub(rep_default, tmp, conf)
return conf
# openlitespeed写域名配置
def openlitespeed_domain(self, get):
listen_dir = '/www/server/panel/vhost/openlitespeed/listen/'
if not os.path.exists(listen_dir):
os.makedirs(listen_dir)
listen_file = listen_dir + get.port + ".conf"
listen_conf = public.readFile(listen_file)
try:
get.webname = json.loads(get.webname)
get.domain = get.webname['domain'].replace('\r', '')
get.webname = get.domain + "," + ",".join(get.webname["domainlist"])
if get.webname[-1] == ',':
get.webname = get.webname[:-1]
except:
pass
if listen_conf:
# 添加域名
rep = r'map\s+{}.*'.format(get.webname)
map_tmp = re.search(rep, listen_conf)
if map_tmp:
map_tmp = map_tmp.group()
domains = map_tmp.strip().split(',')
if not public.inArray(domains, get.domain):
new_map = '{},{}'.format(map_tmp, get.domain)
listen_conf = re.sub(rep, new_map, listen_conf)
else:
domains = get.webname.strip().split(',')
map_tmp = '\tmap\t{d} {d}'.format(d=domains[0])
listen_rep = r"secure\s*0"
listen_conf = re.sub(listen_rep, "secure 0\n" + map_tmp, listen_conf)
else:
listen_conf = """
listener Default%s{
address *:%s
secure 0
map %s %s
}
""" % (get.port, get.port, get.webname, get.domain)
# 保存配置文件
public.writeFile(listen_file, listen_conf)
return True
# Nginx写域名配置
def NginxDomain(self, get):
file = self.setupPath + '/panel/vhost/nginx/' + get.webname + '.conf'
conf = public.readFile(file)
if not conf: return
# 添加域名
rep = r"server_name\s*(.*);"
tmp = re.search(rep, conf).group()
domains = tmp.replace(';', '').strip().split(' ')
if not public.inArray(domains, get.domain):
newServerName = tmp.replace(';', ' ' + get.domain + ';')
conf = conf.replace(tmp, newServerName)
# 添加端口
rep = r"listen\s+[\[\]\:]*([0-9]+).*;"
tmp = re.findall(rep, conf)
if not public.inArray(tmp, get.port):
listen = re.search(rep, conf).group()
listen_ipv6 = ''
if self.is_ipv6: listen_ipv6 = "\n\t\tlisten [::]:" + get.port + ';'
conf = conf.replace(listen, listen + "\n\t\tlisten " + get.port + ';' + listen_ipv6)
# 保存配置文件
public.writeFile(file, conf)
return True
# Apache写域名配置
def ApacheDomain(self, get):
file = self.setupPath + '/panel/vhost/apache/' + get.webname + '.conf'
conf = public.readFile(file)
if not conf: return
port = get.port
siteName = get.webname
newDomain = get.domain
find = public.M('sites').where("id=?", (get.id,)).field('id,name,path').find()
sitePath = find['path']
siteIndex = 'index.php index.html index.htm default.php default.html default.htm'
# 添加域名
if conf.find('<VirtualHost *:' + port + '>') != -1:
repV = r"<VirtualHost\s+\*\:" + port + ">(.|\n)*</VirtualHost>"
domainV = re.search(repV, conf).group()
rep = r"ServerAlias\s*(.*)\n"
tmp = re.search(rep, domainV).group(0)
domains = tmp.strip().split(' ')
if not public.inArray(domains, newDomain):
rs = tmp.replace("\n", "")
newServerName = rs + ' ' + newDomain + "\n"
myconf = domainV.replace(tmp, newServerName)
conf = re.sub(repV, myconf, conf)
if conf.find('<VirtualHost *:443>') != -1:
repV = r"<VirtualHost\s+\*\:443>(.|\n)*</VirtualHost>"
domainV = re.search(repV, conf).group()
rep = r"ServerAlias\s*(.*)\n"
tmp = re.search(rep, domainV).group(0)
domains = tmp.strip().split(' ')
if not public.inArray(domains, newDomain):
rs = tmp.replace("\n", "")
newServerName = rs + ' ' + newDomain + "\n"
myconf = domainV.replace(tmp, newServerName)
conf = re.sub(repV, myconf, conf)
else:
try:
httpdVersion = public.readFile(self.setupPath + '/apache/version.pl').strip()
except:
httpdVersion = ""
if httpdVersion == '2.2':
vName = ''
if self.sitePort != '80' and self.sitePort != '443':
vName = "NameVirtualHost *:" + port + "\n"
phpConfig = ""
apaOpt = "Order allow,deny\n\t\tAllow from all"
else:
vName = ""
# rep = r"php-cgi-([0-9]{2,3})\.sock"
# version = re.search(rep,conf).groups()[0]
version = public.get_php_version_conf(conf)
if len(version) < 2: return public.return_msg_gettext(False, public.lang("Failed to get PHP version!"))
phpConfig = '''
#PHP
<FilesMatch \\.php$>
SetHandler "proxy:%s"
</FilesMatch>
''' % (public.get_php_proxy(version, 'apache'),)
apaOpt = 'Require all granted'
newconf = r'''<VirtualHost *:%s>
ServerAdmin webmaster@example.com
DocumentRoot "%s"
ServerName %s.%s
ServerAlias %s
#errorDocument 404 /404.html
ErrorLog "%s-error_log"
CustomLog "%s-access_log" combined
%s
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "%s">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
%s
DirectoryIndex %s
</Directory>
</VirtualHost>''' % (port, sitePath, siteName, port, newDomain, public.GetConfigValue('logs_path') + '/' + siteName,
public.GetConfigValue('logs_path') + '/' + siteName, phpConfig, sitePath, apaOpt, siteIndex)
conf += "\n\n" + newconf
# 添加端口
if port != '80' and port != '888': self.apacheAddPort(port)
# 保存配置文件
public.writeFile(file, conf)
return True
def delete_domain_multiple(self, get):
'''
@name 批量删除网站
@author zhwen<2020-11-17>
@param id "1"
@param domains_id 1,2,3
'''
domains_id = get.domains_id.split(',')
get.webname = public.M('sites').where("id=?", (get.id,)).getField('name')
del_successfully = []
del_failed = {}
for domain_id in domains_id:
get.domain = public.M('domain').where("id=? and pid=?", (domain_id, get.id)).getField('name')
get.port = str(public.M('domain').where("id=? and pid=?", (domain_id, get.id)).getField('port'))
if not get.webname:
continue
try:
result = self.DelDomain(get, multiple=1)
tmp = get.domain + ':' + get.port
if not result['status']:
del_failed[tmp] = result['msg']
continue
del_successfully.append(tmp)
except:
tmp = get.domain + ':' + get.port
del_failed[tmp] = public.lang("There was an error deleting, please try again.")
pass
public.serviceReload()
return {'status': True, 'msg': public.get_msg_gettext('Delete domain [{}] successfully', (','.join(del_successfully),)),
'error': del_failed,
'success': del_successfully}
# 删除域名
def DelDomain(self, get, multiple=None):
if not 'id' in get: return public.return_msg_gettext(False, public.lang("Please choose a domain name"))
if not 'port' in get: return public.return_msg_gettext(False, public.lang("Please choose a port"))
sql = public.M('domain')
id = get['id']
port = get.port
domain_data = sql.where("pid=? AND name=?", (get.id, get.domain)).field('id,name').find()
if isinstance(domain_data, list):
if not domain_data:
return public.return_message(-1, 0, public.lang("Domain record not found"))
domain_data = domain_data[0]
if not isinstance(domain_data, dict) or not domain_data.get('id'):
return public.return_message(-1, 0, public.lang("Domain record not found"))
domain_count = sql.table('domain').where("pid=?", (id,)).count()
if domain_count <= 1: return public.return_message(-1, 0, public.lang("Last domain cannot be deleted!"))
domain_count = sql.table('domain').where("pid=?", (id,)).count()
if domain_count == 1: return public.return_msg_gettext(False, public.lang("Last domain cannot be deleted!"))
# nginx
file = self.setupPath + '/panel/vhost/nginx/' + get['webname'] + '.conf'
conf = public.readFile(file)
if conf:
# 删除域名
rep = r"server_name\s+(.+);"
match = re.search(rep, conf)
if match:
tmp = match.group()
newServerName = tmp.replace(' ' + get['domain'] + ';', ';')
newServerName = newServerName.replace(' ' + get['domain'] + ' ', ' ')
conf = conf.replace(tmp, newServerName)
else:
public.WriteLog("Site manager", f"No server_name found in the Nginx configuration, the domain {get.domain} is only removed from the database")
# 删除端口
rep = r"listen.*[\s:]+(\d+).*;"
tmp = re.findall(rep, conf)
port_count = sql.table('domain').where('pid=? AND port=?', (get.id, get.port)).count()
if public.inArray(tmp, port) == True and port_count < 2:
rep = r"\n*\s+listen.*[\s:]+" + port + r"\s*;"
conf = re.sub(rep, '', conf)
# 保存配置
public.writeFile(file, conf)
# apache
file = self.setupPath + '/panel/vhost/apache/' + get['webname'] + '.conf'
conf = public.readFile(file)
if conf:
# 删除域名
try:
rep = r"\n*<VirtualHost \*\:" + port + ">(.|\n)*</VirtualHost>"
tmp = re.search(rep, conf).group()
rep1 = "ServerAlias\\s+(.+)\n"
tmp1 = re.findall(rep1, tmp)
tmp2 = tmp1[0].split(' ')
if len(tmp2) < 2:
conf = re.sub(rep, '', conf)
rep = r"NameVirtualHost.+\:" + port + "\n"
conf = re.sub(rep, '', conf)
else:
newServerName = tmp.replace(' ' + get['domain'] + "\n", "\n")
newServerName = newServerName.replace(' ' + get['domain'] + ' ', ' ')
conf = conf.replace(tmp, newServerName)
# 保存配置
public.writeFile(file, conf.strip())
except:
pass
# openlitespeed
self._del_ols_domain(get)
sql.table('domain').where("id=?", (domain_data['id'],)).delete()
public.write_log_gettext('Site manager', 'Site [{}] deleted domain [{}] successfully!', (get.webname, get.domain))
if not multiple:
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Successfully deleted"))
# openlitespeed删除域名
def _del_ols_domain(self, get):
conf_dir = '/www/server/panel/vhost/openlitespeed/listen/'
if not os.path.exists(conf_dir):
return False
for i in os.listdir(conf_dir):
file_name = conf_dir + i
if os.path.isdir(file_name):
continue
conf = public.readFile(file_name)
map_rep = r'map\s+{}\s+(.*)'.format(get.webname)
domains = re.search(map_rep, conf)
if domains:
domains = domains.group(1).split(',')
if get.domain in domains:
domains.remove(get.domain)
if len(domains) == 0:
os.remove(file_name)
continue
else:
domains = ",".join(domains)
map_c = "map\t{} ".format(get.webname) + domains
conf = re.sub(map_rep, map_c, conf)
public.writeFile(file_name, conf)
# 检查域名是否解析
def CheckDomainPing(self, get):
try:
epass = public.GetRandomString(32)
spath = get.path + '/.well-known/pki-validation'
if not os.path.exists(spath): public.ExecShell("mkdir -p '" + spath + "'")
public.writeFile(spath + '/fileauth.txt', epass)
result = public.httpGet(
'http://' + get.domain.replace('*.', '') + '/.well-known/pki-validation/fileauth.txt')
if result == epass: return True
return False
except:
return False
def analyze_ssl(self, csr):
issuer_dic = {}
try:
from cryptography import x509
from cryptography.hazmat.backends import default_backend
cert = x509.load_pem_x509_certificate(csr.encode("utf-8"), default_backend())
issuer = cert.issuer
for i in issuer:
issuer_dic[i.oid._name] = i.value
except:
pass
return issuer_dic
# 保存第三方证书
def SetSSL(self, get):
import ssl_info
ssl_info = ssl_info.ssl_info()
get.key = get.key.strip()
get.csr = get.csr.strip()
issuer = self.analyze_ssl(get.csr)
if issuer.get("organizationName") == "Let's Encrypt":
get.csr += "\n"
siteName = get.siteName
path = '/www/server/panel/vhost/cert/' + siteName
csrpath = path + "/fullchain.pem"
keypath = path + "/privkey.pem"
if (get.key.find('KEY') == -1): return public.return_msg_gettext(False, public.lang("Private Key ERROR, please check!"))
if (get.csr.find('CERTIFICATE') == -1): return public.return_msg_gettext(False, public.lang("Certificate ERROR, please check!"))
public.writeFile('/tmp/cert.pl', get.csr)
if not public.CheckCert('/tmp/cert.pl'): return public.return_msg_gettext(False, public.lang("Error getting certificate"))
#验证格式
# format_status, format_message = ssl_info.verify_format('key',get.key)
# if not format_status:
# return public.returnMsg(False, format_message)
# format_status, format_message = ssl_info.verify_format('cert',get.csr)
# if not format_status:
# return public.returnMsg(False, format_message)
# 验证证书和密钥是否匹配格式是否为pem
check_flag, check_msg = ssl_info.verify_certificate_and_key_match(get.key, get.csr)
if not check_flag: return public.returnMsg(False, check_msg)
# 验证证书链是否完整
check_chain_flag, check_chain_msg = ssl_info.verify_certificate_chain(get.csr)
if not check_chain_flag: return public.returnMsg(False, check_chain_msg)
backup_cert = '/tmp/backup_cert_' + siteName
import shutil
if os.path.exists(backup_cert): shutil.rmtree(backup_cert)
if os.path.exists(path): shutil.move(path, backup_cert)
if os.path.exists(path): shutil.rmtree(path)
public.ExecShell('mkdir -p ' + path)
public.writeFile(keypath, get.key)
public.writeFile(csrpath, get.csr)
# 写入配置文件
result = self.SetSSLConf(get)
if not result['status']: return result
isError = public.checkWebConfig()
if (type(isError) == str):
if os.path.exists(path):
shutil.rmtree(backup_cert)
if os.path.exists(backup_cert):
shutil.move(backup_cert, path)
return public.return_msg_gettext(False, public.lang('ERROR: <br><a style="color:red;">' + isError.replace("\n", '<br>') + '</a>'))
public.serviceReload()
if os.path.exists(path + '/partnerOrderId'): os.remove(path + '/partnerOrderId')
if os.path.exists(path + '/certOrderId'): os.remove(path + '/certOrderId')
p_file = '/etc/letsencrypt/live/' + get.siteName
if os.path.exists(p_file): shutil.rmtree(p_file)
public.write_log_gettext('Site manager', 'Certificate saved!')
# 清理备份证书
if os.path.exists(backup_cert): shutil.rmtree(backup_cert)
return public.return_msg_gettext(True, public.lang("Certificate saved!"))
# 获取运行目录
def GetRunPath(self, get):
if not hasattr(get, 'id'):
if hasattr(get, 'siteName'):
get.id = public.M('sites').where('name=?', (get.siteName,)).getField('id')
else:
get.id = public.M('sites').where('path=?', (get.path,)).getField('id')
if not get.id: return False
if type(get.id) == list: get.id = get.id[0]['id']
result = self.GetSiteRunPath(get)
if 'runPath' in result:
return result['runPath']
return False
# 创建Let's Encrypt免费证书
def CreateLet(self, get):
domains = json.loads(get.domains)
if not len(domains):
return public.return_msg_gettext(False, public.lang("Please choose a domain name"))
file_auth = True
if hasattr(get, 'dnsapi'):
file_auth = False
if not hasattr(get, 'dnssleep'):
get.dnssleep = 10
email = public.M('users').getField('email')
if hasattr(get, 'email'):
if get.email.find('@') == -1:
get.email = email
else:
get.email = get.email.strip()
public.M('users').where('id=?', (1,)).setField('email', get.email)
else:
get.email = email
for domain in domains:
if public.checkIp(domain): continue
if domain.find('*.') >= 0 and file_auth:
return public.return_msg_gettext(False, public.lang("A generic domain name cannot be used to apply for a certificate using [File Validation]!"))
if file_auth:
get.sitename = get.siteName
if self.GetRedirectList(get): return public.return_msg_gettext(False, public.lang("Your site has 301 Redirect onPlease turn it off first!"))
if self.GetProxyList(get): return public.return_msg_gettext(False, public.lang("Sites that have reverse proxy turned on cannot request SSL!"))
data = self.get_site_info(get.siteName)
get.id = data['id']
runPath = self.GetRunPath(get)
if runPath != '/':
if runPath[:1] != '/': runPath = '/' + runPath
else:
runPath = ''
get.site_dir = data['path'] + runPath
else:
dns_api_list = self.GetDnsApi(get)
get.dns_param = None
for dns in dns_api_list:
if dns['name'] == get.dnsapi:
param = []
if not dns['data']: continue
for val in dns['data']:
param.append(val['value'])
get.dns_param = '|'.join(param)
n_list = ['dns', 'dns_bt']
if not get.dnsapi in n_list:
if len(get.dns_param) < 16: return public.return_msg_gettext(False, 'No valid DNSAPI key information found', (get.dnsapi,))
if get.dnsapi == 'dns_bt':
if not os.path.exists('plugin/dns/dns_main.py'):
return public.return_msg_gettext(False, public.lang("Please go to the software store to install [Cloud Resolution] and complete the domain name NS binding."))
self.check_ssl_pack()
try:
import panelLets
public.mod_reload(panelLets)
except Exception as ex:
if str(ex).find('No module named requests') != -1:
public.ExecShell("pip install requests &")
return public.return_msg_gettext(False, public.lang("Missing requests component, please try to repair the panel!"))
return public.return_msg_gettext(False, str(ex))
lets = panelLets.panelLets()
result = lets.apple_lest_cert(get)
if result['status'] and not 'code' in result:
get.onkey = 1
path = '/www/server/panel/cert/' + get.siteName
if os.path.exists(path + '/certOrderId'): os.remove(path + '/certOrderId')
result = self.SetSSLConf(get)
return result
def get_site_info(self, siteName):
data = public.M("sites").where('name=?', siteName).field('id,path,name').find()
return data
# 检测依赖库
def check_ssl_pack(self):
try:
import requests
except:
public.ExecShell('btpip install requests')
try:
import OpenSSL
except:
public.ExecShell('btpip install pyOpenSSL')
# 判断DNS-API是否设置
def Check_DnsApi(self, dnsapi):
dnsapis = self.GetDnsApi(None)
for dapi in dnsapis:
if dapi['name'] == dnsapi:
if not dapi['data']: return True
for d in dapi['data']:
if d['key'] == '': return False
return True
# 获取DNS-API列表
def GetDnsApi(self, get):
api_path = './config/dns_api.json'
api_init = './config/dns_api_init.json'
if not os.path.exists(api_path):
if os.path.exists(api_init):
import shutil
shutil.copyfile(api_init, api_path)
apis = json.loads(public.ReadFile(api_path))
path = '/root/.acme.sh'
if not os.path.exists(path + '/account.conf'): path = "/.acme.sh"
account = public.readFile(path + '/account.conf')
if not account: account = ''
is_write = False
for i in range(len(apis)):
if not apis[i]['data']: continue
for j in range(len(apis[i]['data'])):
if apis[i]['data'][j]['value']: continue
match = re.search(apis[i]['data'][j]['key'] + r"\s*=\s*'(.+)'", account)
if match: apis[i]['data'][j]['value'] = match.groups()[0]
if apis[i]['data'][j]['value']: is_write = True
if is_write: public.writeFile('./config/dns_api.json', json.dumps(apis))
# aa dns api support info
from sslModel.dnsapiModel import main
supports_info = main().dns_support_info()
result = []
for support in supports_info:
for api in apis:
if api['title'] == 'CloudFlare':
if os.path.exists('/www/server/panel/data/cf_limit_api.pl'):
api['API_Limit'] = True
else:
api['API_Limit'] = False
if api['name'] == support['name']:
support['data'] = api.get('data')
result.append(support)
break
else:
result.append(support)
result.sort(key=lambda x: x['title'])
apis.sort(key=lambda x: x['title'])
if result != apis:
public.writeFile('./config/dns_api.json', json.dumps(result))
for index, item in enumerate(apis):
if item.get("title", "") == "Manual resolution":
target_dict = apis.pop(index)
apis.insert(0, target_dict)
break
return apis
# 设置DNS-API
def SetDnsApi(self, get):
pdata = json.loads(get.pdata)
cf_limit_api = "/www/server/panel/data/cf_limit_api.pl"
if 'API_Limit' in pdata and pdata['API_Limit'] == True and not os.path.exists(cf_limit_api):
os.mknod(cf_limit_api)
if 'API_Limit' in pdata and pdata['API_Limit']== False:
if os.path.exists(cf_limit_api):os.remove(cf_limit_api)
apis = json.loads(public.ReadFile('./config/dns_api.json'))
is_write = False
for key in pdata.keys():
for i in range(len(apis)):
if not apis[i]['data']: continue
for j in range(len(apis[i]['data'])):
if apis[i]['data'][j]['key'] != key: continue
apis[i]['data'][j]['value'] = pdata[key]
is_write = True
if is_write: public.writeFile('./config/dns_api.json', json.dumps(apis))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 获取站点所有域名
def GetSiteDomains(self, get):
data = {}
domains = public.M('domain').where('pid=?', (get.id,)).field('name,id').select()
binding = public.M('binding').where('pid=?', (get.id,)).field('domain,id').select()
if type(binding) == str: return binding
for b in binding:
tmp = {}
tmp['name'] = b['domain']
tmp['id'] = b['id']
tmp['binding'] = True
domains.append(tmp)
data['domains'] = domains
data['email'] = public.M('users').where('id=?', (1,)).getField('email')
if data['email'] == '287962566@qq.com': data['email'] = ''
return data
def GetFormatSSLResult(self, result):
try:
import re
rep = "\\s*Domain:.+\n\\s+Type:.+\n\\s+Detail:.+"
tmps = re.findall(rep, result)
statusList = []
for tmp in tmps:
arr = tmp.strip().split('\n')
status = {}
for ar in arr:
tmp1 = ar.strip().split(':')
status[tmp1[0].strip()] = tmp1[1].strip()
if len(tmp1) > 2:
status[tmp1[0].strip()] = tmp1[1].strip() + ':' + tmp1[2]
statusList.append(status)
return statusList
except:
return None
# 获取TLS1.3标记
def get_tls13(self):
nginx_bin = '/www/server/nginx/sbin/nginx'
nginx_v = public.ExecShell(nginx_bin + ' -V 2>&1')[0]
nginx_v_re = re.findall(r"nginx/(\d\.\d+).+OpenSSL\s+(\d\.\d+)",nginx_v,re.DOTALL)
if nginx_v_re:
if nginx_v_re[0][0] in ['1.8','1.9','1.7','1.6','1.5','1.4']:
return ''
if float(nginx_v_re[0][0]) >= 1.15 and float(nginx_v_re[0][-1]) >= 1.1:
return ' TLSv1.3'
else:
_v = re.search(r'nginx/1\.1(5|6|7|8|9).\d',nginx_v)
if not _v:
_v = re.search(r'nginx/1\.2\d\.\d',nginx_v)
openssl_v = public.ExecShell(nginx_bin + ' -V 2>&1|grep OpenSSL')[0].find('OpenSSL 1.1.') != -1
if _v and openssl_v:
return ' TLSv1.3'
return ''
# 获取apache反向代理
def get_apache_proxy(self, conf):
rep = "\n*#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid\n+\\s+IncludeOptiona.*"
proxy = re.search(rep, conf)
if proxy:
return proxy.group()
return ""
def _get_site_domains(self, sitename):
site_id = public.M('sites').where('name=?', (sitename,)).field('id').find()
domains = public.M('domain').where('pid=?', (site_id['id'],)).field('name').select()
domains = [d['name'] for d in domains]
return domains
# 设置OLS ssl
def set_ols_ssl(self, get, siteName):
listen_conf = self.setupPath + '/panel/vhost/openlitespeed/listen/443.conf'
conf = public.readFile(listen_conf)
ssl_conf = """
vhssl {
keyFile /www/server/panel/vhost/cert/YP_SSL_DOMAIN/privkey.pem
certFile /www/server/panel/vhost/cert/YP_SSL_DOMAIN/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}
"""
ssl_dir = self.setupPath + '/panel/vhost/openlitespeed/detail/ssl/'
if not os.path.exists(ssl_dir):
os.makedirs(ssl_dir)
ssl_file = ssl_dir + '{}.conf'.format(siteName)
if not os.path.exists(ssl_file):
ssl_conf = ssl_conf.replace('YP_SSL_DOMAIN', siteName)
public.writeFile(ssl_file, ssl_conf, "a+")
include_ssl = '\ninclude {}'.format(ssl_file)
detail_file = self.setupPath + '/panel/vhost/openlitespeed/detail/{}.conf'.format(siteName)
public.writeFile(detail_file, include_ssl, 'a+')
if not conf:
conf = """
listener SSL443 {
map YP_OLS_NAME YP_SSL_DOMAIN
address *:443
secure 1
keyFile /www/server/panel/vhost/cert/YP_OLS_NAME/privkey.pem
certFile /www/server/panel/vhost/cert/YP_OLS_NAME/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}
"""
else:
rep = r'listener\s*SSL443\s*{'
map = '\n map {s} {s}'.format(s=siteName)
conf = re.sub(rep, 'listener SSL443 {' + map, conf)
domain = ",".join(self._get_site_domains(siteName))
conf = conf.replace('YP_OLS_NAME', siteName).replace('YP_SSL_DOMAIN', domain)
public.writeFile(listen_conf, conf)
def _get_ap_static_security(self, ap_conf):
if not ap_conf: return ''
ap_static_security = re.search('#SECURITY-START(.|\n)*#SECURITY-END', ap_conf)
if ap_static_security:
return ap_static_security.group()
return ''
def write_json_conf(self, siteName,status):
conf_path = "{path}/{site_name}/{site_name}.json".format(
path=self._proxy_config_path,
site_name=siteName
)
try:
proxy_json_conf = json.loads(public.readFile(conf_path))
proxy_json_conf['ssl_info']['ssl_status']=status
#将proxy_json_conf 写入文件
public.WriteFile
except Exception as e:
proxy_json_conf = {}
return public.return_message(0,0,proxy_json_conf)
# 添加SSL配置
def SetSSLConf(self, get):
"""
@name 兼容批量设置
@auther hezhihong
"""
siteName = get.siteName
if not 'first_domain' in get: get.first_domain = siteName
if 'isBatch' in get and siteName !=get.first_domain:get.first_domain=siteName
# Nginx配置
file = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
# Node项目
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/nginx/node_' + siteName + '.conf'
ng_file = file
conf = public.readFile(file)
# 是否为子目录设置SSL
# if hasattr(get,'binding'):
# allconf = conf;
# conf = re.search("#BINDING-"+get.binding+"-START(.|\n)*#BINDING-"+get.binding+"-END",conf).group()
if conf:
if conf.find('ssl_certificate') == -1:
sslStr = """#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/%s/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/%s/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2%s;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
""" % (get.first_domain, get.first_domain,self.get_tls13())
if (conf.find('ssl_certificate') != -1):
if 'isBatch' not in get:
public.serviceReload()
return public.return_msg_gettext(True, public.lang("SSL turned on!"))
else:
return True
conf = conf.replace('#error_page 404/404.html;', sslStr)
conf = re.sub(r"\s+\#SSL\-END","\n\t\t#SSL-END",conf)
# 添加端口
rep = r"listen.*[\s:]+(\d+).*;"
tmp = re.findall(rep, conf)
if not public.inArray(tmp, '443'):
listen_re = re.search(rep,conf)
if not listen_re:
conf = re.sub(r"server\s*{\s*","server\n{\n\t\tlisten 80;\n\t\t",conf)
listen_re = re.search(rep,conf)
listen = listen_re.group()
versionStr = public.readFile('/www/server/nginx/version.pl')
http2 = ''
if versionStr:
if versionStr.find('1.8.1') == -1 and versionStr.find('1.25') == -1 and versionStr.find('1.26') == -1: http2 = ' http2'
default_site = ''
if conf.find('default_server') != -1: default_site = ' default_server'
listen_ipv6 = ';'
if self.is_ipv6: listen_ipv6 = ";\n\t\tlisten [::]:443 ssl"+http2+default_site+";"
conf = conf.replace(listen,listen + "\n\t\tlisten 443 ssl"+http2 + default_site + listen_ipv6)
shutil.copyfile(file, self.nginx_conf_bak)
public.writeFile(file, conf)
# Apache配置
file = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
# if not os.path.exists(file): file = self.setupPath + '/panel/vhost/apache/node_' + siteName + '.conf'
is_node_apache = False
if not os.path.exists(file):
is_node_apache = True
file = self.setupPath + '/panel/vhost/apache/node_' + siteName + '.conf'
conf = public.readFile(file)
ap_static_security = self._get_ap_static_security(conf)
if conf:
ap_proxy = self.get_apache_proxy(conf)
if conf.find('SSLCertificateFile') == -1 and conf.find('VirtualHost') != -1:
find = public.M('sites').where("name=?", (siteName,)).field('id,path').find()
tmp = public.M('domain').where('pid=?', (find['id'],)).field('name').select()
domains = ''
for key in tmp:
domains += key['name'] + ' '
path = (find['path'] + '/' + self.GetRunPath(get)).replace('//', '/')
index = 'index.php index.html index.htm default.php default.html default.htm'
try:
httpdVersion = public.readFile(self.setupPath + '/apache/version.pl').strip()
except:
httpdVersion = ""
if httpdVersion == '2.2':
vName = ""
phpConfig = ""
apaOpt = "Order allow,deny\n\t\tAllow from all"
else:
vName = ""
# rep = r"php-cgi-([0-9]{2,3})\.sock"
# version = re.search(rep, conf).groups()[0]
version = public.get_php_version_conf(conf)
if len(version) < 2:
if 'isBatch' not in get:
return public.return_msg_gettext(False, public.lang("Failed to get PHP version!"))
else:
return False
phpConfig = '''
#PHP
<FilesMatch \\.php$>
SetHandler "proxy:%s"
</FilesMatch>
''' % (public.get_php_proxy(version, 'apache'),)
apaOpt = 'Require all granted'
sslStr = r'''%s<VirtualHost *:443>
ServerAdmin webmaster@example.com
DocumentRoot "%s"
ServerName SSL.%s
ServerAlias %s
#errorDocument 404 /404.html
ErrorLog "%s-error_log"
CustomLog "%s-access_log" combined
%s
#SSL
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/%s/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/%s/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
%s
%s
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "%s">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
%s
DirectoryIndex %s
</Directory>
</VirtualHost>''' % (vName, path, siteName, domains, public.GetConfigValue('logs_path') + '/' + siteName,
public.GetConfigValue('logs_path') + '/' + siteName, ap_proxy, get.first_domain, get.first_domain,
ap_static_security, phpConfig, path, apaOpt, index)
conf = conf + "\n" + sslStr
self.apacheAddPort('443')
shutil.copyfile(file, self.apache_conf_bak)
public.writeFile(file, conf)
if is_node_apache: # 兼容Nodejs项目
from projectModel.nodejsModel import main
m = main()
project_find = m.get_project_find(siteName)
m.set_apache_config(project_find)
# OLS
self.set_ols_ssl(get, siteName)
isError = public.checkWebConfig()
if (isError != True):
if os.path.exists(self.nginx_conf_bak): shutil.copyfile(self.nginx_conf_bak, ng_file)
if os.path.exists(self.apache_conf_bak): shutil.copyfile(self.apache_conf_bak, file)
public.ExecShell("rm -f /tmp/backup_*.conf")
if 'isBatch' not in get:
return public.return_msg_gettext(False,
public.lang("Certificate ERROR, please check!") + ': <br><a style="color:red;">' + isError.replace(
"\n", '<br>') + '</a>')
else:
return False
sql = public.M('firewall')
import firewalls
get.port = '443'
get.ps = 'HTTPS'
if not public.M('firewall').where('port=?', ('443',)).count():
firewalls.firewalls().AddAcceptPort(get)
public.serviceReload()
if 'isBatch' not in get:firewalls.firewalls().AddAcceptPort(get)
if 'isBatch' not in get:public.serviceReload()
self.save_cert(get)
public.write_log_gettext('Site manager', 'Site [{}] turned on SSL successfully!', (siteName,))
result = public.return_msg_gettext(True, 'SSL turned on!')
result['csr'] = public.readFile('/www/server/panel/vhost/cert/' + get.siteName + '/fullchain.pem')
result['key'] = public.readFile('/www/server/panel/vhost/cert/' + get.siteName + '/privkey.pem')
if 'isBatch' not in get:return result
else:return True
def save_cert(self, get):
# try:
import panelSSL
ss = panelSSL.panelSSL()
get.keyPath = '/www/server/panel/vhost/cert/' + get.siteName + '/privkey.pem'
get.certPath = '/www/server/panel/vhost/cert/' + get.siteName + '/fullchain.pem'
return ss.SaveCert(get)
return True
# except:
# return False;
# HttpToHttps
def HttpToHttps(self, get):
siteName = get.siteName
#Nginx配置
file = self.setupPath + '/panel/vhost/nginx/'+siteName+'.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/nginx/node_'+siteName+'.conf'
conf = public.readFile(file)
if conf:
if conf.find('ssl_certificate') == -1: return public.return_msg_gettext(False, public.lang("SSL is NOT currently enabled"))
to = """#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END"""
conf = conf.replace('#error_page 404/404.html;',to)
public.writeFile(file,conf)
file = self.setupPath + '/panel/vhost/apache/'+siteName+'.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/apache/node_'+siteName+'.conf'
conf = public.readFile(file)
if conf:
httpTohttos = '''combined
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END'''
conf = re.sub('combined', httpTohttos, conf, 1)
public.writeFile(file, conf)
# OLS
conf_dir = '{}/panel/vhost/openlitespeed/redirect/{}/'.format(self.setupPath, siteName)
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
file = conf_dir + 'force_https.conf'
ols_force_https = '''
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END'''
public.writeFile(file, ols_force_https)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# CloseToHttps
def CloseToHttps(self, get):
siteName = get.siteName
file = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/nginx/node_'+siteName+'.conf'
conf = public.readFile(file)
if conf:
rep = "\n\\s*#HTTP_TO_HTTPS_START(.|\n){1,300}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
rep = "\\s+if.+server_port.+\n.+\n\\s+\\s*}"
conf = re.sub(rep, '', conf)
public.writeFile(file, conf)
file = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
conf = public.readFile(file)
if conf:
rep = "\n\\s*#HTTP_TO_HTTPS_START(.|\n){1,300}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
public.writeFile(file, conf)
# OLS
file = '{}/panel/vhost/openlitespeed/redirect/{}/force_https.conf'.format(self.setupPath, siteName)
public.ExecShell('rm -f {}*'.format(file))
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 是否跳转到https
def IsToHttps(self, siteName):
file = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/nginx/node_'+siteName+'.conf'
if not os.path.exists(file): return False
conf = public.readFile(file)
if conf:
if conf.find('HTTP_TO_HTTPS_START') != -1: return True
if conf.find('$server_port !~ 443') != -1: return True
return False
# 清理SSL配置
def CloseSSLConf(self, get):
siteName = get.siteName
file = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/nginx/node_' + siteName + '.conf'
conf = public.readFile(file)
if conf:
rep = "\n\\s*#HTTP_TO_HTTPS_START(.|\n){1,300}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
rep = r"\s+ssl_certificate\s+.+;\s+ssl_certificate_key\s+.+;"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_protocols\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_ciphers\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_prefer_server_ciphers\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_session_cache\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_session_timeout\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_ecdh_curve\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_session_tickets\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_stapling\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+ssl_stapling_verify\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+add_header\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\\s+add_header\\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = r"\s+ssl\s+on;"
conf = re.sub(rep, '', conf)
rep = r"\s+error_page\s497.+;"
conf = re.sub(rep, '', conf)
rep = "\\s+if.+server_port.+\n.+\n\\s+\\s*}"
conf = re.sub(rep, '', conf)
rep = r"\s+listen\s+443.*;"
conf = re.sub(rep, '', conf)
rep = r"\s+listen\s+\[::\]:443.*;"
conf = re.sub(rep, '', conf)
public.writeFile(file, conf)
file = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if not os.path.exists(file):
file = self.setupPath + '/panel/vhost/apache/node_' + siteName + '.conf'
conf = public.readFile(file)
if conf:
rep = "\n<VirtualHost \\*\\:443>(.|\n)*<\\/VirtualHost>"
conf = re.sub(rep, '', conf)
rep = "\n\\s*#HTTP_TO_HTTPS_START(.|\n){1,250}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
rep = "NameVirtualHost *:443\n"
conf = conf.replace(rep, '')
public.writeFile(file, conf)
# OLS
ssl_file = self.setupPath + '/panel/vhost/openlitespeed/detail/ssl/{}.conf'.format(siteName)
detail_file = self.setupPath + '/panel/vhost/openlitespeed/detail/' + siteName + '.conf'
force_https = self.setupPath + '/panel/vhost/openlitespeed/redirect/' + siteName
string = 'rm -f {}/force_https.conf*'.format(force_https)
public.ExecShell(string)
detail_conf = public.readFile(detail_file)
if detail_conf:
detail_conf = detail_conf.replace('\ninclude ' + ssl_file, '')
public.writeFile(detail_file, detail_conf)
public.ExecShell('rm -f {}*'.format(ssl_file))
self._del_ols_443_domain(siteName)
partnerOrderId = '/www/server/panel/vhost/cert/' + siteName + '/partnerOrderId'
if os.path.exists(partnerOrderId): public.ExecShell('rm -f ' + partnerOrderId)
p_file = '/etc/letsencrypt/live/' + siteName + '/partnerOrderId'
if os.path.exists(p_file): public.ExecShell('rm -f ' + p_file)
public.write_log_gettext('Site manager', 'Site [{}] turned off SSL successfully!', (siteName,))
public.serviceReload()
return public.return_msg_gettext(True, public.lang("SSL turned off!"))
def _del_ols_443_domain(self, sitename):
file = "/www/server/panel/vhost/openlitespeed/listen/443.conf"
conf = public.readFile(file)
if conf:
rep = '\n\\s*map\\s*{}.*'.format(sitename)
conf = re.sub(rep, '', conf)
if not "map " in conf:
public.ExecShell('rm -f {}*'.format(file))
return
public.writeFile(file, conf)
# 取SSL状态
def GetSSL(self, get):
siteName = get.siteName
path = os.path.join('/www/server/panel/vhost/cert/', siteName)
if not os.path.isfile(os.path.join(path, "fullchain.pem")) and not os.path.isfile(
os.path.join(path, "privkey.pem")):
path = os.path.join('/etc/letsencrypt/live/', siteName)
type = 0
if os.path.exists(path + '/README'): type = 1
if os.path.exists(path + '/partnerOrderId'): type = 2
if os.path.exists(path + '/certOrderId'): type = 3
csrpath = path + "/fullchain.pem" # 生成证书路径
keypath = path + "/privkey.pem" # 密钥文件路径
key = public.readFile(keypath)
csr = public.readFile(csrpath)
file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/' + siteName + '.conf'
# 是否为node项目
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/node_' + siteName + '.conf'
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/java_' + siteName + '.conf'
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/go_' + siteName + '.conf'
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/other_' + siteName + '.conf'
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/python_' + siteName + '.conf'
if not os.path.exists(file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/net_' + siteName + '.conf'
if not os.path.exists(
file): file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/html_' + siteName + '.conf'
if public.get_webserver() == "openlitespeed":
file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/detail/' + siteName + '.conf'
conf = public.readFile(file)
if not conf: return public.return_msg_gettext(False, public.lang("The specified website profile does not exist"))
if public.get_webserver() == 'nginx':
keyText = 'ssl_certificate'
elif public.get_webserver() == 'apache':
keyText = 'SSLCertificateFile'
else:
keyText = 'openlitespeed/detail/ssl'
status = True
if (conf.find(keyText) == -1):
status = False
type = -1
toHttps = self.IsToHttps(siteName)
id = public.M('sites').where("name=?", (siteName,)).getField('id')
domains = public.M('domain').where("pid=?", (id,)).field('name').select()
cert_data = {}
if csr:
get.certPath = csrpath
import panelSSL
cert_data = panelSSL.panelSSL().GetCertName(get)
if not cert_data:
cert_data = {
'certificate':0
}
if os.path.isfile(csrpath) and os.path.isfile(keypath):
if key and csr:
cert_hash = SSLManger().ssl_hash(certificate=csr, ignore_errors=True)
if cert_hash is None:
cert_data["id"], cert_data["ps"] = 0, ''
else:
cert_data["id"], cert_data["ps"] = SSLManger().get_cert_info_by_hash(cert_hash)
# 调用save_by_file方法保存证书信息
if cert_data["id"] == -1:
try:
save_result = SSLManger().save_by_file(csrpath, keypath)
cert_data["id"], cert_data["ps"] = SSLManger().get_cert_info_by_hash(cert_hash)
except:
cert_data["id"], cert_data["ps"] = 0, ''
email = public.M('users').where('id=?', (1,)).getField('email')
if email == '287962566@qq.com': email = ''
index = ''
auth_type = 'http'
if status == True:
if type != 1:
import acme_v2
acme = acme_v2.acme_v2()
index = acme.check_order_exists(csrpath)
if index:
if index.find('/') == -1:
auth_type = acme._config['orders'][index]['auth_type']
type = 1
else:
crontab_file = 'vhost/cert/crontab.json'
tmp = public.readFile(crontab_file)
if tmp:
crontab_config = json.loads(tmp)
if siteName in crontab_config:
if 'dnsapi' in crontab_config[siteName]:
auth_type = 'dns'
if os.path.exists(path + '/certOrderId'): type = 3
oid = -1
if type == 3:
oid = int(public.readFile(path + '/certOrderId'))
return {
'status': status, 'oid': oid, 'domain': domains, 'key': key, 'csr': csr, 'type': type,
'httpTohttps': toHttps, 'cert_data': cert_data, 'email': email, "index": index,
'auth_type': auth_type, 'tls_versions': self.get_ssl_protocol(get),
'push': self.get_ssl_push_status(None, siteName, 'ssl', status)
}
def get_ssl_push_status(self, get, siteName=None, stype=None, ssl_status=None):
if get:
siteName = get.siteName
result = {'status': False}
selected_data = {
'task_data': {},
'title': "",
'sender': "",
'status': bool(0),
'id': ""
}
task = {}
try:
try:
data = json.loads(public.readFile('{}/data/mod_push_data/task.json'.format(public.get_panel_path())))
except:
return result
for i in data:
if i['source'] == 'site_ssl':
task_data = i.get('task_data', {})
project = task_data.get('project')
if project == siteName:
task = i
break
if project == "all":
task = i
except Exception as e:
return result
if task.get('id'):
selected_data = {
'task_data': task.get('task_data', {}),
'title': task.get('title', ''),
'sender': task.get('sender', []),
'status': task.get('status'),
'id': task.get('id', "")
}
return selected_data
def get_site_push_status(self, get, siteName=None, stype=None):
"""
@获取网站ssl告警通知状态
@param get:
@param siteName 网站名称
@param stype 类型 ssl
"""
import panelPush
if get:
siteName = get.siteName
stype = get.stype
result = {}
result['status'] = False
try:
data = {}
try:
data = json.loads(public.readFile('{}/class/push/push.json'.format(public.get_panel_path())))
except:
pass
if not 'site_push' in data:
return result
ssl_data = data['site_push']
for key in ssl_data.keys():
if ssl_data[key]['type'] != stype:
continue
project = ssl_data[key]['project']
if project in [siteName, 'all']:
ssl_data[key]['id'] = key
ssl_data[key]['s_module'] = 'site_push'
if project == siteName:
result = ssl_data[key]
break
if project == 'all':
result = ssl_data[key]
except:
pass
p_obj = panelPush.panelPush()
return p_obj.get_push_user(result)
def set_site_status_multiple(self,get):
'''
@name 批量设置网站状态
@author zhwen<2020-11-17>
@param sites_id "1,2"
@param status 0/1
'''
sites_id = get.sites_id.split(',')
sites_name = []
errors = {}
day_time = time.time()
for site_id in sites_id:
get.id = site_id
find = public.M('sites').where("id=?", (site_id,)).find()
get.name = find['name']
if get.status == '1':
if find['edate'] != '0000-00-00' and public.to_date("%Y-%m-%d",find['edate']) < day_time:
errors[get.name] = "failed, site has expired"
continue
sites_name.append(get.name)
if get.status == '1':
self.SiteStart(get, multiple=1)
else:
self.SiteStop(get, multiple=1)
public.serviceReload()
if get.status == '1':
return {'status': True, 'msg': public.get_msg_gettext('Enable website [{}] successfully', (','.join(sites_name),)),
'error': {}, 'success': sites_name}
else:
return {'status': True, 'msg': public.get_msg_gettext('Disable website [{}] successfully', (','.join(sites_name),)),
'error': {}, 'success': sites_name}
# 启动站点
def SiteStart(self, get, multiple=None):
id = get.id
Path = self.setupPath + '/stop'
sitePath = public.M('sites').where("id=?", (id,)).getField('path')
# nginx
file = self.setupPath + '/panel/vhost/nginx/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
conf = conf.replace(Path, sitePath)
conf = conf.replace("#include", "include")
public.writeFile(file, conf)
# apache
file = self.setupPath + '/panel/vhost/apache/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
conf = conf.replace(Path, sitePath)
conf = conf.replace("#IncludeOptional", "IncludeOptional")
public.writeFile(file, conf)
# OLS
file = self.setupPath + '/panel/vhost/openlitespeed/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
rep = r'vhRoot\s*{}'.format(Path)
new_content = 'vhRoot {}'.format(sitePath)
conf = re.sub(rep, new_content, conf)
public.writeFile(file, conf)
public.M('sites').where("id=?", (id,)).setField('status', '1')
if not multiple:
public.serviceReload()
public.write_log_gettext('Site manager', 'Site [{}] started!', (get.name,))
return public.return_msg_gettext(True, public.lang("Site started"))
def _process_has_run_dir(self, website_name, website_path, stop_path):
'''
@name 当网站存在允许目录时停止网站需要做处理
@author zhwen<2020-11-17>
@param site_id 1
@param names test,baohu
'''
conf = public.readFile(self.setupPath + '/panel/vhost/nginx/' + website_name + '.conf')
if not conf:
return False
try:
really_path = re.search(r'root\s+(.*);', conf).group(1)
tmp = stop_path + '/' + really_path.replace(website_path + '/', '')
public.ExecShell('mkdir {t} && ln -s {s}/index.html {t}/index.html'.format(t=tmp, s=stop_path))
except:
pass
# 停止站点
def SiteStop(self, get, multiple=None):
path = self.setupPath + '/stop'
id = get.id
site_status = public.M('sites').where("id=?", (id,)).getField('status')
if str(site_status) != '1':
return public.returnMsg(True, public.lang("Site stopped"))
if not os.path.exists(path):
os.makedirs(path)
public.downloadFile('https://node.yakpanel.com/stop_en.html', path + '/index.html')
# if 'This site has been closed by administrator' not in public.readFile(path + '/index.html'):
# public.downloadFile('https://www.yakpanel.com/stop_en.html', path + '/index.html')
binding = public.M('binding').where('pid=?', (id,)).field('id,pid,domain,path,port,addtime').select()
for b in binding:
bpath = path + '/' + b['path']
if not os.path.exists(bpath):
public.ExecShell('mkdir -p ' + bpath)
public.ExecShell('ln -sf ' + path + '/index.html ' + bpath + '/index.html')
sitePath = public.M('sites').where("id=?", (id,)).getField('path')
self._process_has_run_dir(get.name, sitePath, path)
# nginx
file = self.setupPath + '/panel/vhost/nginx/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
src_path = 'root ' + sitePath
dst_path = 'root ' + path
if conf.find(src_path) != -1:
conf = conf.replace(src_path, dst_path)
else:
conf = conf.replace(sitePath, path)
conf = conf.replace("include", "#include")
public.writeFile(file, conf)
# apache
file = self.setupPath + '/panel/vhost/apache/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
conf = conf.replace(sitePath, path)
conf = conf.replace("IncludeOptional", "#IncludeOptional")
public.writeFile(file, conf)
# OLS
file = self.setupPath + '/panel/vhost/openlitespeed/' + get.name + '.conf'
conf = public.readFile(file)
if conf:
rep = r'vhRoot\s*{}'.format(sitePath)
new_content = 'vhRoot {}'.format(path)
conf = re.sub(rep, new_content, conf)
public.writeFile(file, conf)
public.M('sites').where("id=?", (id,)).setField('status', '0')
if not multiple:
public.serviceReload()
public.write_log_gettext('Site manager', 'Site [{}] stopped!', (get.name,))
return public.return_msg_gettext(True, public.lang("Site stopped"))
# 取流量限制值
def GetLimitNet(self, get):
id = get.id
# 取回配置文件
siteName = public.M('sites').where("id=?", (id,)).getField('name')
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
# 站点总并发
data = {}
conf = public.readFile(filename)
try:
rep = r"\s+limit_conn\s+perserver\s+([0-9]+);"
tmp = re.search(rep, conf).groups()
data['perserver'] = int(tmp[0])
# IP并发限制
rep = r"\s+limit_conn\s+perip\s+([0-9]+);"
tmp = re.search(rep, conf).groups()
data['perip'] = int(tmp[0])
# 请求并发限制
rep = r"\s+limit_rate\s+([0-9]+)\w+;"
tmp = re.search(rep, conf).groups()
data['limit_rate'] = int(tmp[0])
except:
data['perserver'] = 0
data['perip'] = 0
data['limit_rate'] = 0
return data
# 设置流量限制
def SetLimitNet(self, get):
if (public.get_webserver() != 'nginx'): return public.return_msg_gettext(False, public.lang("Site Traffic Control only supports Nginx Web Server!"))
id = get.id
if int(get.perserver) < 1 or int(get.perip) < 1 or int(get.perip) < 1:
return public.return_msg_gettext(False, public.lang("Concurrency restrictions, IP restrictions, traffic restrictions must be greater than 0"))
perserver = 'limit_conn perserver ' + get.perserver + ';'
perip = 'limit_conn perip ' + get.perip + ';'
limit_rate = 'limit_rate ' + get.limit_rate + 'k;'
# 取回配置文件
siteName = public.M('sites').where("id=?", (id,)).getField('name')
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
conf = public.readFile(filename)
# 设置共享内存
oldLimit = self.setupPath + '/panel/vhost/nginx/limit.conf'
if (os.path.exists(oldLimit)): os.remove(oldLimit)
limit = self.setupPath + '/nginx/conf/nginx.conf'
nginxConf = public.readFile(limit)
limitConf = "limit_conn_zone $binary_remote_addr zone=perip:10m;\n\t\tlimit_conn_zone $server_name zone=perserver:10m;"
nginxConf = nginxConf.replace("#limit_conn_zone $binary_remote_addr zone=perip:10m;", limitConf)
public.writeFile(limit, nginxConf)
if (conf.find('limit_conn perserver') != -1):
# 替换总并发
rep = r"limit_conn\s+perserver\s+([0-9]+);"
conf = re.sub(rep, perserver, conf)
# 替换IP并发限制
rep = r"limit_conn\s+perip\s+([0-9]+);"
conf = re.sub(rep, perip, conf)
# 替换请求流量限制
rep = r"limit_rate\s+([0-9]+)\w+;"
conf = re.sub(rep, limit_rate, conf)
else:
conf = conf.replace('#error_page 404/404.html;',
"#error_page 404/404.html;\n " + perserver + "\n " + perip + "\n " + limit_rate)
import shutil
shutil.copyfile(filename, self.nginx_conf_bak)
public.writeFile(filename, conf)
isError = public.checkWebConfig()
if (isError != True):
if os.path.exists(self.nginx_conf_bak): shutil.copyfile(self.nginx_conf_bak, filename)
return public.return_msg_gettext(False, public.lang('ERROR: <br><a style="color:red;">' + isError.replace("\n", '<br>') + '</a>'))
public.serviceReload()
public.write_log_gettext('Site manager', 'Site [{}] traffic control turned on!', (siteName,))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 关闭流量限制
def CloseLimitNet(self, get):
id = get.id
# 取回配置文件
siteName = public.M('sites').where("id=?", (id,)).getField('name')
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
conf = public.readFile(filename)
# 清理总并发
rep = r"\s+limit_conn\s+perserver\s+([0-9]+);"
conf = re.sub(rep, '', conf)
# 清理IP并发限制
rep = r"\s+limit_conn\s+perip\s+([0-9]+);"
conf = re.sub(rep, '', conf)
# 清理请求流量限制
rep = r"\s+limit_rate\s+([0-9]+)\w+;"
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
public.serviceReload()
public.write_log_gettext('Site manager', 'Site Traffic Control has been turned off!', (siteName,))
return public.return_msg_gettext(True, public.lang("Site Traffic Control has been turned off!"))
# 取301配置状态
def Get301Status(self, get):
siteName = get.siteName
result = {}
domains = ''
id = public.M('sites').where("name=?", (siteName,)).getField('id')
tmp = public.M('domain').where("pid=?", (id,)).field('name').select()
node = public.M('sites').where('id=? and project_type=?', (id, 'Node')).count()
if node:
node = 'node_'
else:
node = ''
for key in tmp:
domains += key['name'] + ','
try:
if (public.get_webserver() == 'nginx'):
conf = public.readFile(self.setupPath + '/panel/vhost/nginx/' + node + siteName + '.conf')
if conf.find('301-START') == -1:
result['domain'] = domains[:-1]
result['src'] = ""
result['status'] = False
result['url'] = "http://"
return result
rep = r"return\s+301\s+((http|https)\://.+);"
arr = re.search(rep, conf).groups()[0]
rep = r"'\^(([\w-]+\.)+[\w-]+)'"
tmp = re.search(rep, conf)
src = ''
if tmp: src = tmp.groups()[0]
elif public.get_webserver() == 'apache':
conf = public.readFile(self.setupPath + '/panel/vhost/apache/' + node + siteName + '.conf')
if conf.find('301-START') == -1:
result['domain'] = domains[:-1]
result['src'] = ""
result['status'] = False
result['url'] = "http://"
return result
rep = r"RewriteRule\s+.+\s+((http|https)\://.+)\s+\["
arr = re.search(rep, conf).groups()[0]
rep = r"\^((\w+\.)+\w+)\s+\[NC"
tmp = re.search(rep, conf)
src = ''
if tmp: src = tmp.groups()[0]
else:
conf = public.readFile(
self.setupPath + '/panel/vhost/openlitespeed/redirect/{s}/{s}.conf'.format(s=siteName))
if not conf:
result['domain'] = domains[:-1]
result['src'] = ""
result['status'] = False
result['url'] = "http://"
return result
rep = r"RewriteRule\s+.+\s+((http|https)\://.+)\s+\["
arr = re.search(rep, conf).groups()[0]
rep = r"\^((\w+\.)+\w+)\s+\[NC"
tmp = re.search(rep, conf)
src = ''
if tmp: src = tmp.groups()[0]
except:
src = ''
arr = 'http://'
result['domain'] = domains[:-1]
result['src'] = src.replace("'", '')
result['status'] = True
if (len(arr) < 3): result['status'] = False
result['url'] = arr
return result
# 设置301配置
def Set301Status(self, get):
siteName = get.siteName
srcDomain = get.srcDomain
toDomain = get.toDomain
type = get.type
rep = r"(http|https)\://.+"
if not re.match(rep, toDomain): return public.return_msg_gettext(False, public.lang("URL address is invalid!"))
# nginx
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
mconf = public.readFile(filename)
if mconf == False: return public.return_msg_gettext(False, public.lang("Configuration file not exist"))
if (srcDomain == 'all'):
conf301 = "\t#301-START\n\t\treturn 301 " + toDomain + "$request_uri;\n\t#301-END"
else:
conf301 = "\t#301-START\n\t\tif ($host ~ '^" + srcDomain + "'){\n\t\t\treturn 301 " + toDomain + "$request_uri;\n\t\t}\n\t#301-END"
if type == '1':
mconf = mconf.replace("#error_page 404/404.html;", "#error_page 404/404.html;\n" + conf301)
else:
rep = "\\s+#301-START(.|\n){1,300}#301-END"
mconf = re.sub(rep, '', mconf)
public.writeFile(filename, mconf)
# apache
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
mconf = public.readFile(filename)
if mconf == False: return public.return_msg_gettext(False, public.lang("Configuration file not exist"))
if type == '1':
if (srcDomain == 'all'):
conf301 = "\n\t#301-START\n\t<IfModule mod_rewrite.c>\n\t\tRewriteEngine on\n\t\tRewriteRule ^(.*)$ " + toDomain + "$1 [L,R=301]\n\t</IfModule>\n\t#301-END\n"
else:
conf301 = "\n\t#301-START\n\t<IfModule mod_rewrite.c>\n\t\tRewriteEngine on\n\t\tRewriteCond %{HTTP_HOST} ^" + srcDomain + " [NC]\n\t\tRewriteRule ^(.*) " + toDomain + "$1 [L,R=301]\n\t</IfModule>\n\t#301-END\n"
rep = "combined"
mconf = mconf.replace(rep, rep + "\n\t" + conf301)
else:
rep = "\n\\s+#301-START(.|\n){1,300}#301-END\n*"
mconf = re.sub(rep, '\n\n', mconf, 1)
mconf = re.sub(rep, '\n\n', mconf, 1)
public.writeFile(filename, mconf)
# OLS
conf_dir = self.setupPath + '/panel/vhost/openlitespeed/redirect/{}/'.format(siteName)
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
file = conf_dir + siteName + '.conf'
if type == '1':
if (srcDomain == 'all'):
conf301 = "#301-START\nRewriteEngine on\nRewriteRule ^(.*)$ " + toDomain + "$1 [L,R=301]#301-END\n"
else:
conf301 = "#301-START\nRewriteEngine on\nRewriteCond %{HTTP_HOST} ^" + srcDomain + " [NC]\nRewriteRule ^(.*) " + toDomain + "$1 [L,R=301]\n#301-END\n"
public.writeFile(file, conf301)
else:
public.ExecShell('rm -f {}*'.format(file))
isError = public.checkWebConfig()
if (isError != True):
return public.return_msg_gettext(False, public.lang('ERROR: <br><a style="color:red;">' + isError.replace("\n", '<br>') + '</a>'))
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 取子目录绑定
def GetDirBinding(self, get):
path = public.M('sites').where('id=?', (get.id,)).getField('path')
if not os.path.exists(path):
checks = ['/', '/usr', '/etc']
if path in checks:
data = {}
data['dirs'] = []
data['binding'] = []
return data
public.ExecShell('mkdir -p ' + path)
public.ExecShell('chmod 755 ' + path)
public.ExecShell('chown www:www ' + path)
get.path = path
self.SetDirUserINI(get)
siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
public.write_log_gettext('Site manager', "Site [{}], document root [{}] does NOT exist, recreated!", (siteName, path))
dirnames = []
# 取运行目录
run_path = self.GetRunPath(get)
if run_path: path += run_path
# 遍历目录
if os.path.exists(path):
for filename in os.listdir(path):
try:
json.dumps(filename)
if sys.version_info[0] == 2:
filename = filename.encode('utf-8')
else:
filename.encode('utf-8')
filePath = path + '/' + filename
if os.path.islink(filePath): continue
if os.path.isdir(filePath):
dirnames.append(filename)
except:
pass
data = {}
data['run_path'] = run_path # 运行目录
data['dirs'] = dirnames
data['binding'] = public.M('binding').where('pid=?',(get.id,)).field('id,pid,domain,path,port,addtime').select()
# 标记子目录是否存在
for dname in data['binding']:
_path = os.path.join(path,dname['path'])
if not os.path.exists(_path):
_path = _path.replace(run_path,'')
if not os.path.exists(_path):
dname['path'] += '<a style="color:red;"> >> error: directory does not exist</a>'
else:
dname['path'] = '../' + dname['path']
return data
# 添加子目录绑定
def AddDirBinding(self, get):
import shutil
id = get.id
tmp = get.domain.split(':')
domain = tmp[0].lower()
# 中文域名转码
domain = public.en_punycode(domain)
port = '80'
version = ''
if len(tmp) > 1: port = tmp[1]
if not hasattr(get, 'dirName'): public.return_msg_gettext(False, 'Directory cannot be empty!')
dirName = get.dirName
reg = r"^([\w\-\*]{1,100}\.){1,4}([\w\-]{1,100}|[\w\-]{1,100}\.[\w\-]{1,100})$"
if not re.match(reg, domain): return public.return_msg_gettext(False, public.lang("Format of primary domain is incorrect"))
siteInfo = public.M('sites').where("id=?",(id,)).field('id,path,name').find()
# 实际运行目录
root_path = siteInfo['path']
run_path = self.GetRunPath(get)
if run_path: root_path += run_path
webdir = root_path + '/' + dirName
webdir = webdir.replace('//','/').strip()
if not os.path.exists(webdir): # 如果在运行目录找不到指定子目录,尝试到根目录查找
root_path = siteInfo['path']
webdir = root_path + '/' + dirName
webdir = webdir.replace('//','/').strip()
sql = public.M('binding')
if sql.where("domain=?", (domain,)).count() > 0: return public.return_msg_gettext(False, public.lang("The domain you tried to add already exists!"))
if public.M('domain').where("name=?", (domain,)).count() > 0: return public.return_msg_gettext(False, public.lang("The domain you tried to add already exists!"))
filename = self.setupPath + '/panel/vhost/nginx/' + siteInfo['name'] + '.conf'
nginx_conf_file = filename
conf = public.readFile(filename)
if conf:
listen_ipv6 = ''
if self.is_ipv6: listen_ipv6 = "\n listen [::]:%s;" % port
try:
rep = r"enable-php-(\w{2,5})\.conf"
tmp = re.search(rep,conf)
if not tmp:
rep = r"enable-php-(\d+-wpfastcgi).conf"
tmp = re.search(rep, conf)
except:
return public.returnMsg(False, public.lang("Get enable php config failed!"))
tmp = tmp.groups()
version = tmp[0]
bindingConf = r'''
#BINDING-%s-START
server
{
listen %s;%s
server_name %s;
index index.php index.html index.htm default.php default.htm default.html;
root %s;
include enable-php-%s.conf;
include %s/panel/vhost/rewrite/%s.conf;
%s
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
%s
location ~ \.well-known{
allow all;
}
location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log %s.log;
error_log %s.error.log;
}
#BINDING-%s-END''' % (domain, port, listen_ipv6, domain, webdir, version, self.setupPath, siteInfo['name'],
("# Forbidden files or directories"), ("# Directory verification related settings for one-click application for SSL certificate"),
public.GetConfigValue('logs_path') + '/' + siteInfo['name'],
public.GetConfigValue('logs_path') + '/' + siteInfo['name'], domain)
conf += bindingConf
shutil.copyfile(filename, self.nginx_conf_bak)
public.writeFile(filename, conf)
filename = self.setupPath + '/panel/vhost/apache/' + siteInfo['name'] + '.conf'
conf = public.readFile(filename)
if conf:
try:
try:
httpdVersion = public.readFile(self.setupPath + '/apache/version.pl').strip()
except:
httpdVersion = ""
if httpdVersion == '2.2':
phpConfig = ""
apaOpt = "Order allow,deny\n\t\tAllow from all"
else:
# rep = r"php-cgi-([0-9]{2,3})\.sock"
# tmp = re.search(rep,conf).groups()
# version = tmp[0]
version = public.get_php_version_conf(conf)
phpConfig = '''
#PHP
<FilesMatch \\.php>
SetHandler "proxy:%s"
</FilesMatch>
''' % (public.get_php_proxy(version, 'apache'),)
apaOpt = 'Require all granted'
bindingConf = r'''
#BINDING-%s-START
<VirtualHost *:%s>
ServerAdmin webmaster@example.com
DocumentRoot "%s"
ServerAlias %s
#errorDocument 404 /404.html
ErrorLog "%s-error_log"
CustomLog "%s-access_log" combined
%s
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "%s">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
%s
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
#BINDING-%s-END''' % (domain, port, webdir, domain, public.GetConfigValue('logs_path') + '/' + siteInfo['name'],
public.GetConfigValue('logs_path') + '/' + siteInfo['name'], phpConfig, webdir, apaOpt, domain)
conf += bindingConf
shutil.copyfile(filename, self.apache_conf_bak)
public.writeFile(filename, conf)
except:
pass
get.webname = siteInfo['name']
get.port = port
self.phpVersion = version
self.siteName = siteInfo['name']
self.sitePath = webdir
listen_file = self.setupPath + "/panel/vhost/openlitespeed/listen/80.conf"
listen_conf = public.readFile(listen_file)
if listen_conf:
rep = r'secure\s*0'
map = '\tmap {}_{} {}'.format(siteInfo['name'], dirName, domain)
listen_conf = re.sub(rep, 'secure 0\n' + map, listen_conf)
public.writeFile(listen_file, listen_conf)
self.openlitespeed_add_site(get)
# 检查配置是否有误
isError = public.checkWebConfig()
if isError != True:
if os.path.exists(self.nginx_conf_bak): shutil.copyfile(self.nginx_conf_bak, nginx_conf_file)
if os.path.exists(self.apache_conf_bak): shutil.copyfile(self.apache_conf_bak, filename)
return public.return_msg_gettext(False, public.lang('ERROR: <br><a style="color:red;">' + isError.replace("\n", '<br>') + '</a>'))
public.M('binding').add('pid,domain,port,path,addtime', (id, domain, port, dirName, public.getDate()))
public.serviceReload()
public.write_log_gettext('Site manager', 'Site [{}] subdirectory [{}] bound to [{}]', (siteInfo['name'], dirName, domain))
return public.return_msg_gettext(True, public.lang("Successfully added"))
def delete_dir_bind_multiple(self, get):
'''
@name 批量删除网站
@author zhwen<2020-11-17>
@param bind_ids 1,2,3
'''
bind_ids = get.bind_ids.split(',')
del_successfully = []
del_failed = {}
for bind_id in bind_ids:
get.id = bind_id
domain = public.M('binding').where("id=?", (get.id,)).getField('domain')
if not domain:
continue
try:
self.DelDirBinding(get, multiple=1)
del_successfully.append(domain)
except:
del_failed[domain] = public.lang("There was an error deleting, please try again.")
pass
public.serviceReload()
return {'status': True, 'msg': public.get_msg_gettext('Delete [{}] subdirectory binding successfully', (','.join(del_successfully),)),
'error': del_failed,
'success': del_successfully}
# 删除子目录绑定
def DelDirBinding(self, get, multiple=None):
id = get.id
binding = public.M('binding').where("id=?", (id,)).field('id,pid,domain,path').find()
siteName = public.M('sites').where("id=?", (binding['pid'],)).getField('name')
# nginx
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
conf = public.readFile(filename)
if conf:
rep = r"\s*.+BINDING-" + binding['domain'] + "-START(.|\n)+BINDING-" + binding['domain'] + "-END"
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
# apache
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
conf = public.readFile(filename)
if conf:
rep = r"\s*.+BINDING-" + binding['domain'] + "-START(.|\n)+BINDING-" + binding['domain'] + "-END"
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
# openlitespeed
filename = self.setupPath + '/panel/vhost/openlitespeed/' + siteName + '.conf'
conf = public.readFile(filename)
rep = "#SUBDIR\\s*{s}_{d}\\s*START(\n|.)+#SUBDIR\\s*{s}_{d}\\s*END".format(s=siteName, d=binding['path'])
if conf:
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
# 删除域名,前端需要传域名
get.webname = siteName
get.domain = binding['domain']
self._del_ols_domain(get)
# 清理子域名监听文件
listen_file = self.setupPath + "/panel/vhost/openlitespeed/listen/80.conf"
listen_conf = public.readFile(listen_file)
if listen_conf:
map_reg = r'\s*map\s*{}_{}.*'.format(siteName, binding['path'])
listen_conf = re.sub(map_reg, '', listen_conf)
public.writeFile(listen_file, listen_conf)
# 清理detail文件
detail_file = "{}/panel/vhost/openlitespeed/detail/{}_{}.conf".format(self.setupPath, siteName, binding['path'])
public.ExecShell("rm -f {}*".format(detail_file))
# 从数据库删除绑定
public.M('binding').where("id=?",(id,)).delete()
# 如果没有其它域名绑定同一子目录,则删除该子目录的伪静态规则
if not public.M('binding').where("path=? AND pid=?",(binding['path'],binding['pid'])).count():
filename = self.setupPath + '/panel/vhost/rewrite/' + siteName + '_' + binding['path'] + '.conf'
if os.path.exists(filename): public.ExecShell('rm -rf %s'%filename)
# 是否需要重载服务
if not multiple:
public.serviceReload()
public.write_log_gettext('Site manager', 'Deleted site [{}] subdirectory [{}] binding', (siteName, binding['path']))
return public.return_msg_gettext(True, public.lang("Successfully deleted"))
# 取子目录Rewrite
def GetDirRewrite(self, get):
id = get.id
find = public.M('binding').where("id=?", (id,)).field('id,pid,domain,path').find()
site = public.M('sites').where("id=?", (find['pid'],)).field('id,name,path').find()
if (public.get_webserver() != 'nginx'):
filename = site['path'] + '/' + find['path'] + '/.htaccess'
else:
filename = self.setupPath + '/panel/vhost/rewrite/' + site['name'] + '_' + find['path'] + '.conf'
if hasattr(get, 'add'):
public.writeFile(filename, '')
if public.get_webserver() == 'nginx':
file = self.setupPath + '/panel/vhost/nginx/' + site['name'] + '.conf'
conf = public.readFile(file)
domain = find['domain']
rep = "\n#BINDING-" + domain + "-START(.|\n)+BINDING-" + domain + "-END"
tmp = re.search(rep, conf).group()
dirConf = tmp.replace('rewrite/' + site['name'] + '.conf;',
'rewrite/' + site['name'] + '_' + find['path'] + '.conf;')
conf = conf.replace(tmp, dirConf)
public.writeFile(file, conf)
data = {}
data['status'] = False
if os.path.exists(filename):
data['status'] = True
data['data'] = public.readFile(filename)
data['rlist'] = ['0.default']
webserver = public.get_webserver()
if webserver == "openlitespeed":
webserver = "apache"
for ds in os.listdir('rewrite/' + webserver):
if ds == 'list.txt': continue
data['rlist'].append(ds[0:len(ds) - 5])
data['filename'] = filename
return data
# 取默认文档
def GetIndex(self, get):
id = get.id
Name = public.M('sites').where("id=?", (id,)).getField('name')
file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/' + Name + '.conf'
if public.get_webserver() == 'openlitespeed':
file = self.setupPath + '/panel/vhost/' + public.get_webserver() + '/detail/' + Name + '.conf'
conf = public.readFile(file)
if conf == False: return public.return_msg_gettext(False, public.lang("Configuration file not exist"))
if public.get_webserver() == 'nginx':
rep = r"\s+index\s+(.+);"
elif public.get_webserver() == 'apache':
rep = "DirectoryIndex\\s+(.+)\n"
else:
rep = "indexFiles\\s+(.+)\n"
if re.search(rep, conf):
tmp = re.search(rep, conf).groups()
if public.get_webserver() == 'openlitespeed':
return tmp[0]
return tmp[0].replace(' ', ',')
return public.return_msg_gettext(False, public.lang("Failed to get, there is no default document in the configuration file"))
# 设置默认文档
def SetIndex(self, get):
id = get.id
Index = get.Index.replace(' ', '')
Index = Index.replace(',,', ',').strip()
if not Index: return public.returnMsg(False, public.lang("Default index file cannot be empty"))
if get.Index.find('.') == -1: return public.return_msg_gettext(False, public.lang("Default Document Format is invalid, e.g., index.html"))
if len(Index) < 3: return public.return_msg_gettext(False, public.lang("Default Document cannot be empty!"))
Name = public.M('sites').where("id=?", (id,)).getField('name')
# 准备指令
Index_L = Index.replace(",", " ")
# nginx
file = self.setupPath + '/panel/vhost/nginx/' + Name + '.conf'
conf = public.readFile(file)
if conf:
rep = r"\s+index\s+.+;"
conf = re.sub(rep, "\n\tindex " + Index_L + ";", conf)
public.writeFile(file, conf)
# apache
file = self.setupPath + '/panel/vhost/apache/' + Name + '.conf'
conf = public.readFile(file)
if conf:
rep = "DirectoryIndex\\s+.+\n"
conf = re.sub(rep, 'DirectoryIndex ' + Index_L + "\n", conf)
public.writeFile(file, conf)
# openlitespeed
file = self.setupPath + '/panel/vhost/openlitespeed/detail/' + Name + '.conf'
conf = public.readFile(file)
if conf:
rep = "indexFiles\\s+.+\n"
Index = Index.split(',')
Index = [i for i in Index if i]
Index = ",".join(Index)
conf = re.sub(rep, 'indexFiles ' + Index + "\n", conf)
public.writeFile(file, conf)
public.serviceReload()
public.write_log_gettext('Site manager', 'Defualt document of site [{}] is [{}]', (Name, Index_L))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 修改物理路径
def SetPath(self, get):
id = get.id
Path = self.GetPath(get.path)
if Path == "" or id == '0': return public.return_msg_gettext(False, public.lang("Directory cannot be empty!"))
if not self.__check_site_path(Path): return public.return_msg_gettext(False, public.lang("System critical directory cannot be used as site directory"))
if not public.check_site_path(Path):
a, c = public.get_sys_path()
return public.return_msg_gettext(False, public.lang("Please do not set the website root directory to the system main directory: <br>{}", "<br>".join(a+c)))
SiteFind = public.M("sites").where("id=?", (id,)).field('path,name').find()
if SiteFind["path"] == Path: return public.return_msg_gettext(False, public.lang("Same as original path, no need to change!"))
Name = SiteFind['name']
file = self.setupPath + '/panel/vhost/nginx/' + Name + '.conf'
conf = public.readFile(file)
if conf:
conf = conf.replace(SiteFind['path'], Path)
public.writeFile(file, conf)
file = self.setupPath + '/panel/vhost/apache/' + Name + '.conf'
conf = public.readFile(file)
if conf:
rep = "DocumentRoot\\s+.+\n"
conf = re.sub(rep, 'DocumentRoot "' + Path + '"\n', conf)
rep = "<Directory\\s+.+\n"
conf = re.sub(rep, '<Directory "' + Path + "\">\n", conf)
public.writeFile(file, conf)
# OLS
file = self.setupPath + '/panel/vhost/openlitespeed/' + Name + '.conf'
conf = public.readFile(file)
if conf:
reg = 'vhRoot.*'
conf = re.sub(reg, 'vhRoot ' + Path, conf)
public.writeFile(file, conf)
# 创建basedir
userIni = Path + '/.user.ini'
if os.path.exists(userIni): public.ExecShell("chattr -i " + userIni)
public.writeFile(userIni, 'open_basedir=' + Path + '/:/tmp/')
public.ExecShell('chmod 644 ' + userIni)
public.ExecShell('chown root:root ' + userIni)
public.ExecShell('chattr +i ' + userIni)
public.set_site_open_basedir_nginx(Name)
public.serviceReload()
public.M("sites").where("id=?",(id,)).setField('path',Path)
public.write_log_gettext('Site manager', 'Successfully changed directory of site [{}]!',(Name,))
self.CheckRunPathExists(id)
return public.return_msg_gettext(True, public.lang("Successfully set"))
def CheckRunPathExists(self,site_id):
'''
@name 检查站点运行目录是否存在
@author hwliang
@param site_id int 站点ID
@return bool
'''
site_info = public.M('sites').where('id=?',(site_id,)).field('name,path').find()
if not site_info: return False
args = public.dict_obj()
args.id = site_id
run_path = self.GetRunPath(args)
site_run_path = site_info['path'] + '/' + run_path
if os.path.exists(site_run_path): return True
args.runPath = '/'
self.SetSiteRunPath(args)
public.WriteLog('TYPE_SITE','Due to modifying the root directory of the website [{}], the original running directory [.{}] does not exist, and the directory has been automatically switched to [./]'.format(site_info['name'],run_path))
return False
#取当前可用PHP版本
def GetPHPVersion(self,get):
phpVersions = public.get_php_versions()
phpVersions.insert(0,'other')
phpVersions.insert(0,'00')
httpdVersion = ""
filename = self.setupPath + '/apache/version.pl'
if os.path.exists(filename): httpdVersion = public.readFile(filename).strip()
if httpdVersion == '2.2': phpVersions = ('00','52','53','54')
if httpdVersion == '2.4':
if '52' in phpVersions: phpVersions.remove('52')
if os.path.exists('/www/server/nginx/sbin/nginx'):
cfile = '/www/server/nginx/conf/enable-php-00.conf'
if not os.path.exists(cfile): public.writeFile(cfile,'')
s_type = getattr(get,'s_type',0)
data = []
for val in phpVersions:
tmp = {}
checkPath = self.setupPath+'/php/'+val+'/bin/php'
if val in ['00','other']: checkPath = '/etc/init.d/bt'
if httpdVersion == '2.2': checkPath = self.setupPath+'/php/'+val+'/libphp5.so'
if os.path.exists(checkPath):
tmp['version'] = val
tmp['name'] = 'PHP-'+val
if val == '00':
tmp['name'] = public.lang("Static")
if val == 'other':
if s_type:
tmp['name'] = 'Customize'
else:
continue
data.append(tmp)
return data
# 取指定站点的PHP版本
def GetSitePHPVersion(self, get):
try:
siteName = get.siteName
data = {}
data['phpversion'] = public.get_site_php_version(siteName)
conf = public.readFile(self.setupPath + '/panel/vhost/' + public.get_webserver() + '/' + siteName + '.conf')
data['tomcat'] = conf.find('#TOMCAT-START')
data['tomcatversion'] = public.readFile(self.setupPath + '/tomcat/version.pl')
data['nodejsversion'] = public.readFile(self.setupPath + '/node.js/version.pl')
data['php_other'] = ''
if data['phpversion'] == 'other':
other_file = '/www/server/panel/vhost/other_php/{}/enable-php-other.conf'.format(siteName)
if os.path.exists(other_file):
conf = public.readFile(other_file)
data['php_other'] = re.findall(r"fastcgi_pass\s+(.+);",conf)[0]
return data
except:
return public.return_msg_gettext(False, public.lang("Apache2.2 does NOT support MultiPHP!,{}", public.get_error_info()))
def set_site_php_version_multiple(self, get):
'''
@name 批量设置PHP版本
@author zhwen<2020-11-17>
@param sites_id "1,2"
@param version 52...74
'''
sites_id = get.sites_id.split(',')
set_phpv_successfully = []
set_phpv_failed = {}
for site_id in sites_id:
get.id = site_id
get.siteName = public.M('sites').where("id=?", (site_id,)).getField('name')
if not get.siteName:
continue
try:
result = self.SetPHPVersion(get, multiple=1)
if not result['status']:
set_phpv_failed[get.siteName] = result['msg']
continue
set_phpv_successfully.append(get.siteName)
except:
set_phpv_failed[get.siteName] = public.lang("There was an error setting, please try again.")
pass
public.serviceReload()
return {'status': True, 'msg': public.get_msg_gettext('Set up website [{}] PHP version successfully', (','.join(set_phpv_successfully),)),
'error': set_phpv_failed,
'success': set_phpv_successfully}
# 设置指定站点的PHP版本
def SetPHPVersion(self, get, multiple=None):
siteName = get.siteName
version = get.version
if version == 'other' and not public.get_webserver() in ['nginx','tengine']:
return public.return_msg_gettext(False, public.lang("Custom PHP configuration only supports Nginx"))
try:
# nginx
file = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
conf = public.readFile(file)
if conf:
wp00 = "/www/server/nginx/conf/enable-php-00-wpfastcgi.conf"
if not os.path.exists(wp00):
public.writeFile(wp00, '')
other_path = '/www/server/panel/vhost/other_php/{}'.format(siteName)
if not os.path.exists(other_path): os.makedirs(other_path)
other_rep = "{}/enable-php-other.conf".format(other_path)
if version == 'other':
dst = other_rep
get.other = get.other.strip()
if not get.other:
return public.return_msg_gettext(False, public.lang("The PHP connection configuration cannot be empty when customizing the version!"))
if not re.match(r"^(\d+\.\d+\.\d+\.\d+:\d+|unix:[\w/\.-]+)$",get.other):
return public.return_msg_gettext(False, public.lang("The PHP connection configuration format is incorrect, please refer to the example!"))
other_tmp = get.other.split(':')
if other_tmp[0] == 'unix':
if not os.path.exists(other_tmp[1]):
return public.return_msg_gettext(False, public.lang("The specified unix socket [{}] does not exist!", other_tmp[1]))
else:
if not public.check_tcp(other_tmp[0],int(other_tmp[1])):
return public.return_msg_gettext(False, public.lang("Unable to connect to [{}], please check whether the machine can connect to the target server", get.other))
other_conf = r'''location ~ [^/]\.php(/|$)
{{
try_files $uri =404;
fastcgi_pass {};
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}}'''.format(get.other)
public.writeFile(other_rep,other_conf)
conf = conf.replace(other_rep,dst)
rep = r"include\s+enable-php-(\w{2,5})\.conf"
tmp = re.search(rep,conf)
if tmp: conf = conf.replace(tmp.group(),'include ' + dst)
elif re.search(r"enable-php-\d+-wpfastcgi.conf",conf):
dst = 'enable-php-{}-wpfastcgi.conf'.format(version)
conf = conf.replace(other_rep,dst)
rep = r"enable-php-\d+-wpfastcgi.conf"
tmp = re.search(rep, conf)
if tmp:conf = conf.replace(tmp.group(),dst)
else:
dst = 'enable-php-'+version+'.conf'
conf = conf.replace(other_rep,dst)
rep = r"enable-php-(\w{2,5})\.conf"
tmp = re.search(rep,conf)
if tmp: conf = conf.replace(tmp.group(),dst)
public.writeFile(file,conf)
try:
import site_dir_auth
site_dir_auth_module = site_dir_auth.SiteDirAuth()
auth_list = site_dir_auth_module.get_dir_auth(get)
if auth_list:
for i in auth_list[siteName]:
auth_name = i['name']
auth_file = "{setup_path}/panel/vhost/nginx/dir_auth/{site_name}/{auth_name}.conf".format(
setup_path=self.setupPath,site_name=siteName,auth_name = auth_name)
if os.path.exists(auth_file):
site_dir_auth_module.change_dir_auth_file_nginx_phpver(siteName,version,auth_name)
except:
pass
#apache
file = self.setupPath + '/panel/vhost/apache/'+siteName+'.conf'
conf = public.readFile(file)
if conf and version != 'other':
rep = r"(unix:/tmp/php-cgi-(\w{2,5})\.sock\|fcgi://localhost|fcgi://127.0.0.1:\d+)"
tmp = re.search(rep,conf).group()
conf = conf.replace(tmp,public.get_php_proxy(version,'apache'))
public.writeFile(file,conf)
#OLS
if version != 'other':
file = self.setupPath + '/panel/vhost/openlitespeed/detail/'+siteName+'.conf'
conf = public.readFile(file)
if conf:
rep = r'lsphp\d+'
tmp = re.search(rep, conf)
if tmp:
conf = conf.replace(tmp.group(), 'lsphp' + version)
public.writeFile(file, conf)
if not multiple:
public.serviceReload()
public.write_log_gettext("Site manager", 'Successfully changed PHP Version of site [{}] to PHP-{}', (siteName, version))
return public.return_msg_gettext(True, 'Successfully changed PHP Version of site [{}] to PHP-{}', (siteName, version))
except:
return public.get_error_info()
return public.return_msg_gettext(False, public.lang("Setup failed, no enable-php-xx related configuration items were found in the website configuration file!"))
# 是否开启目录防御
def GetDirUserINI(self, get):
path = get.path + self.GetRunPath(get)
if not path: return public.return_msg_gettext(False, public.lang("Requested directory does not exist"))
id = get.id
get.name = public.M('sites').where("id=?", (id,)).getField('name')
data = {}
data['logs'] = self.GetLogsStatus(get)
data['userini'] = False
user_ini_file = path + '/.user.ini'
user_ini_conf = public.readFile(user_ini_file)
if user_ini_conf and "open_basedir" in user_ini_conf:
data['userini'] = True
data['runPath'] = self.GetSiteRunPath(get)
data['pass'] = self.GetHasPwd(get)
return data
# 清除多余user.ini
def DelUserInI(self, path, up=0):
useriniPath = path + '/.user.ini'
if os.path.exists(useriniPath):
public.ExecShell('chattr -i ' + useriniPath)
try:
os.remove(useriniPath)
except:
pass
for p1 in os.listdir(path):
try:
npath = path + '/' + p1
if not os.path.isdir(npath): continue
useriniPath = npath + '/.user.ini'
if os.path.exists(useriniPath):
public.ExecShell('chattr -i ' + useriniPath)
os.remove(useriniPath)
if up < 3: self.DelUserInI(npath, up + 1)
except:
continue
return True
# 设置目录防御
def SetDirUserINI(self, get):
path = get.path
runPath = self.GetRunPath(get)
filename = path + runPath + '/.user.ini'
siteName = public.M('sites').where('path=?', (get.path,)).getField('name')
conf = public.readFile(filename)
try:
self._set_ols_open_basedir(get)
public.ExecShell("chattr -i " + filename)
if conf and "open_basedir" in conf:
rep = "\n*open_basedir.*"
conf = re.sub(rep, "", conf)
if not conf:
os.remove(filename)
else:
public.writeFile(filename, conf)
public.ExecShell("chattr +i " + filename)
public.set_site_open_basedir_nginx(siteName)
return public.return_msg_gettext(True, public.lang("Base directory turned off!"))
if conf and "session.save_path" in conf:
rep = r"session.save_path\s*=\s*(.*)"
s_path = re.search(rep, conf).groups(1)[0]
public.writeFile(filename, conf + '\nopen_basedir={}/:/tmp/:{}'.format(path, s_path))
else:
public.writeFile(filename, 'open_basedir={}/:/tmp/'.format(path))
public.ExecShell("chattr +i " + filename)
public.set_site_open_basedir_nginx(siteName)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Base directory turned on!"))
except Exception as e:
public.ExecShell("chattr +i " + filename)
return str(e)
def _set_ols_open_basedir(self, get):
# 设置ols
try:
sitename = public.M('sites').where("id=?", (get.id,)).getField('name')
# sitename = path.split('/')[-1]
f = "/www/server/panel/vhost/openlitespeed/detail/{}.conf".format(sitename)
c = public.readFile(f)
if not c: return False
if f:
rep = '\nphp_admin_value\\s*open_basedir.*'
result = re.search(rep, c)
s = 'on'
if not result:
s = 'off'
rep = '\n#php_admin_value\\s*open_basedir.*'
result = re.search(rep, c)
result = result.group()
if s == 'on':
c = re.sub(rep, '\n#' + result[1:], c)
else:
result = result.replace('#', '')
c = re.sub(rep, result, c)
public.writeFile(f, c)
except:
pass
# 读配置
def __read_config(self, path):
if not os.path.exists(path):
public.writeFile(path, '[]')
upBody = public.readFile(path)
if not upBody: upBody = '[]'
return json.loads(upBody)
# 写配置
def __write_config(self, path, data):
return public.writeFile(path, json.dumps(data))
# 取某个站点某条反向代理详情
def GetProxyDetals(self, get):
proxyUrl = self.__read_config(self.__proxyfile)
sitename = get.sitename
proxyname = get.proxyname
for i in proxyUrl:
if i["proxyname"] == proxyname and i["sitename"] == sitename:
return i
# 取某个站点反向代理列表
def GetProxyList(self, get):
n = 0
for w in ["nginx", "apache"]:
conf_path = "%s/panel/vhost/%s/%s.conf" % (self.setupPath, w, get.sitename)
old_conf = ""
if os.path.exists(conf_path):
old_conf = public.readFile(conf_path)
rep = "(#PROXY-START(\n|.)+#PROXY-END)"
url_rep = r"proxy_pass (.*);|ProxyPass\s/\s(.*)|Host\s(.*);"
host_rep = r"Host\s(.*);"
if re.search(rep, old_conf):
# 构造代理配置
if w == "nginx":
get.todomain = str(re.search(host_rep, old_conf).group(1))
get.proxysite = str(re.search(url_rep, old_conf).group(1))
else:
get.todomain = ""
get.proxysite = str(re.search(url_rep, old_conf).group(2))
get.proxyname = public.lang("Old proxy")
get.type = 1
get.proxydir = "/"
get.advanced = 0
get.cachetime = 1
get.cache = 0
get.subfilter = "[{\"sub1\":\"\",\"sub2\":\"\"},{\"sub1\":\"\",\"sub2\":\"\"},{\"sub1\":\"\",\"sub2\":\"\"}]"
# proxyname_md5 = self.__calc_md5(get.proxyname)
# 备份并替换老虚拟主机配置文件
public.ExecShell("cp %s %s_bak" % (conf_path, conf_path))
conf = re.sub(rep, "", old_conf)
public.writeFile(conf_path, conf)
if n == 0:
self.CreateProxy(get)
n += 1
# 写入代理配置
# proxypath = "%s/panel/vhost/%s/proxy/%s/%s_%s.conf" % (
# self.setupPath, w, get.sitename, proxyname_md5, get.sitename)
# proxycontent = str(re.search(rep, old_conf).group(1))
# public.writeFile(proxypath, proxycontent)
if n == "1":
public.serviceReload()
proxyUrl = self.__read_config(self.__proxyfile)
sitename = get.sitename
proxylist = []
for i in proxyUrl:
if i["sitename"] == sitename:
proxylist.append(i)
return proxylist
def del_proxy_multiple(self, get):
'''
@name 批量网站到期时间
@author zhwen<2020-11-20>
@param site_id 1
@param proxynames ces,aaa
'''
proxynames = get.proxynames.split(',')
del_successfully = []
del_failed = {}
get.sitename = public.M('sites').where("id=?", (get.site_id,)).getField('name')
for proxyname in proxynames:
if not proxyname:
continue
get.proxyname = proxyname
try:
resule = self.RemoveProxy(get, multiple=1)
if not resule['status']:
del_failed[proxyname] = resule['msg']
del_successfully.append(proxyname)
except:
del_failed[proxyname] = public.lang("There was an error deleting, please try again.")
pass
return {'status': True, 'msg': public.get_msg_gettext('Delete [ {} ] proxy successfully', (','.join(del_failed),)),
'error': del_failed,
'success': del_successfully}
# 删除反向代理
def RemoveProxy(self, get, multiple=None):
conf = self.__read_config(self.__proxyfile)
sitename = get.sitename
proxyname = get.proxyname
for i in range(len(conf)):
c_sitename = conf[i]["sitename"]
c_proxyname = conf[i]["proxyname"]
if c_sitename == sitename and c_proxyname == proxyname:
proxyname_md5 = self.__calc_md5(c_proxyname)
for w in ["apache", "nginx", "openlitespeed"]:
p = "{sp}/panel/vhost/{w}/proxy/{s}/{m}_{s}.conf*".format(sp=self.setupPath, w=w, s=c_sitename,
m=proxyname_md5)
public.ExecShell('rm -f {}'.format(p))
p = "{sp}/panel/vhost/openlitespeed/proxy/{s}/urlrewrite/{m}_{s}.conf*".format(sp=self.setupPath,
m=proxyname_md5,
s=get.sitename)
public.ExecShell('rm -f {}'.format(p))
del conf[i]
self.__write_config(self.__proxyfile, conf)
self.SetNginx(get)
self.SetApache(get.sitename)
if not multiple:
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Successfully deleted"))
# 检查代理是否存在
def __check_even(self, get, action=""):
conf_data = self.__read_config(self.__proxyfile)
for i in conf_data:
if i["sitename"] == get.sitename:
if action == "create":
if i["proxydir"] == get.proxydir or i["proxyname"] == get.proxyname:
return i
else:
if i["proxyname"] != get.proxyname and i["proxydir"] == get.proxydir:
return i
# 检测全局代理和目录代理是否同时存在
def __check_proxy_even(self, get, action=""):
conf_data = self.__read_config(self.__proxyfile)
n = 0
if action == "":
for i in conf_data:
if i["sitename"] == get.sitename:
n += 1
if n == 1:
return
for i in conf_data:
if i["sitename"] == get.sitename:
if i["advanced"] != int(get.advanced):
return i
# 计算proxyname md5
def __calc_md5(self, proxyname):
md5 = hashlib.md5()
md5.update(proxyname.encode('utf-8'))
return md5.hexdigest()
# 检测URL是否可以访问
def __CheckUrl(self, get):
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sk.settimeout(5)
rep = r"(https?)://([\w\.\-]+):?([\d]+)?"
h = re.search(rep, get.proxysite).group(1)
d = re.search(rep, get.proxysite).group(2)
try:
p = re.search(rep, get.proxysite).group(3)
except:
p = ""
try:
if p:
sk.connect((d, int(p)))
else:
if h == "http":
sk.connect((d, 80))
else:
sk.connect((d, 443))
except:
return public.return_msg_gettext(False, public.lang("Can NOT get target URL"))
# 基本设置检查
def __CheckStart(self, get, action=""):
isError = public.checkWebConfig()
if isinstance(isError,str):
if isError.find('/proxy/') == -1: # 如果是反向代理配置文件本身的错误,跳过
return public.return_msg_gettext(False, public.lang("An error was detected in the configuration file. Please solve it before proceeding"))
if action == "create":
if sys.version_info.major < 3:
if len(get.proxyname) < 3 or len(get.proxyname) > 40:
return public.return_msg_gettext(False, public.lang("Database name cannot be more than 40 characters!"))
else:
if len(get.proxyname.encode("utf-8")) < 3 or len(get.proxyname.encode("utf-8")) > 40:
return public.return_msg_gettext(False, public.lang("Database name cannot be more than 40 characters!"))
if self.__check_even(get, action):
return public.return_msg_gettext(False, public.lang("Specified reverse proxy name or proxy folder already exists"))
# 判断代理,只能有全局代理或目录代理
if self.__check_proxy_even(get, action):
return public.return_msg_gettext(False, public.lang("Cannot set both directory and global proxies"))
# 判断cachetime类型
if get.cachetime:
try:
int(get.cachetime)
except:
return public.return_msg_gettext(False, public.lang("Please enter number"))
rep = r"http(s)?\:\/\/"
# repd = r"http(s)?\:\/\/([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.)+([a-zA-Z0-9][a-zA-Z0-9]{0,62})+.?"
tod = "[a-zA-Z]+$"
repte = "[\\?\\=\\[\\]\\)\\(\\*\\&\\^\\%\\$\\#\\@\\!\\~\\`{\\}\\>\\<\\,\',\"]+"
# 检测代理目录格式
if re.search(repte, get.proxydir):
return public.return_msg_gettext(False, "PROXY_DIR_ERR", ("?,=,[,],),(,*,&,^,%,$,#,@,!,~,`,{,},>,<,\\,',\"]",))
# 检测发送域名格式
if get.todomain:
if re.search("[\\}\\{\\#\\;\"\']+",get.todomain):
return public.return_msg_gettext(False, public.lang("Sent Domain format error :'+get.todomain+'<br>The following special characters cannot exist [ } { # ; \" \' ] "))
if public.get_webserver() != 'openlitespeed' and not get.todomain:
get.todomain = "$host"
# 检测目标URL格式
if not re.match(rep, get.proxysite):
return public.return_msg_gettext(False, 'Sent domain format ERROR {}', (get.proxysite,))
if re.search(repte, get.proxysite):
return public.return_msg_gettext(False, "PROXY_URL_ERR", ("?,=,[,],),(,*,&,^,%,$,#,@,!,~,`,{,},>,<,\\,',\"]",))
# 检测目标url是否可用
# if re.match(repd, get.proxysite):
# if self.__CheckUrl(get):
# return public.returnMsg(False, public.lang("The target URL cannot be accessed"))
subfilter = json.loads(get.subfilter)
# 检测替换内容
if subfilter:
for s in subfilter:
if not s["sub1"]:
if s["sub2"]:
return public.return_msg_gettext(False, public.lang("Please enter the content to be replaced"))
elif s["sub1"] == s["sub2"]:
return public.return_msg_gettext(False, public.lang("The content to replace cannot be the same as the content to be replaced"))
# 设置Nginx配置
def SetNginx(self, get):
ng_proxyfile = "%s/panel/vhost/nginx/proxy/%s/*.conf" % (self.setupPath, get.sitename)
ng_file = self.setupPath + "/panel/vhost/nginx/" + get.sitename + ".conf"
p_conf = self.__read_config(self.__proxyfile)
cureCache = ''
if public.get_webserver() == 'nginx':
shutil.copyfile(ng_file, '/tmp/ng_file_bk.conf')
# if os.path.exists('/www/server/nginx/src/ngx_cache_purge'):
cureCache += '''
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$1$is_args$args;
#access_log /www/wwwlogs/%s_purge_cache.log;
}''' % (get.sitename)
if os.path.exists(ng_file):
self.CheckProxy(get)
ng_conf = public.readFile(ng_file)
if not p_conf:
# rep = "%s[\\w\\s\\~\\/\\(\\)\\.\\*\\{\\}\\;\\$\n\\#]+.{1,66}[\\s\\w\\/\\*\\.\\;]+include enable-php-" % public.GetMsg(
# "CLEAR_CACHE")
rep = "%s[\\w\\s\\~\\/\\(\\)\\.\\*\\{\\}\\;\\$\n\\#]+.*\n.*" % ("#Clear cache")
# ng_conf = re.sub(rep, 'include enable-php-', ng_conf)
ng_conf = re.sub(rep, '', ng_conf)
oldconf = '''location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}'''
if "(gif|jpg|jpeg|png|bmp|swf)$" not in ng_conf:
ng_conf = re.sub(r'access_log\s*/www', oldconf + "\n\taccess_log /www",ng_conf)
public.writeFile(ng_file, ng_conf)
return
sitenamelist = []
for i in p_conf:
sitenamelist.append(i["sitename"])
if get.sitename in sitenamelist:
rep = r"include.*\/proxy\/.*\*.conf;"
if not re.search(rep, ng_conf):
rep = "location.+\\(gif[\\w\\|\\$\\(\\)\n\\{\\}\\s\\;\\/\\~\\.\\*\\\\\\?]+access_log\\s+/"
ng_conf = re.sub(rep, 'access_log /', ng_conf)
ng_conf = ng_conf.replace("include enable-php-", "%s\n" % public.get_msg_gettext(
"#Clear cache") + cureCache + "\n\t%s\n\t" % public.get_msg_gettext(
"#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid") + "include " + ng_proxyfile + ";\n\n\tinclude enable-php-")
public.writeFile(ng_file, ng_conf)
else:
# rep = "%s[\\w\\s\\~\\/\\(\\)\\.\\*\\{\\}\\;\\$\n\\#]+.{1,66}[\\s\\w\\/\\*\\.\\;]+include enable-php-" % public.GetMsg(
# "CLEAR_CACHE")
rep = "%s[\\w\\s\\~\\/\\(\\)\\.\\*\\{\\}\\;\\$\n\\#]+.*\n.*" % ("#Clear cache")
# ng_conf = re.sub(rep, 'include enable-php-', ng_conf)
ng_conf = re.sub(rep,'',ng_conf)
oldconf = '''location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}'''
if "(gif|jpg|jpeg|png|bmp|swf)$" not in ng_conf:
ng_conf = re.sub(r'access_log\s*/www', oldconf + "\n\taccess_log /www",ng_conf)
public.writeFile(ng_file, ng_conf)
# 设置apache配置
def SetApache(self, sitename):
ap_proxyfile = "%s/panel/vhost/apache/proxy/%s/*.conf" % (self.setupPath, sitename)
ap_file = self.setupPath + "/panel/vhost/apache/" + sitename + ".conf"
p_conf = public.readFile(self.__proxyfile)
if public.get_webserver() == 'apache':
shutil.copyfile(ap_file, '/tmp/ap_file_bk.conf')
if os.path.exists(ap_file):
ap_conf = public.readFile(ap_file)
if p_conf == "[]":
rep = "\n*%s\n+\\s+IncludeOptiona[\\s\\w\\/\\.\\*]+" % ("#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid")
ap_conf = re.sub(rep, '', ap_conf)
public.writeFile(ap_file, ap_conf)
return
if sitename in p_conf:
rep = "combined(\n|.)+IncludeOptional.*\\/proxy\\/.*conf"
rep1 = "combined"
if not re.search(rep, ap_conf):
ap_conf = ap_conf.replace(rep1, rep1 + "\n\t%s\n\t" % public.get_msg_gettext(
'#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid') + "\n\tIncludeOptional " + ap_proxyfile)
public.writeFile(ap_file, ap_conf)
else:
# rep = "\n*#引用反向代理(\n|.)+IncludeOptional.*\\/proxy\\/.*conf"
rep = "\n*%s\n+\\s+IncludeOptiona[\\s\\w\\/\\.\\*]+" % ("#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid")
ap_conf = re.sub(rep, '', ap_conf)
public.writeFile(ap_file, ap_conf)
# 设置OLS
def _set_ols_proxy(self, get):
# 添加反代配置
proxyname_md5 = self.__calc_md5(get.proxyname)
dir_path = "%s/panel/vhost/openlitespeed/proxy/%s/" % (self.setupPath, get.sitename)
if not os.path.exists(dir_path):
os.makedirs(dir_path)
file_path = "{}{}_{}.conf".format(dir_path, proxyname_md5, get.sitename)
reverse_proxy_conf = """
extprocessor %s {
type proxy
address %s
maxConns 1000
pcKeepAliveTimeout 600
initTimeout 600
retryTimeout 0
respBuffer 0
}
""" % (get.proxyname, get.proxysite)
public.writeFile(file_path, reverse_proxy_conf)
# 添加urlrewrite
dir_path = "%s/panel/vhost/openlitespeed/proxy/%s/urlrewrite/" % (self.setupPath, get.sitename)
if not os.path.exists(dir_path):
os.makedirs(dir_path)
file_path = "{}{}_{}.conf".format(dir_path, proxyname_md5, get.sitename)
reverse_urlrewrite_conf = """
RewriteRule ^%s(.*)$ http://%s/$1 [P,E=Proxy-Host:%s]
""" % (get.proxydir, get.proxyname, get.todomain)
public.writeFile(file_path, reverse_urlrewrite_conf)
# 检查伪静态、主配置文件是否有location冲突
def CheckLocation(self, get):
# 伪静态文件路径
rewriteconfpath = "%s/panel/vhost/rewrite/%s.conf" % (self.setupPath, get.sitename)
# 主配置文件路径
nginxconfpath = "%s/nginx/conf/nginx.conf" % (self.setupPath)
# vhost文件
vhostpath = "%s/panel/vhost/nginx/%s.conf" % (self.setupPath, get.sitename)
rep = "location\\s+/[\n\\s]+{"
for i in [rewriteconfpath, nginxconfpath, vhostpath]:
conf = public.readFile(i)
if re.findall(rep, conf):
return public.return_msg_gettext(False, public.lang("A global reverse proxy already exists in the rewrite/nginx master configuration/vhost file"))
# 创建反向代理
def CreateProxy(self, get):
try:
nocheck = get.nocheck
except:
nocheck = ""
if not get.get('proxysite',None):
return public.returnMsg(False, public.lang("Destination URL cannot be empty"))
if not nocheck:
if self.__CheckStart(get, "create"):
return self.__CheckStart(get, "create")
if public.get_webserver() == 'nginx':
if self.CheckLocation(get):
return self.CheckLocation(get)
if not get.proxysite.split('//')[-1]:
return public.returnMsg(False, public.lang("The target URL cannot be [http:// or https://], please fill in the full URL, such as: https://yakpanel.com"))
# project_type = public.M('sites').where('name=?', (get.sitename,)).field('project_type').find()['project_type']
# if project_type == 'WP':
# return public.return_msg_gettext(False, public.lang("Reverse proxies are not currently available for Wordpress sites that use one-click deployment"))
proxyUrl = self.__read_config(self.__proxyfile)
proxyUrl.append({
"proxyname": get.proxyname,
"sitename": get.sitename,
"proxydir": get.proxydir,
"proxysite": get.proxysite,
"todomain": get.todomain,
"type": int(get.type),
"cache": int(get.cache),
"subfilter": json.loads(get.subfilter),
"advanced": int(get.advanced),
"cachetime": int(get.cachetime)
})
self.__write_config(self.__proxyfile, proxyUrl)
self.SetNginx(get)
self.SetApache(get.sitename)
self._set_ols_proxy(get)
status = self.SetProxy(get)
if not status["status"]:
return status
if get.proxydir == '/':
get.version = '00'
get.siteName = get.sitename
self.SetPHPVersion(get)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 取代理配置文件
def GetProxyFile(self, get):
import files
conf = self.__read_config(self.__proxyfile)
sitename = get.sitename
proxyname = get.proxyname
proxyname_md5 = self.__calc_md5(proxyname)
get.path = "%s/panel/vhost/%s/proxy/%s/%s_%s.conf" % (
self.setupPath, get.webserver, sitename, proxyname_md5, sitename)
for i in conf:
if proxyname == i["proxyname"] and sitename == i["sitename"] and i["type"] != 1:
return public.return_msg_gettext(False, public.lang("Proxy suspended"))
f = files.files()
return f.GetFileBody(get), get.path
# 保存代理配置文件
def SaveProxyFile(self, get):
import files
f = files.files()
return f.SaveFileBody(get)
# return public.returnMsg(True, public.lang("Saved successfully"))
# 检查是否存在#Set Nginx Cache
def check_annotate(self, data):
rep = "\n\\s*#Set\\s*Nginx\\s*Cache"
if re.search(rep, data):
return True
def old_proxy_conf(self,conf,ng_conf_file,get):
rep = r'location\s*\~\*.*gif\|png\|jpg\|css\|js\|woff\|woff2\)\$'
if not re.search(rep,conf):
return conf
self.RemoveProxy(get)
self.CreateProxy(get)
return public.readFile(ng_conf_file)
# 修改反向代理
def ModifyProxy(self, get):
if not get.get('proxysite',None):
return public.returnMsg(False, public.lang("Destination URL cannot be empty"))
proxyname_md5 = self.__calc_md5(get.proxyname)
ap_conf_file = "{p}/panel/vhost/apache/proxy/{s}/{n}_{s}.conf".format(
p=self.setupPath, s=get.sitename, n=proxyname_md5)
ng_conf_file = "{p}/panel/vhost/nginx/proxy/{s}/{n}_{s}.conf".format(
p=self.setupPath, s=get.sitename, n=proxyname_md5)
ols_conf_file = "{p}/panel/vhost/openlitespeed/proxy/{s}/urlrewrite/{n}_{s}.conf".format(
p=self.setupPath, s=get.sitename, n=proxyname_md5)
if self.__CheckStart(get):
return self.__CheckStart(get)
conf = self.__read_config(self.__proxyfile)
random_string = public.GetRandomString(8)
for i in range(len(conf)):
if conf[i]["proxyname"] == get.proxyname and conf[i]["sitename"] == get.sitename:
if int(get.type) != 1:
if not os.path.exists(ng_conf_file):
return public.returnMsg(False, public.lang("Please enable the reverse proxy before editing!"))
public.ExecShell("mv {f} {f}_bak".format(f=ap_conf_file))
public.ExecShell("mv {f} {f}_bak".format(f=ng_conf_file))
public.ExecShell("mv {f} {f}_bak".format(f=ols_conf_file))
conf[i]["type"] = int(get.type)
self.__write_config(self.__proxyfile, conf)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
else:
if os.path.exists(ap_conf_file + "_bak"):
public.ExecShell("mv {f}_bak {f}".format(f=ap_conf_file))
public.ExecShell("mv {f}_bak {f}".format(f=ng_conf_file))
public.ExecShell("mv {f}_bak {f}".format(f=ols_conf_file))
ng_conf = public.readFile(ng_conf_file)
ng_conf = self.old_proxy_conf(ng_conf, ng_conf_file, get)
# 修改nginx配置
# 如果代理URL后缀带有URI则删除URI正则匹配不支持proxypass处带有uri
php_pass_proxy = get.proxysite
if get.proxysite[-1] == '/' or get.proxysite.count('/') > 2 or '?' in get.proxysite:
php_pass_proxy = re.search(r'(https?\:\/\/[\w\.]+)', get.proxysite).group(0)
ng_conf = re.sub(r"location\s+[\^\~]*\s?%s" % conf[i]["proxydir"], "location ^~ " + get.proxydir, ng_conf)
ng_conf = re.sub(r"proxy_pass\s+%s" % conf[i]["proxysite"], "proxy_pass " + get.proxysite, ng_conf)
ng_conf = re.sub("location\\s+\\~\\*\\s+\\\\.\\(php.*\n\\{\\s*proxy_pass\\s+%s.*" % (php_pass_proxy),
"location ~* \\.(php|jsp|cgi|asp|aspx)$\n{\n\tproxy_pass %s;" % php_pass_proxy,ng_conf)
ng_conf = re.sub("location\\s+\\~\\*\\s+\\\\.\\(gif.*\n\\{\\s*proxy_pass\\s+%s.*" % (php_pass_proxy),
"location ~* \\.(gif|png|jpg|css|js|woff|woff2)$\n{\n\tproxy_pass %s;" % php_pass_proxy,ng_conf)
backslash = ""
if "Host $host" in ng_conf:
backslash = "\\"
ng_conf = re.sub(r"\sHost\s+%s" % backslash + conf[i]["todomain"], " Host " + get.todomain, ng_conf)
cache_rep = r"proxy_cache_valid\s+200\s+304\s+301\s+302\s+\d+m;((\n|.)+expires\s+\d+m;)*"
if int(get.cache) == 1:
if re.search(cache_rep, ng_conf):
expires_rep = "\\{\n\\s+expires\\s+12h;"
ng_conf = re.sub(expires_rep, "{", ng_conf)
ng_conf = re.sub(cache_rep, "proxy_cache_valid 200 304 301 302 {0}m;".format(get.cachetime),
ng_conf)
else:
# ng_cache = """
# proxy_ignore_headers Set-Cookie Cache-Control expires;
# proxy_cache cache_one;
# proxy_cache_key $host$uri$is_args$args;
# proxy_cache_valid 200 304 301 302 %sm;""" % (get.cachetime)
ng_cache = r"""
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
expires 1m;
}
proxy_ignore_headers Set-Cookie Cache-Control expires;
proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 %sm;""" % (get.cachetime)
if self.check_annotate(ng_conf):
cache_rep = '\n\\s*#Set\\s*Nginx\\s*Cache(.|\n)*no-cache;\\s*\n*\\s*\\}'
ng_conf = re.sub(cache_rep, '\n\t#Set Nginx Cache\n' + ng_cache, ng_conf)
else:
# cache_rep = r'#proxy_set_header\s+Connection\s+"upgrade";'
cache_rep = r"proxy_set_header\s+REMOTE-HOST\s+\$remote_addr;"
ng_conf = re.sub(cache_rep,
r"\n\tproxy_set_header\s+REMOTE-HOST\s+\$remote_addr;\n\t#Set Nginx Cache" + ng_cache,
ng_conf)
else:
no_cache = r"""
#Set Nginx Cache
set $static_file%s 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_file%s 1;
expires 1m;
}
if ( $static_file%s = 0 )
{
add_header Cache-Control no-cache;
}
}
#PROXY-END/""" % (random_string, random_string, random_string)
if self.check_annotate(ng_conf):
rep = r'\n\s*#Set\s*Nginx\s*Cache(.|\n)*'
# ng_conf = re.sub(rep,
# "\n\t#Set Nginx Cache\n\tproxy_ignore_headers Set-Cookie Cache-Control expires;\n\tadd_header Cache-Control no-cache;",
# ng_conf)
ng_conf = re.sub(rep,no_cache,ng_conf)
else:
rep = r"\s+proxy_cache\s+cache_one.*[\n\s\w\_\";\$]+m;"
# ng_conf = re.sub(rep,
# r"\n\t#Set Nginx Cache\n\tproxy_ignore_headers Set-Cookie Cache-Control expires;\n\tadd_header Cache-Control no-cache;",
# ng_conf)
ng_conf = re.sub(rep,no_cache,ng_conf)
sub_rep = "sub_filter"
subfilter = json.loads(get.subfilter)
if str(conf[i]["subfilter"]) != str(subfilter) or ng_conf.find('sub_filter_once') == -1:
if re.search(sub_rep, ng_conf):
sub_rep = "\\s+proxy_set_header\\s+Accept-Encoding(.|\n)+off;"
ng_conf = re.sub(sub_rep, "", ng_conf)
# 构造替换字符串
ng_subdata = ''
ng_sub_filter = '''
proxy_set_header Accept-Encoding "";%s
sub_filter_once off;'''
if subfilter:
for s in subfilter:
if not s["sub1"]:
continue
if '"' in s["sub1"]:
s["sub1"] = s["sub1"].replace('"', '\\"')
if '"' in s["sub2"]:
s["sub2"] = s["sub2"].replace('"', '\\"')
ng_subdata += '\n\tsub_filter "%s" "%s";' % (s["sub1"], s["sub2"])
if ng_subdata:
ng_sub_filter = ng_sub_filter % (ng_subdata)
else:
ng_sub_filter = ''
sub_rep = r'#Set\s+Nginx\s+Cache'
ng_conf = re.sub(sub_rep, '#Set Nginx Cache\n' + ng_sub_filter, ng_conf)
# 修改apache配置
ap_conf = public.readFile(ap_conf_file)
ap_conf = re.sub(r"ProxyPass\s+%s\s+%s" % (conf[i]["proxydir"], conf[i]["proxysite"]),
"ProxyPass %s %s" % (get.proxydir, get.proxysite), ap_conf)
ap_conf = re.sub(r"ProxyPassReverse\s+%s\s+%s" % (conf[i]["proxydir"], conf[i]["proxysite"]),
"ProxyPassReverse %s %s" % (get.proxydir, get.proxysite), ap_conf)
# 修改OLS配置
p = "{p}/panel/vhost/openlitespeed/proxy/{s}/{n}_{s}.conf".format(p=self.setupPath, n=proxyname_md5,
s=get.sitename)
c = public.readFile(p)
if c:
rep = r'address\s+(.*)'
new_proxysite = 'address\t{}'.format(get.proxysite)
c = re.sub(rep, new_proxysite, c)
public.writeFile(p, c)
# p = "{p}/panel/vhost/openlitespeed/proxy/{s}/urlrewrite/{n}_{s}.conf".format(p=self.setupPath,n=proxyname_md5,s=get.sitename)
c = public.readFile(ols_conf_file)
if c:
rep = r'RewriteRule\s*\^{}\(\.\*\)\$\s+http://{}/\$1\s*\[P,E=Proxy-Host:{}\]'.format(
conf[i]["proxydir"], get.proxyname, conf[i]["todomain"])
new_content = 'RewriteRule ^{}(.*)$ http://{}/$1 [P,E=Proxy-Host:{}]'.format(get.proxydir,
get.proxyname,
get.todomain)
c = re.sub(rep, new_content, c)
public.writeFile(ols_conf_file, c)
conf[i]["proxydir"] = get.proxydir
conf[i]["proxysite"] = get.proxysite
conf[i]["todomain"] = get.todomain
conf[i]["type"] = int(get.type)
conf[i]["cache"] = int(get.cache)
conf[i]["subfilter"] = json.loads(get.subfilter)
conf[i]["advanced"] = int(get.advanced)
conf[i]["cachetime"] = int(get.cachetime)
public.writeFile(ng_conf_file, ng_conf)
public.writeFile(ap_conf_file, ap_conf)
self.__write_config(self.__proxyfile, conf)
self.SetNginx(get)
self.SetApache(get.sitename)
# self.SetProxy(get)
# if int(get.type) != 1:
# os.system("mv %s %s_bak" % (ap_conf_file, ap_conf_file))
# os.system("mv %s %s_bak" % (ng_conf_file, ng_conf_file))
if not hasattr(get, 'notreload'):
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 设置反向代理
def SetProxy(self, get):
sitename = get.sitename # 站点名称
advanced = int(get.advanced)
type = int(get.type)
cache = int(get.cache)
cachetime = int(get.cachetime)
proxysite = get.proxysite
proxydir = get.proxydir
ng_file = self.setupPath + "/panel/vhost/nginx/" + sitename + ".conf"
ap_file = self.setupPath + "/panel/vhost/apache/" + sitename + ".conf"
p_conf = self.__read_config(self.__proxyfile)
random_string = public.GetRandomString(8)
# websocket前置map
map_file = self.setupPath + "/panel/vhost/nginx/0.websocket.conf"
if not os.path.exists(map_file):
map_body = '''map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
'''
public.writeFile(map_file,map_body)
# 配置Nginx
# 构造清理缓存连接
# 构造缓存配置
ng_cache = r"""
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
expires 1m;
}
proxy_ignore_headers Set-Cookie Cache-Control expires;
proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 %sm;""" % (cachetime)
no_cache = r"""
set $static_file%s 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_file%s 1;
expires 1m;
}
if ( $static_file%s = 0 )
{
add_header Cache-Control no-cache;
}""" % (random_string,random_string,random_string)
# rep = r"(https?://[\w\.]+)"
# proxysite1 = re.search(rep,get.proxysite).group(1)
ng_proxy = '''
#PROXY-START%s
location %s
{
proxy_pass %s;
proxy_set_header Host %s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
%s
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
%s
%s
}
#PROXY-END%s'''
ng_proxy_cache = ''
proxyname_md5 = self.__calc_md5(get.proxyname)
ng_proxyfile = "%s/panel/vhost/nginx/proxy/%s/%s_%s.conf" % (self.setupPath, sitename, proxyname_md5, sitename)
ng_proxydir = "%s/panel/vhost/nginx/proxy/%s" % (self.setupPath, sitename)
if not os.path.exists(ng_proxydir):
public.ExecShell("mkdir -p %s" % ng_proxydir)
# 构造替换字符串
ng_subdata = ''
ng_sub_filter = '''
proxy_set_header Accept-Encoding "";%s
sub_filter_once off;'''
if get.subfilter:
for s in json.loads(get.subfilter):
if not s["sub1"]:
continue
if '"' in s["sub1"]:
s["sub1"] = s["sub1"].replace('"', '\\"')
if '"' in s["sub2"]:
s["sub2"] = s["sub2"].replace('"', '\\"')
ng_subdata += '\n\tsub_filter "%s" "%s";' % (s["sub1"], s["sub2"])
if ng_subdata:
ng_sub_filter = ng_sub_filter % (ng_subdata)
else:
ng_sub_filter = ''
# 构造反向代理
# 如果代理URL后缀带有URI则删除URI正则匹配不支持proxypass处带有uri
# php_pass_proxy = get.proxysite
# if get.proxysite[-1] == '/' or get.proxysite.count('/') > 2 or '?' in get.proxysite:
# php_pass_proxy = re.search(r'(https?\:\/\/[\w\.]+)', get.proxysite).group(0)
if advanced == 1:
if proxydir[-1] != '/':
proxydir = '{}/'.format(proxydir)
if proxysite[-1] != '/':
proxysite = '{}/'.format(proxysite)
if type == 1 and cache == 1:
ng_proxy_cache += ng_proxy % (
proxydir, proxydir, proxysite, get.todomain,
("#Persistent connection related configuration"), ng_sub_filter, ng_cache, get.proxydir)
if type == 1 and cache == 0:
ng_proxy_cache += ng_proxy % (
get.proxydir, get.proxydir, proxysite, get.todomain,
("#Persistent connection related configuration"), ng_sub_filter, no_cache,
get.proxydir)
else:
if type == 1 and cache == 1:
ng_proxy_cache += ng_proxy % (
get.proxydir, get.proxydir, get.proxysite, get.todomain,
("#Persistent connection related configuration"), ng_sub_filter, ng_cache, get.proxydir)
if type == 1 and cache == 0:
ng_proxy_cache += ng_proxy % (
get.proxydir, get.proxydir, get.proxysite, get.todomain,
("#Persistent connection related configuration"), ng_sub_filter, no_cache,
get.proxydir)
public.writeFile(ng_proxyfile, ng_proxy_cache)
# APACHE
# 反向代理文件
ap_proxyfile = "%s/panel/vhost/apache/proxy/%s/%s_%s.conf" % (
self.setupPath, get.sitename, proxyname_md5, get.sitename)
ap_proxydir = "%s/panel/vhost/apache/proxy/%s" % (self.setupPath, get.sitename)
if not os.path.exists(ap_proxydir):
public.ExecShell("mkdir -p %s" % ap_proxydir)
ap_proxy = ''
if type == 1:
ap_proxy += '''#PROXY-START%s
<IfModule mod_proxy.c>
ProxyRequests Off
SSLProxyEngine on
ProxyPass %s %s/
ProxyPassReverse %s %s/
</IfModule>
#PROXY-END%s''' % (get.proxydir, get.proxydir, get.proxysite, get.proxydir,
get.proxysite, get.proxydir)
public.writeFile(ap_proxyfile, ap_proxy)
isError = public.checkWebConfig()
if (isError != True):
if public.get_webserver() == "nginx":
shutil.copyfile('/tmp/ng_file_bk.conf', ng_file)
else:
shutil.copyfile('/tmp/ap_file_bk.conf', ap_file)
for i in range(len(p_conf) - 1, -1, -1):
if get.sitename == p_conf[i]["sitename"] and p_conf[i]["proxyname"]:
del p_conf[i]
self.RemoveProxy(get)
return public.return_msg_gettext(False, 'ERROR: %s<br><a style="color:red;">' % public.get_msg_gettext(
'Configuration ERROR') + isError.replace("\n",
'<br>') + '</a>')
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 开启缓存
def ProxyCache(self, get):
if public.get_webserver() != 'nginx': return public.return_msg_gettext(False, public.lang("Currently only support Nginx"))
file = self.setupPath + "/panel/vhost/nginx/" + get.siteName + ".conf"
conf = public.readFile(file)
if conf.find('proxy_pass') == -1: return public.return_msg_gettext(False, public.lang("Failed to set"))
if conf.find('#proxy_cache') != -1:
conf = conf.replace('#proxy_cache', 'proxy_cache')
conf = conf.replace('#expires 12h', 'expires 12h')
else:
conf = conf.replace('proxy_cache', '#proxy_cache')
conf = conf.replace('expires 12h', '#expires 12h')
public.writeFile(file, conf)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 检查反向代理配置
def CheckProxy(self, get):
if public.get_webserver() != 'nginx': return True
file = self.setupPath + "/nginx/conf/proxy.conf"
if not os.path.exists(file):
conf = '''proxy_temp_path %s/nginx/proxy_temp_dir;
proxy_cache_path %s/nginx/proxy_cache_dir levels=1:2 keys_zone=cache_one:10m inactive=1d max_size=5g;
client_body_buffer_size 512k;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_cache cache_one;''' % (self.setupPath, self.setupPath)
public.writeFile(file, conf)
file = self.setupPath + "/nginx/conf/nginx.conf"
conf = public.readFile(file)
if (conf.find('include proxy.conf;') == -1):
rep = r"include\s+mime.types;"
conf = re.sub(rep, "include mime.types;\n\tinclude proxy.conf;", conf)
public.writeFile(file, conf)
def get_project_find(self,project_name):
'''
@name 获取指定项目配置
@author hwliang<2021-08-09>
@param project_name<string> 项目名称
@return dict
'''
project_info = public.M('sites').where('project_type=? AND name=?',('Java',project_name)).find()
if not project_info: return False
project_info['project_config'] = json.loads(project_info['project_config'])
return project_info
#取伪静态规则应用列表
def GetRewriteList(self,get):
if get.siteName.find('node_') == 0:
get.siteName = get.siteName.replace('node_', '')
rewriteList = {}
ws = public.get_webserver()
if ws == "openlitespeed":
ws = "apache"
if ws == 'apache':
get.id = public.M('sites').where("name=?", (get.siteName,)).getField('id')
runPath = self.GetSiteRunPath(get)
if runPath['runPath'].find('/www/server/stop') != -1:
runPath['runPath'] = runPath['runPath'].replace('/www/server/stop', '')
rewriteList['sitePath'] = public.M('sites').where("name=?", (get.siteName,)).getField('path') + runPath[
'runPath']
rewriteList['rewrite'] = []
rewriteList['rewrite'].append('0.' + public.lang("Current"))
for ds in os.listdir('rewrite/' + ws):
if ds == 'list.txt': continue
rewriteList['rewrite'].append(ds[0:len(ds) - 5])
rewriteList['rewrite'] = sorted(rewriteList['rewrite'])
return rewriteList
# 保存伪静态模板
def SetRewriteTel(self, get):
ws = public.get_webserver()
if not get.name:
public.return_msg_gettext(True, 'Please enter a template name')
if ws == "openlitespeed":
ws = "apache"
if sys.version_info[0] == 2: get.name = get.name.encode('utf-8')
filename = 'rewrite/' + ws + '/' + get.name + '.conf'
public.writeFile(filename, get.data)
return public.return_msg_gettext(True, public.lang("New URL rewrite rule has been saved!"))
# 打包
def ToBackup(self, get):
id = get.id
find = public.M('sites').where("id=?", (id,)).field('name,path,id').find()
import time
fileName = find['name'] + '_' + time.strftime('%Y%m%d_%H%M%S', time.localtime()) + '.zip'
backupPath = session['config']['backup_path'] + '/site'
zipName = backupPath + '/' + fileName
if not (os.path.exists(backupPath)): os.makedirs(backupPath)
tmps = '/tmp/panelExec.log'
execStr = "cd '" + find['path'] + "' && zip '" + zipName + "' -x .user.ini -r ./ > " + tmps + " 2>&1"
public.ExecShell(execStr)
sql = public.M('backup').add('type,name,pid,filename,size,addtime',
(0, fileName, find['id'], zipName, 0, public.getDate()))
public.write_log_gettext('Site manager', 'Backup site [{}] succeed!', (find['name'],))
return public.return_msg_gettext(True, public.lang("Backup Succeeded!"))
# 删除备份文件
def DelBackup(self, get):
id = get.id
where = "id=?"
backup_info = public.M('backup').where(where,(id,)).find()
filename = backup_info['filename']
if os.path.exists(filename): os.remove(filename)
name = ''
if filename == 'qiniu':
name = backup_info['name']
public.ExecShell(public.get_python_bin() + " "+self.setupPath + '/panel/script/backup_qiniu.py delete_file ' + name)
pid = backup_info['pid']
site_name = public.M('sites').where('id=?',(pid,)).getField('name')
public.write_log_gettext('Site manager', 'Successfully deleted backup [{}] of site [{}]!', (site_name, filename))
public.M('backup').where(where, (id,)).delete()
return public.return_msg_gettext(True, public.lang("Successfully deleted"))
# 旧版本配置文件处理
def OldConfigFile(self):
# 检查是否需要处理
moveTo = 'data/moveTo.pl'
if os.path.exists(moveTo): return
# 处理Nginx配置文件
filename = self.setupPath + "/nginx/conf/nginx.conf"
if os.path.exists(filename):
conf = public.readFile(filename)
if conf.find('include vhost/*.conf;') != -1:
conf = conf.replace('include vhost/*.conf;', 'include ' + self.setupPath + '/panel/vhost/nginx/*.conf;')
public.writeFile(filename, conf)
self.moveConf(self.setupPath + "/nginx/conf/vhost", self.setupPath + '/panel/vhost/nginx', 'rewrite',
self.setupPath + '/panel/vhost/rewrite')
self.moveConf(self.setupPath + "/nginx/conf/rewrite", self.setupPath + '/panel/vhost/rewrite')
# 处理Apache配置文件
filename = self.setupPath + "/apache/conf/httpd.conf"
if os.path.exists(filename):
conf = public.readFile(filename)
if conf.find('IncludeOptional conf/vhost/*.conf') != -1:
conf = conf.replace('IncludeOptional conf/vhost/*.conf',
'IncludeOptional ' + self.setupPath + '/panel/vhost/apache/*.conf')
public.writeFile(filename, conf)
self.moveConf(self.setupPath + "/apache/conf/vhost", self.setupPath + '/panel/vhost/apache')
# 标记处理记录
public.writeFile(moveTo, 'True')
public.serviceReload()
# 移动旧版本配置文件
def moveConf(self, Path, toPath, Replace=None, ReplaceTo=None):
if not os.path.exists(Path): return
import shutil
letPath = '/etc/letsencrypt/live'
nginxPath = self.setupPath + '/nginx/conf/key'
apachePath = self.setupPath + '/apache/conf/key'
for filename in os.listdir(Path):
# 准备配置文件
name = filename[0:len(filename) - 5]
filename = Path + '/' + filename
conf = public.readFile(filename)
# 替换关键词
if Replace: conf = conf.replace(Replace, ReplaceTo)
ReplaceTo = letPath + name
Replace = 'conf/key/' + name
if conf.find(Replace) != -1: conf = conf.replace(Replace, ReplaceTo)
Replace = 'key/' + name
if conf.find(Replace) != -1: conf = conf.replace(Replace, ReplaceTo)
public.writeFile(filename, conf)
# 提取配置信息
if conf.find('server_name') != -1:
self.formatNginxConf(filename)
elif conf.find('<Directory') != -1:
# self.formatApacheConf(filename)
pass
# 移动文件
shutil.move(filename, toPath + '/' + name + '.conf')
# 转移证书
self.moveKey(nginxPath + '/' + name, letPath + '/' + name)
self.moveKey(apachePath + '/' + name, letPath + '/' + name)
# 删除多余目录
shutil.rmtree(Path)
# 重载服务
public.serviceReload()
# 从Nginx配置文件获取站点信息
def formatNginxConf(self, filename):
# 准备基础信息
name = os.path.basename(filename[0:len(filename) - 5])
if name.find('.') == -1: return
conf = public.readFile(filename)
# 取域名
rep = r"server_name\s+(.+);"
tmp = re.search(rep, conf)
if not tmp: return
domains = tmp.groups()[0].split(' ')
# 取根目录
rep = r"root\s+(.+);"
tmp = re.search(rep, conf)
if not tmp: return
path = tmp.groups()[0]
# 提交到数据库
self.toSiteDatabase(name, domains, path)
# 从Apache配置文件获取站点信息
def formatApacheConf(self, filename):
# 准备基础信息
name = os.path.basename(filename[0:len(filename) - 5])
if name.find('.') == -1: return
conf = public.readFile(filename)
# 取域名
rep = "ServerAlias\\s+(.+)\n"
tmp = re.search(rep, conf)
if not tmp: return
domains = tmp.groups()[0].split(' ')
# 取根目录
rep = u"DocumentRoot\\s+\"(.+)\"\n"
tmp = re.search(rep, conf)
if not tmp: return
path = tmp.groups()[0]
# 提交到数据库
self.toSiteDatabase(name, domains, path)
# 添加到数据库
def toSiteDatabase(self, name, domains, path):
if public.M('sites').where('name=?', (name,)).count() > 0: return
public.M('sites').add('name,path,status,ps,addtime',
(name, path, '1', public.lang("Please enter a note"), public.getDate()))
pid = public.M('sites').where("name=?", (name,)).getField('id')
for domain in domains:
public.M('domain').add('pid,name,port,addtime', (pid, domain, '80', public.getDate()))
# 移动旧版本证书
def moveKey(self, srcPath, dstPath):
if not os.path.exists(srcPath): return
import shutil
os.makedirs(dstPath)
srcKey = srcPath + '/key.key'
srcCsr = srcPath + '/csr.key'
if os.path.exists(srcKey): shutil.move(srcKey, dstPath + '/privkey.pem')
if os.path.exists(srcCsr): shutil.move(srcCsr, dstPath + '/fullchain.pem')
# 路径处理
def GetPath(self, path):
if path[-1] == '/':
return path[0:-1]
return path
# 日志开关
def logsOpen(self, get):
get.name = public.M('sites').where("id=?", (get.id,)).getField('name')
# APACHE
filename = public.GetConfigValue('setup_path') + '/panel/vhost/apache/' + get.name + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
if conf.find('#ErrorLog') != -1:
conf = conf.replace("#ErrorLog", "ErrorLog").replace('#CustomLog', 'CustomLog')
else:
conf = conf.replace("ErrorLog", "#ErrorLog").replace('CustomLog', '#CustomLog')
public.writeFile(filename, conf)
# NGINX
filename = public.GetConfigValue('setup_path') + '/panel/vhost/nginx/' + get.name + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = public.GetConfigValue('logs_path') + "/" + get.name + ".log"
if conf.find(rep) != -1:
conf = conf.replace(rep, "/dev/null")
else:
# conf = re.sub('}\n\\s+access_log\\s+off', '}\n\taccess_log ' + rep, conf)
conf = conf.replace('access_log /dev/null', 'access_log ' + rep)
public.writeFile(filename, conf)
# OLS
filename = public.GetConfigValue('setup_path') + '/panel/vhost/openlitespeed/detail/' + get.name + '.conf'
conf = public.readFile(filename)
if conf:
rep = "\nerrorlog(.|\n)*compressArchive\\s*1\\s*\n}"
tmp = re.search(rep, conf)
s = 'on'
if not tmp:
s = 'off'
rep = "\n#errorlog(.|\n)*compressArchive\\s*1\\s*\n#}"
tmp = re.search(rep, conf)
tmp = tmp.group()
if tmp:
result = ''
if s == 'on':
for l in tmp.strip().splitlines():
result += "\n#"+l
else:
for l in tmp.splitlines():
result += "\n"+l[1:]
conf = re.sub(rep,"\n"+result.strip(),conf)
public.writeFile(filename,conf)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 取日志状态
def GetLogsStatus(self, get):
if not hasattr(get, 'name') or not get.name:
return True
if isinstance(get.name, list):
site_name = get.name[0] if get.name else ''
elif isinstance(get.name, str):
site_name = get.name
else:
site_name = str(get.name)
site_name = site_name.strip()
if not site_name:
return True
filename = public.GetConfigValue(
'setup_path') + '/panel/vhost/' + public.get_webserver() + '/' + get.name + '.conf'
if public.get_webserver() == 'openlitespeed':
filename = public.GetConfigValue(
'setup_path') + '/panel/vhost/' + public.get_webserver() + '/detail/' + get.name + '.conf'
conf = public.readFile(filename)
if not conf: return True
if conf.find('#ErrorLog') != -1: return False
#if re.search("}\n*\\s*access_log\\s+off", conf):
if conf.find("access_log /dev/null") != -1: return False
if re.search('\n#accesslog', conf):
return False
return True
# 取目录加密状态
def GetHasPwd(self, get):
if not hasattr(get, 'siteName'):
get.siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
get.configFile = self.setupPath + '/panel/vhost/nginx/' + get.siteName + '.conf'
conf = public.readFile(get.configFile)
if type(conf) == bool: return False
if conf.find('#AUTH_START') != -1: return True
return False
# 设置目录加密
def SetHasPwd(self, get):
if public.get_webserver() == 'openlitespeed':
return public.return_msg_gettext(False, public.lang("The current web server is openlitespeed. This function is not supported yet."))
if len(get.username.strip()) < 3 or len(get.password.strip()) < 3: return public.return_msg_gettext(False, public.lang("Username or password cannot be less than 3 digits!"))
if not hasattr(get, 'siteName'):
get.siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
self.CloseHasPwd(get)
filename = public.GetConfigValue('setup_path') + '/pass/' + get.siteName + '.pass'
try:
passconf = get.username + ':' + public.hasPwd(get.password)
except:
return public.returnMsg(False, public.lang("The password fomart is wrong, please do not use special symbols for the first two digits!"))
if get.siteName == 'phpmyadmin':
get.configFile = self.setupPath + '/nginx/conf/nginx.conf'
if os.path.exists(self.setupPath + '/panel/vhost/nginx/phpmyadmin.conf'):
get.configFile = self.setupPath + '/panel/vhost/nginx/phpmyadmin.conf'
else:
get.configFile = self.setupPath + '/panel/vhost/nginx/' + get.siteName + '.conf'
# 处理Nginx配置
conf = public.readFile(get.configFile)
if conf:
rep = '#error_page 404 /404.html;'
if conf.find(rep) == -1: rep = '#error_page 404/404.html;'
data = '''
#AUTH_START
auth_basic "Authorization";
auth_basic_user_file %s;
#AUTH_END''' % (filename,)
conf = conf.replace(rep, rep + data)
public.writeFile(get.configFile, conf)
if get.siteName == 'phpmyadmin':
get.configFile = self.setupPath + '/apache/conf/extra/httpd-vhosts.conf'
if os.path.exists(self.setupPath + '/panel/vhost/apache/phpmyadmin.conf'):
get.configFile = self.setupPath + '/panel/vhost/apache/phpmyadmin.conf'
else:
get.configFile = self.setupPath + '/panel/vhost/apache/' + get.siteName + '.conf'
conf = public.readFile(get.configFile)
if conf:
# 处理Apache配置
rep = 'SetOutputFilter'
if conf.find(rep) != -1:
data = '''#AUTH_START
AuthType basic
AuthName "Authorization "
AuthUserFile %s
Require user %s
#AUTH_END
''' % (filename, get.username)
conf = conf.replace(rep, data + rep)
conf = conf.replace(' Require all granted', " #Require all granted")
public.writeFile(get.configFile, conf)
# 写密码配置
passDir = public.GetConfigValue('setup_path') + '/pass'
if not os.path.exists(passDir): public.ExecShell('mkdir -p ' + passDir)
public.writeFile(filename, passconf)
public.serviceReload()
public.write_log_gettext("Site manager", "Set site [{}] to password authentication required!", (get.siteName,))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 取消目录加密
def CloseHasPwd(self, get):
if not hasattr(get, 'siteName'):
get.siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
if get.siteName == 'phpmyadmin':
get.configFile = self.setupPath + '/nginx/conf/nginx.conf'
else:
get.configFile = self.setupPath + '/panel/vhost/nginx/' + get.siteName + '.conf'
if os.path.exists(get.configFile):
conf = public.readFile(get.configFile)
rep = "\n\\s*#AUTH_START(.|\n){1,200}#AUTH_END"
conf = re.sub(rep, '', conf)
public.writeFile(get.configFile, conf)
if get.siteName == 'phpmyadmin':
get.configFile = self.setupPath + '/apache/conf/extra/httpd-vhosts.conf'
else:
get.configFile = self.setupPath + '/panel/vhost/apache/' + get.siteName + '.conf'
if os.path.exists(get.configFile):
conf = public.readFile(get.configFile)
rep = "\n\\s*#AUTH_START(.|\n){1,200}#AUTH_END"
conf = re.sub(rep, '', conf)
conf = conf.replace(' #Require all granted', " Require all granted")
public.writeFile(get.configFile, conf)
public.serviceReload()
public.write_log_gettext("Site manager", "Cleared password authentication for site [{}]!", (get.siteName,))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 启用tomcat支持
def SetTomcat(self, get):
siteName = get.siteName
name = siteName.replace('.', '_')
rep = r"^(\d{1,3}\.){3,3}\d{1,3}$"
if re.match(rep, siteName): return public.return_msg_gettext(False, public.lang("ERROR, primary domain cannot be IP address!"))
# nginx
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
if conf.find('#TOMCAT-START') != -1: return self.CloseTomcat(get)
tomcatConf = r'''#TOMCAT-START
location /
{
proxy_pass "http://%s:8080";
proxy_set_header Host %s;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
expires 12h;
}
location ~ .*\.war$
{
return 404;
}
#TOMCAT-END
''' % (siteName, siteName)
rep = 'include enable-php'
conf = conf.replace(rep, tomcatConf + rep)
public.writeFile(filename, conf)
# apache
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
if conf.find('#TOMCAT-START') != -1: return self.CloseTomcat(get)
tomcatConf = '''#TOMCAT-START
<IfModule mod_proxy.c>
ProxyRequests Off
SSLProxyEngine on
ProxyPass / http://%s:8080/
ProxyPassReverse / http://%s:8080/
RequestHeader unset Accept-Encoding
ExtFilterDefine fixtext mode=output intype=text/html cmd="/bin/sed 's,:8080,,g'"
SetOutputFilter fixtext
</IfModule>
#TOMCAT-END
''' % (siteName, siteName)
rep = '#PATH'
conf = conf.replace(rep, tomcatConf + rep)
public.writeFile(filename, conf)
path = public.M('sites').where("name=?", (siteName,)).getField('path')
import tomcat
tomcat.tomcat().AddVhost(path, siteName)
public.serviceReload()
public.ExecShell('/etc/init.d/tomcat stop')
public.ExecShell('/etc/init.d/tomcat start')
public.ExecShell('echo "127.0.0.1 ' + siteName + '" >> /etc/hosts')
public.write_log_gettext('TYPE_SITE', 'Turned on Tomcat supporting for site [{}]!', (siteName,))
return public.return_msg_gettext(True, public.lang("Succeeded, please test JSP program!"))
# 关闭tomcat支持
def CloseTomcat(self, get):
if not os.path.exists('/etc/init.d/tomcat'): return False
siteName = get.siteName
name = siteName.replace('.', '_')
# nginx
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = "\\s*#TOMCAT-START(.|\n)+#TOMCAT-END"
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
# apache
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = "\\s*#TOMCAT-START(.|\n)+#TOMCAT-END"
conf = re.sub(rep, '', conf)
public.writeFile(filename, conf)
public.ExecShell('rm -rf ' + self.setupPath + '/panel/vhost/tomcat/' + name)
try:
import tomcat
tomcat.tomcat().DelVhost(siteName)
except:
pass
public.serviceReload()
public.ExecShell('/etc/init.d/tomcat restart')
public.ExecShell("sed -i '/" + siteName + "/d' /etc/hosts")
public.write_log_gettext('Site manager', 'Turned off Tomcat supporting for site [{}]!', (siteName,))
return public.return_msg_gettext(True, public.lang("Tomcat mapping closed!"))
#取当站点前运行目录
def GetSiteRunPath(self,get):
site = public.M('sites').where('id=?',(get.id,)).field('name,path,service_type').find()
if not site: return {"runPath": "/", 'dirs': []}
siteName = site['name']
sitePath = site['path']
if not siteName or os.path.isfile(sitePath): return {"runPath":"/",'dirs':[]}
path = sitePath
# 兼容多服务
webserver = public.get_webserver()
if public.get_multi_webservice_status():
webserver = site['service_type'] if site['service_type'] else 'nginx'
if webserver == 'nginx':
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = r'\s*root\s+(.+);'
path = re.search(rep, conf)
if not path:
return public.return_msg_gettext(False, public.lang("Get Site run path false"))
path = path.groups()[0]
elif webserver == 'apache':
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = '\\s*DocumentRoot\\s*"(.+)"\\s*\n'
path = re.search(rep, conf)
if not path:
return public.return_msg_gettext(False, public.lang("Get Site run path false"))
path = path.groups()[0]
else:
filename = self.setupPath + '/panel/vhost/openlitespeed/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
rep = r"vhRoot\s*(.*)"
path = re.search(rep, conf)
if not path:
return public.return_msg_gettext(False, public.lang("Get Site run path false"))
path = path.groups()[0]
data = {}
if sitePath == path:
data['runPath'] = '/'
else:
data['runPath'] = path.replace(sitePath, '')
dirnames = []
dirnames.append('/')
if not os.path.exists(sitePath): os.makedirs(sitePath)
for filename in os.listdir(sitePath):
try:
json.dumps(filename)
if sys.version_info[0] == 2:
filename = filename.encode('utf-8')
else:
filename.encode('utf-8')
filePath = sitePath + '/' + filename
if not os.path.exists(filePath): continue
if os.path.islink(filePath): continue
if os.path.isdir(filePath):
dirnames.append('/' + filename)
except:
pass
data['dirs'] = dirnames
return data
# 设置当前站点运行目录
def SetSiteRunPath(self, get):
siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
sitePath = public.M('sites').where('id=?', (get.id,)).getField('path')
old_run_path = self.GetRunPath(get)
# 处理Nginx
filename = self.setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
if conf:
rep = r'\s*root\s+(.+);'
tmp = re.search(rep,conf)
if tmp:
path = tmp.groups()[0]
conf = conf.replace(path,sitePath + get.runPath)
public.writeFile(filename,conf)
#处理Apache
filename = self.setupPath + '/panel/vhost/apache/' + siteName + '.conf'
if os.path.exists(filename):
conf = public.readFile(filename)
if conf:
rep = '\\s*DocumentRoot\\s*"(.+)"\\s*\n'
tmp = re.search(rep,conf)
if tmp:
path = tmp.groups()[0]
conf = conf.replace(path,sitePath + get.runPath)
public.writeFile(filename,conf)
# 处理OLS
self._set_ols_run_path(sitePath, get.runPath, siteName)
# self.DelUserInI(sitePath)
# get.path = sitePath;
# self.SetDirUserINI(get);
s_path = sitePath + old_run_path + "/.user.ini"
d_path = sitePath + get.runPath + "/.user.ini"
if s_path != d_path:
public.ExecShell("chattr -i {}".format(s_path))
public.ExecShell("mv {} {}".format(s_path, d_path))
public.ExecShell("chattr +i {}".format(d_path))
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
def _set_ols_run_path(self, site_path, run_path, sitename):
ols_conf_file = "{}/panel/vhost/openlitespeed/{}.conf".format(self.setupPath, sitename)
ols_conf = public.readFile(ols_conf_file)
if not ols_conf:
return
reg = '#VHOST\\s*{s}\\s*START(.|\n)+#VHOST\\s*{s}\\s*END'.format(s=sitename)
tmp = re.search(reg, ols_conf)
if not tmp:
return
reg = r"vhRoot\s*(.*)"
# tmp = re.search(reg,tmp.group())
# if not tmp:
# return
tmp = "vhRoot " + site_path + run_path
ols_conf = re.sub(reg, tmp, ols_conf)
public.writeFile(ols_conf_file, ols_conf)
# 设置默认站点
def SetDefaultSite(self, get):
import time
if public.GetWebServer() in ['openlitespeed']:
return public.returnMsg(False, public.lang("OpenLiteSpeed does not support setting the default site"))
default_site_save = 'data/defaultSite.pl'
# 清理旧的
defaultSite = public.readFile(default_site_save)
http2 = ''
versionStr = public.readFile('/www/server/nginx/version.pl')
if versionStr:
if versionStr.find('1.8.1') == -1 and versionStr.find('1.25') == -1 and versionStr.find('1.26') == -1: http2 = ' http2'
if defaultSite:
path = self.setupPath + '/panel/vhost/nginx/' + defaultSite + '.conf'
if os.path.exists(path):
conf = public.readFile(path)
rep = r"listen\s+80.+;"
conf = re.sub(rep, 'listen 80;', conf, 1)
rep = r"listen\s+\[::\]:80.+;"
conf = re.sub(rep, 'listen [::]:80;', conf, 1)
rep = r"listen\s+443.+;"
conf = re.sub(rep, 'listen 443 ssl' + http2 + ';', conf, 1)
rep = r"listen\s+\[::\]:443.+;"
conf = re.sub(rep, 'listen [::]:443 ssl' + http2 + ';', conf, 1)
public.writeFile(path, conf)
path = self.setupPath + '/apache/htdocs/.htaccess'
if os.path.exists(path): os.remove(path)
if get.name == '0':
if os.path.exists(default_site_save): os.remove(default_site_save)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 处理新的
path = self.setupPath + '/apache/htdocs'
if os.path.exists(path):
conf = '''<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^127.0.0.1 [NC]
RewriteRule (.*) http://%s/$1 [L]
</IfModule>'''
conf = conf.replace("%s", get.name)
if get.name == 'off': conf = ''
public.writeFile(path + '/.htaccess', conf)
path = self.setupPath + '/panel/vhost/nginx/' + get.name + '.conf'
if os.path.exists(path):
conf = public.readFile(path)
rep = r"listen\s+80\s*;"
conf = re.sub(rep, 'listen 80 default_server;', conf, 1)
rep = r"listen\s+\[::\]:80\s*;"
conf = re.sub(rep, 'listen [::]:80 default_server;', conf, 1)
rep = r"listen\s+443\s*ssl\s*\w*\s*;"
conf = re.sub(rep, 'listen 443 ssl' + http2 + ' default_server;', conf, 1)
rep = r"listen\s+\[::\]:443\s*ssl\s*\w*\s*;"
conf = re.sub(rep, 'listen [::]:443 ssl' + http2 + ' default_server;', conf, 1)
public.writeFile(path, conf)
path = self.setupPath + '/panel/vhost/nginx/default.conf'
if os.path.exists(path): public.ExecShell('rm -f ' + path)
public.writeFile(default_site_save, get.name)
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 取默认站点
def GetDefaultSite(self, get):
data = {}
data['sites'] = public.M('sites').where('project_type=? OR project_type=?',('PHP','WP')).field('name').order('id desc').select()
data['defaultSite'] = public.readFile('data/defaultSite.pl')
return data
# 扫描站点
def CheckSafe(self, get):
import db, time
isTask = '/tmp/panelTask.pl'
if os.path.exists(self.setupPath + '/panel/class/panelSafe.py'):
import py_compile
py_compile.compile(self.setupPath + '/panel/class/panelSafe.py')
get.path = public.M('sites').where('id=?', (get.id,)).getField('path')
execstr = "cd " + public.GetConfigValue(
'setup_path') + "/panel/class && " + public.get_python_bin() + " panelSafe.pyc " + get.path
sql = db.Sql()
sql.table('tasks').add('id,name,type,status,addtime,execstr', (
None, '%s [' % public.lang("Scan directory") + get.path + ']', 'execshell', '0', time.strftime('%Y-%m-%d %H:%M:%S'),
execstr))
public.writeFile(isTask, 'True')
public.write_log_gettext('Installer', 'Added trojan scan task for directory [{}]!', (get.path,))
return public.return_msg_gettext(True, public.lang("Scan Task has in the queue!"))
# 获取结果信息
def GetCheckSafe(self, get):
get.path = public.M('sites').where('id=?', (get.id,)).getField('path')
path = get.path + '/scan.pl'
result = {}
result['data'] = []
result['phpini'] = []
result['userini'] = result['sshd'] = True
result['scan'] = False
result['outime'] = result['count'] = result['error'] = 0
if not os.path.exists(path): return result
import json
return json.loads(public.readFile(path))
# 更新病毒库
def UpdateRulelist(self, get):
try:
conf = public.httpGet(public.getUrl() + '/install/ruleList.conf')
if conf:
public.writeFile(self.setupPath + '/panel/data/ruleList.conf', conf)
return public.return_msg_gettext(True, public.lang("Update Succeeded!"))
return public.return_msg_gettext(False, public.lang("Failed to connect server!"))
except:
return public.return_msg_gettext(False, public.lang("Failed to connect server!"))
def set_site_etime_multiple(self, get):
'''
@name 批量网站到期时间
@author zhwen<2020-11-17>
@param sites_id "1,2"
@param edate 2020-11-18
'''
sites_id = get.sites_id.split(',')
set_edate_successfully = []
set_edate_failed = {}
for site_id in sites_id:
get.id = site_id
site_name = public.M('sites').where("id=?", (site_id,)).getField('name')
if not site_name:
continue
try:
self.SetEdate(get)
set_edate_successfully.append(site_name)
except:
set_edate_failed[site_name] = 'There was an error setting, please try again.'
pass
return {'status': True, 'msg': public.get_msg_gettext('Set the website [{}] expiration time successfully', (','.join(set_edate_successfully),)),
'error': set_edate_failed,
'success': set_edate_successfully}
# 设置到期时间
def SetEdate(self, get):
result = public.M('sites').where('id=?', (get.id,)).setField('edate', get.edate)
siteName = public.M('sites').where('id=?', (get.id,)).getField('name')
public.write_log_gettext('Site manager', 'Set expired date to [{}] for site[{}]!', (get.edate,siteName))
return public.return_msg_gettext(True, public.lang("Successfully set, the site will stop automatically when expires!"))
# 获取防盗链状态
def GetSecurity(self, get):
file = '/www/server/panel/vhost/nginx/' + get.name + '.conf'
conf = public.readFile(file)
if type(conf) == bool: return public.return_msg_gettext(False, public.lang("Configuration file not exist"))
if not isinstance(conf, str) or not conf.strip():
return public.return_msg_gettext(False, public.lang("Configuration file not exist"))
data = {}
if conf.find('SECURITY-START') != -1:
rep = "#SECURITY-START(\n|.)+#SECURITY-END"
tmp = re.search(rep, conf).group()
data['fix'] = re.search(r"\(.+\)\$", tmp).group().replace('(', '').replace(')$', '').replace('|', ',')
try:
data['domains'] = ','.join(
list(set(re.search("valid_referers\\s+none\\s+blocked\\s+(.+);\n", tmp).groups()[0].split())))
except:
data['domains'] = ','.join(list(set(re.search("valid_referers\\s+(.+);\n", tmp).groups()[0].split())))
data['status'] = True
data['none'] = tmp.find('none blocked') != -1
try:
data['return_rule'] = re.findall(r'(return|rewrite)\s+.*(\d{3}|(/.+)\s+(break|last));', conf)[0][
1].replace('break', '').strip()
except:
data['return_rule'] = '404'
else:
data['fix'] = 'jpg,jpeg,gif,png,js,css'
domains = public.M('domain').where('pid=?', (get.id,)).field('name').select()
tmp = []
for domain in domains:
tmp.append(domain['name'])
data['return_rule'] = '404'
data['domains'] = ','.join(tmp)
data['status'] = False
data['none'] = False
return data
# 设置防盗链
def SetSecurity(self, get):
if len(get.fix) < 2: return public.return_msg_gettext(False, public.lang("URL suffix cannot be empty!"))
if len(get.domains) < 3: return public.return_msg_gettext(False, public.lang("Anti-theft chain domain name cannot be empty!"))
file = '/www/server/panel/vhost/nginx/' + get.name + '.conf'
if os.path.exists(file):
conf = public.readFile(file)
if get.status == '1':
if conf.find('SECURITY-START') == -1: return public.return_msg_gettext(False, public.lang("Please turn on the hotlink first!"))
r_key = 'valid_referers none blocked'
d_key = 'valid_referers'
if conf.find(r_key) == -1:
conf = conf.replace(d_key, r_key)
else:
conf = conf.replace(r_key, d_key)
else:
if conf.find('SECURITY-START') != -1:
# 先替换域名部分,防止域名过多导致替换失败
rep = r"\s+valid_referers.+"
conf = re.sub(rep,'',conf)
# 再替换配置部分
rep = "\\s+#SECURITY-START(\n|.){1,500}#SECURITY-END\n?"
conf = re.sub(rep,'\n',conf)
public.write_log_gettext('Site manager', "Hotlink Protection for site [{}] disabled!", (get.name,))
else:
return_rule = 'return 404'
if 'return_rule' in get:
get.return_rule = get.return_rule.strip()
if get.return_rule in ['404', '403', '200', '301', '302', '401', '201']:
return_rule = 'return {}'.format(get.return_rule)
else:
if get.return_rule[0] != '/':
return public.return_msg_gettext(False, public.lang("Response resources should use URI path or HTTP status code, such as: /test.png or 404"))
return_rule = 'rewrite /.* {} break'.format(get.return_rule)
rconf = r'''%s
location ~ .*\.(%s)$
{
expires 30d;
access_log /dev/null;
valid_referers %s;
if ($invalid_referer){
%s;
}
}
#SECURITY-END
include enable-php-''' % (("#SECURITY-START Hotlink protection configuration"), get.fix.strip().replace(',', '|'),
get.domains.strip().replace(',', ' '), return_rule)
conf = re.sub(r"include\s+enable-php-", rconf, conf)
public.write_log_gettext('Site manager', "Hotlink Protection for site [{}] enabled!", (get.name,))
public.writeFile(file, conf)
file = '/www/server/panel/vhost/apache/' + get.name + '.conf'
if os.path.exists(file):
conf = public.readFile(file)
if get.status == '1':
r_key = '#SECURITY-START.*\n RewriteEngine on\n RewriteCond %{HTTP_REFERER} !^$ [NC]\n'
d_key = '#SECURITY-START.*\n RewriteEngine on\n'
if conf.find(r_key) == -1:
conf = conf.replace(d_key, r_key)
else:
if conf.find('SECURITY-START') == -1: return public.return_msg_gettext(False, public.lang("Please turn on anti-theft first!"))
conf = conf.replace(r_key, d_key)
else:
if conf.find('SECURITY-START') != -1:
rep = "#SECURITY-START(\n|.){1,500}#SECURITY-END\n"
conf = re.sub(rep, '', conf)
else:
return_rule = '/404.html [R=404,NC,L]'
if 'return_rule' in get:
get.return_rule = get.return_rule.strip()
if get.return_rule in ['404', '403', '200', '301', '302', '401', '201']:
return_rule = '/{s}.html [R={s},NC,L]'.format(s=get.return_rule)
else:
if get.return_rule[0] != '/':
return public.return_msg_gettext(False, public.lang("Response resources should use URI path or HTTP status code, such as: /test.png or 404"))
return_rule = '{}'.format(get.return_rule)
tmp = " RewriteCond %{HTTP_REFERER} !{DOMAIN} [NC]"
tmps = []
for d in get.domains.split(','):
tmps.append(tmp.replace('{DOMAIN}', d))
domains = "\n".join(tmps)
rconf = "combined\n " + public.get_msg_gettext(
'#SECURITY-START Hotlink protection configuration') + "\n RewriteEngine on\n" + domains + "\n RewriteRule .(" + get.fix.strip().replace(
',', '|') + ") " + return_rule + "\n #SECURITY-END"
conf = conf.replace('combined', rconf)
public.writeFile(file, conf)
# OLS
cond_dir = '/www/server/panel/vhost/openlitespeed/prevent_hotlink/'
if not os.path.exists(cond_dir):
os.makedirs(cond_dir)
file = cond_dir + get.name + '.conf'
if get.status == '1':
conf = r"""
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !YP_SSL_DOMAIN_NAME [NC]
RewriteRule \.(YP_FILE_EXT)$ /404.html [R,NC]
"""
conf = conf.replace('YP_SSL_DOMAIN_NAME', get.domains.replace(',', ' ')).replace('YP_FILE_EXT',
get.fix.replace(',', '|'))
else:
conf = r"""
RewriteCond %{HTTP_REFERER} !YP_SSL_DOMAIN_NAME [NC]
RewriteRule \.(YP_FILE_EXT)$ /404.html [R,NC]
"""
conf = conf.replace('YP_SSL_DOMAIN_NAME', get.domains.replace(',', ' ')).replace('YP_FILE_EXT',
get.fix.replace(',', '|'))
public.writeFile(file, conf)
if get.status == "false":
public.ExecShell('rm -f {}'.format(file))
public.serviceReload()
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# xss 防御
def xsssec(self,text):
replace_list = {
"<":"",
">":"",
"'":"",
'"':"",
}
for k,v in replace_list.items():
text = text.replace(k,v)
return public.xssencode2(text)
# 取网站日志
def GetSiteLogs(self, get):
serverType = public.get_webserver()
if serverType == "nginx":
logPath = '/www/wwwlogs/' + get.siteName + '.log'
elif serverType == 'apache':
logPath = '/www/wwwlogs/' + get.siteName + '-access_log'
else:
logPath = '/www/wwwlogs/' + get.siteName + '_ols.access_log'
if not os.path.exists(logPath): return public.return_msg_gettext(False, public.lang("Log is empty"))
return public.return_msg_gettext(True, self.xsssec(public.GetNumLines(logPath, 1000)))
# 取网站日志
def get_site_err_log(self, get):
serverType = public.get_webserver()
if serverType == "nginx":
logPath = '/www/wwwlogs/' + get.siteName + '.error.log'
elif serverType == 'apache':
logPath = '/www/wwwlogs/' + get.siteName + '-error_log'
else:
logPath = '/www/wwwlogs/' + get.siteName + '_ols.error_log'
if not os.path.exists(logPath): return public.return_msg_gettext(False, public.lang("Log is empty"))
return public.return_msg_gettext(True, self.xsssec(public.GetNumLines(logPath, 1000)))
# 取网站分类
def get_site_types(self, get):
data = public.M("site_types").field("id,name").order("id asc").select()
if not isinstance(data, list):
data = []
data.insert(0, {"id": 0, "name": public.lang("Default category")})
for i in data:
i['name']=public.xss_version(i['name'])
return data
# 添加网站分类
def add_site_type(self, get):
get.name = get.name.strip()
if not get.name: return public.return_msg_gettext(False, public.lang("Category name cannot be empty"))
if len(get.name) > 16: return public.return_msg_gettext(False, public.lang("Category name cannot exceed 16 letters"))
type_sql = public.M('site_types')
if type_sql.count() >= 10: return public.return_msg_gettext(False, public.lang("Add up to 10 categories!"))
if type_sql.where('name=?', (get.name,)).count() > 0: return public.return_msg_gettext(False, public.lang("Specified category name already exists!"))
type_sql.add("name",(public.xssencode2(get.name),))
return public.return_msg_gettext(True, public.lang("Setup successfully!"))
# 删除网站分类
def remove_site_type(self, get):
type_sql = public.M('site_types')
if type_sql.where('id=?', (get.id,)).count() == 0: return public.return_msg_gettext(False, public.lang("Specified category does NOT exist!"))
type_sql.where('id=?', (get.id,)).delete()
public.M("sites").where("type_id=?", (get.id,)).save("type_id", (0,))
return public.return_msg_gettext(True, public.lang("Category deleted!"))
# 修改网站分类名称
def modify_site_type_name(self, get):
get.name = get.name.strip()
if not get.name: return public.return_msg_gettext(False, public.lang("Category name cannot be empty"))
if len(get.name) > 16: return public.return_msg_gettext(False, public.lang("Category name cannot exceed 16 letters"))
type_sql = public.M('site_types')
if type_sql.where('id=?', (get.id,)).count() == 0: return public.return_msg_gettext(False, public.lang("Specified category does NOT exist!"))
type_sql.where('id=?', (get.id,)).setField('name', get.name)
return public.return_msg_gettext(True, public.lang("Successfully modified"))
# 设置指定站点的分类
def set_site_type(self, get):
site_ids = json.loads(get.site_ids)
site_sql = public.M("sites")
for s_id in site_ids:
site_sql.where("id=?", (s_id,)).setField("type_id", get.id)
return public.returnMsg(True, public.lang("Setup successfully!"))
# 设置目录保护
def set_dir_auth(self, get):
sd = site_dir_auth.SiteDirAuth()
return sd.set_dir_auth(get)
def delete_dir_auth_multiple(self, get):
'''
@name 批量目录保护
@author zhwen<2020-11-17>
@param site_id 1
@param names test,baohu
'''
names = get.names.split(',')
del_successfully = []
del_failed = {}
for name in names:
get.name = name
get.id = get.site_id
try:
get.multiple = 1
result = self.delete_dir_auth(get)
if not result['status']:
del_failed[name] = result['msg']
continue
del_successfully.append(name)
except:
del_failed[name] = public.lang("There was an error deleting, please try again.")
public.serviceReload()
return {'status': True, 'msg': public.get_msg_gettext('Delete [ {} ] dir auth successfully', (','.join(del_successfully),)),
'error': del_failed,
'success': del_successfully}
# 删除目录保护
def delete_dir_auth(self, get):
sd = site_dir_auth.SiteDirAuth()
return sd.delete_dir_auth(get)
# 获取目录保护列表
def get_dir_auth(self, get):
sd = site_dir_auth.SiteDirAuth()
return sd.get_dir_auth(get)
# 修改目录保护密码
def modify_dir_auth_pass(self, get):
sd = site_dir_auth.SiteDirAuth()
return sd.modify_dir_auth_pass(get)
def _check_path_total(self,path, limit):
"""
根据路径获取文件/目录大小
@path 文件或者目录路径
return int
"""
if not os.path.exists(path): return 0;
if not os.path.isdir(path): return os.path.getsize(path)
size_total = 0
for nf in os.walk(path):
for f in nf[2]:
filename = nf[0] + '/' + f
if not os.path.exists(filename): continue;
if os.path.islink(filename): continue;
size_total += os.path.getsize(filename)
if size_total >= limit: return limit
return size_total
def get_average_num(self,slist):
"""
@获取平均值
"""
count = len(slist)
limit_size = 1 * 1024 * 1024
if count <= 0: return limit_size
print(slist)
if len(slist) > 1:
slist = sorted(slist)
limit_size =int((slist[0] + slist[-1])/2 * 0.85)
return limit_size
def check_del_data(self,get):
"""
@删除前置检测
@ids = [1,2,3]
"""
ids = json.loads(get['ids'])
slist = {}
result = []
import database
db_data = database.database().get_database_size(ids,True)
limit_size = 50 * 1024 * 1024
f_list_size = [];db_list_size = []
for id in ids:
data = public.M('sites').where("id=?",(id,)).field('id,name,path,addtime').find();
if not data: continue
addtime = public.to_date(times = data['addtime'])
data['st_time'] = addtime
data['limit'] = False
data['backup_count'] = public.M('backup').where("pid=? AND type=?",(data['id'],'0')).count()
f_size = self._check_path_total(data['path'],limit_size)
data['total'] = f_size;
data['score'] = 0
#目录太小不计分
if f_size > 0:
f_list_size.append(f_size)
# 10k 目录不参与排序
if f_size > 10 * 1024: data['score'] = int(time.time() - addtime) + f_size
if data['total'] >= limit_size: data['limit'] = True
data['database'] = False
find = public.M('databases').field('id,pid,name,ps,addtime').where('pid=?',(data['id'],)).find()
if find:
db_addtime = public.to_date(times = find['addtime'])
data['database'] = db_data[find['name']]
data['database']['st_time'] = db_addtime
db_score = 0
db_size = data['database']['total']
if db_size > 0:
db_list_size.append(db_size)
if db_size > 50 * 1024: db_score += int(time.time() - db_addtime) + db_size
data['score'] += db_score
result.append(data)
slist['data'] = sorted(result,key= lambda x:x['score'],reverse=True)
slist['file_size'] = self.get_average_num(f_list_size)
slist['db_size'] = self.get_average_num(db_list_size)
return slist
def get_https_mode(self, get=None):
'''
@name 获取https模式
@author hwliang<2022-01-14>
@return bool False.宽松模式 True.严格模式
'''
web_server = public.get_webserver()
if web_server not in ['nginx', 'apache']:
return False
if web_server == 'nginx':
default_conf_file = "{}/nginx/0.default.conf".format(public.get_vhost_path())
else:
default_conf_file = "{}/apache/0.default.conf".format(public.get_vhost_path())
if not os.path.exists(default_conf_file): return False
default_conf = public.readFile(default_conf_file)
if not default_conf: return False
if default_conf.find('DEFAULT SSL CONFI') != -1: return True
return False
def write_ngx_default_conf_by_ssl(self):
'''
@name 写nginx默认配置文件含SSL配置
@author hwliang<2022-01-14>
@return bool
'''
default_conf_body = '''server
{
listen 80;
listen 443 ssl;
server_name _;
index index.html;
root /www/server/nginx/html;
# DEFAULT SSL CONFIG
ssl_certificate /www/server/panel/vhost/cert/0.default/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/0.default/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
}'''
ngx_default_conf_file = "{}/nginx/0.default.conf".format(public.get_vhost_path())
self.create_default_cert()
return public.writeFile(ngx_default_conf_file, default_conf_body)
def write_ngx_default_conf(self):
'''
@name 写nginx默认配置文件
@author hwliang<2022-01-14>
@return bool
'''
default_conf_body = '''server
{
listen 80;
server_name _;
index index.html;
root /www/server/nginx/html;
}'''
ngx_default_conf_file = "{}/nginx/0.default.conf".format(public.get_vhost_path())
return public.writeFile(ngx_default_conf_file, default_conf_body)
def write_apa_default_conf_by_ssl(self):
'''
@name 写nginx默认配置文件含SSL配置
@author hwliang<2022-01-14>
@return bool
'''
port_80 = '80'
port_443 = '443'
if public.get_multi_webservice_status():
port_443 = '8290'
port_80 = '8288'
default_conf_body = f'''<VirtualHost *:{port_80}>
ServerAdmin webmaster@example.com
DocumentRoot "/www/server/apache/htdocs"
ServerName bt.default.com
<Directory "/www/server/apache/htdocs">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html
</Directory>
</VirtualHost>
<VirtualHost *:{port_443}>
ServerAdmin webmaster@example.com
DocumentRoot "/www/server/apache/htdocs"
ServerName ssl.default.com
# DEFAULT SSL CONFIG
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/0.default/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/0.default/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
<Directory "/www/server/apache/htdocs">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html
</Directory>
</VirtualHost>'''
apa_default_conf_file = "{}/apache/0.default.conf".format(public.get_vhost_path())
self.create_default_cert()
return public.writeFile(apa_default_conf_file, default_conf_body)
def write_apa_default_conf(self):
'''
@name 写apache默认配置文件
@author hwliang<2022-01-14>
@return bool
'''
port = '80'
if public.get_multi_webservice_status():
port = '8290'
default_conf_body = f'''<VirtualHost *:{port}>
ServerAdmin webmaster@example.com
DocumentRoot "/www/server/apache/htdocs"
ServerName bt.default.com
<Directory "/www/server/apache/htdocs">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html
</Directory>
</VirtualHost>'''
apa_default_conf_file = "{}/apache/0.default.conf".format(public.get_vhost_path())
return public.writeFile(apa_default_conf_file, default_conf_body)
def set_https_mode(self, get=None):
'''
@name 设置https模式
@author hwliang<2022-01-14>
@return dict
'''
web_server = public.get_webserver()
if web_server not in ['nginx', 'apache']:
return public.return_msg_gettext(False, public.lang("This function only supports Nginx/Apache"))
ngx_default_conf_file = "{}/nginx/0.default.conf".format(public.get_vhost_path())
apa_default_conf_file = "{}/apache/0.default.conf".format(public.get_vhost_path())
ngx_default_conf = public.readFile(ngx_default_conf_file)
apa_default_conf = public.readFile(apa_default_conf_file)
status = False
if ngx_default_conf:
if ngx_default_conf.find('DEFAULT SSL CONFIG') != -1:
status = False
self.write_ngx_default_conf()
self.write_apa_default_conf()
else:
status = True
self.write_ngx_default_conf_by_ssl()
self.write_apa_default_conf_by_ssl()
else:
status = True
self.write_ngx_default_conf_by_ssl()
self.write_apa_default_conf_by_ssl()
public.serviceReload()
status_msg = {True: 'Open', False: 'Close'}
msg = public.gettext_msg('Has {} HTTPS strict mode',(status_msg[status],))
public.write_log_gettext('WebSite manager', msg)
return public.return_msg_gettext(True, msg)
def create_default_cert(self):
'''
@name 创建默认SSL证书
@author hwliang<2022-01-14>
@return bool
'''
cert_pem = '/www/server/panel/vhost/cert/0.default/fullchain.pem'
cert_key = '/www/server/panel/vhost/cert/0.default/privkey.pem'
if os.path.exists(cert_pem) and os.path.exists(cert_key): return True
cert_path = os.path.dirname(cert_pem)
if not os.path.exists(cert_path): os.makedirs(cert_path)
import OpenSSL
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
cert = OpenSSL.crypto.X509()
cert.set_serial_number(0)
# cert.get_subject().CN = ''
cert.set_issuer(cert.get_subject())
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(86400 * 3650)
cert.set_pubkey(key)
cert.sign(key, 'md5')
cert_ca = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
private_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key)
if len(cert_ca) > 100 and len(private_key) > 100:
public.writeFile(cert_pem, cert_ca, 'wb+')
public.writeFile(cert_key, private_key, 'wb+')
return True
return False
def get_upload_ssl_list(self, get):
"""
@获取上传证书列表
@siteName string 网站名称
"""
siteName = get['siteName']
path = '{}/vhost/upload_ssl/{}'.format(public.get_panel_path(), siteName)
if not os.path.exists(path): os.makedirs(path)
res = []
for filename in os.listdir(path):
try:
filename = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(int(filename)))
res.append(filename)
except:
pass
return res
# 获取指定证书基本信息
def get_cert_init(self, cert_data, ssl_info=None):
"""
@获取指定证书基本信息
@cert_data string 证书数据
@ssl_info dict 证书信息
"""
try:
result = {}
if ssl_info and ssl_info['ssl_type'] == 'pfx':
x509 = self.__check_pfx_pwd(cert_data, ssl_info['pwd'])[0]
else:
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_data)
# 取产品名称
issuer = x509.get_issuer()
result['issuer'] = ''
if hasattr(issuer, 'CN'):
result['issuer'] = issuer.CN
if not result['issuer']:
is_key = [b'0', '0']
issue_comp = issuer.get_components()
if len(issue_comp) == 1:
is_key = [b'CN', 'CN']
for iss in issue_comp:
if iss[0] in is_key:
result['issuer'] = iss[1].decode()
break
# 取到期时间
result['notAfter'] = self.strf_date(
bytes.decode(x509.get_notAfter())[:-1])
# 取申请时间
result['notBefore'] = self.strf_date(
bytes.decode(x509.get_notBefore())[:-1])
# 取可选名称
result['dns'] = []
for i in range(x509.get_extension_count()):
s_name = x509.get_extension(i)
if s_name.get_short_name() in [b'subjectAltName', 'subjectAltName']:
s_dns = str(s_name).split(',')
for d in s_dns:
result['dns'].append(d.split(':')[1])
subject = x509.get_subject().get_components()
# 取主要认证名称
if len(subject) == 1:
result['subject'] = subject[0][1].decode()
else:
if len(result['dns']) > 0:
result['subject'] = result['dns'][0]
else:
result['subject'] = '';
return result
except:
return False
def strf_date(self, sdate):
"""
@转换证书时间
"""
return time.strftime('%Y-%m-%d', time.strptime(sdate, '%Y%m%d%H%M%S'))
def check_ssl_endtime(self, data, ssl_info=None):
"""
@检查证书是否有效(证书最高有效期不超过1年)
@data string 证书数据
@ssl_info dict 证书信息
"""
info = self.get_cert_init(data, ssl_info)
if info:
end_time = time.mktime(time.strptime(info['notAfter'], "%Y-%m-%d"))
start_time = time.mktime(time.strptime(info['notBefore'], "%Y-%m-%d"))
days = int((end_time - start_time) / 86400)
if days < 400: # 1年有效期+1个月续签时间
return data
return False
# 证书转为pkcs12
def dump_pkcs12(self, key_pem=None, cert_pem=None, ca_pem=None, friendly_name=None):
"""
@证书转为pkcs12
@key_pem string 私钥数据
@cert_pem string 证书数据
@ca_pem string 可选的CA证书数据
@friendly_name string 可选的证书名称
"""
p12 = OpenSSL.crypto.PKCS12()
if cert_pem:
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem.encode())
p12.set_certificate(x509)
if key_pem:
p12.set_privatekey(OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM, key_pem.encode()))
if ca_pem:
p12.set_ca_certificates((OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, ca_pem.encode()),))
if friendly_name:
p12.set_friendlyname(friendly_name.encode())
return p12
def download_cert(self, get):
"""
@下载证书
@get dict 请求参数
siteName string 网站名称
ssl_type string 证书类型
key string 密钥
pem string 证书数据
pwd string 证书密码
"""
pem = get['pem']
siteName = get['siteName']
ssl_type = get['ssl_type']
rpath = '{}/temp/ssl/'.format(public.get_panel_path())
if os.path.exists(rpath): shutil.rmtree(rpath)
ca_list = []
path = '{}/{}_{}'.format(rpath, siteName, int(time.time()))
if ssl_type == 'pfx':
res = self.__check_pfx_pwd(base64.b64decode(pem), get['pwd'])
p12 = res[1];
x509 = res[0];
get['pwd'] = res[2]
print(get['pwd'])
ca_list = []
for x in p12.get_ca_certificates():
ca_list.insert(0, OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x).decode().strip())
ca_cert = '\n'.join(ca_list)
key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()).decode().strip()
domain_cert = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, x509).decode().strip()
else:
key = get['key']
domain_cert = pem.split('-----END CERTIFICATE-----')[0] + "-----END CERTIFICATE-----\n"
ca_cert = pem.replace(domain_cert, '')
p12 = self.dump_pkcs12(key, '{}\n{}'.format(domain_cert.strip(), ca_cert), ca_cert)
for x in ['IIS', 'Apache', 'Nginx', 'Other']:
d_file = '{}/{}'.format(path, x)
if not os.path.exists(d_file): os.makedirs(d_file)
if x == 'IIS':
public.writeFile2(d_file + '/fullchain.pfx', p12.export(), 'wb+')
public.writeFile(d_file + '/password.txt', get['pwd'])
elif x == 'Apache':
public.writeFile(d_file + '/privkey.key', key)
public.writeFile(d_file + '/root_bundle.crt', ca_cert)
public.writeFile(d_file + '/domain.crt', domain_cert)
else:
public.writeFile(d_file + '/privkey.key', key)
public.writeFile(d_file + '/fullchain.pem', '{}\n{}'.format(domain_cert.strip(), ca_cert))
flist = []
public.get_file_list(path, flist)
zfile = '{}/{}.zip'.format(rpath, os.path.basename(path))
import zipfile
f = zipfile.ZipFile(zfile, 'w', zipfile.ZIP_DEFLATED)
for item in flist:
s_path = item.replace(path, '')
if s_path: f.write(item, s_path)
f.close()
return public.returnMsg(True, zfile);
def check_ssl_info(self, get):
"""
@解析证书信息
@get dict 请求参数
path string 上传文件路径
"""
path = get['path']
if not os.path.exists(path):
return public.returnMsg(False, public.lang("Query failed , does not exist address"))
info = {'root': '', 'cert': '', 'pem': '', 'key': ''}
ssl_info = {'pwd': None, 'ssl_type': None}
for filename in os.listdir(path):
filepath = '{}/{}'.format(path, filename)
ext = filename[-4:]
if ext == '.pfx':
ssl_info['ssl_type'] = 'pfx'
f = open(filepath, 'rb') # pfx为二进制文件
info['pem'] = f.read()
else:
data = public.readFile(filepath)
if filename.find('password') >= 0: # 取pfx密码
ssl_info['pwd'] = re.search('([a-zA-Z0-9]+)', data).groups()[0]
continue
if len(data) < 1024:
continue
if data.find('PRIVATE KEY') >= 0:
info['key'] = data # 取key
if ext == '.pem':
if self.check_ssl_endtime(data):
info['pem'] = data
else:
if data.find('BEGIN CERTIFICATE') >= 0:
if not info['root']:
info['root'] = data
else:
info['cert'] = data
if ssl_info['ssl_type'] == 'pfx':
info['pem'] = self.check_ssl_endtime(info['pem'], ssl_info)
if info['pem']:
info['pem'] = base64.b64encode(info['pem'])
info['key'] = True
else:
if not info['pem']:
# 确认ca证书和域名证书顺序
info['pem'] = self.check_ssl_endtime(info['root'] + "\n" + info['cert'], ssl_info)
if not info['pem']:
info['pem'] = self.check_ssl_endtime(info['cert'] + "\n" + info['root'], ssl_info)
if info['key'] and info['pem']:
return {'key': info['key'], 'pem': info['pem'], 'ssl_type': ssl_info['ssl_type'], 'pwd': ssl_info['pwd']}
return False
def __check_pfx_pwd(self, data, pwd):
"""
@检测pfx证书密码
@data string pfx证书内容
@pwd string 密码
"""
try:
p12 = OpenSSL.crypto.load_pkcs12(data, pwd)
x509 = p12.get_certificate()
except:
pwd = re.search('([a-zA-Z0-9]+)', pwd).groups()[0]
p12 = OpenSSL.crypto.load_pkcs12(data, pwd)
x509 = p12.get_certificate()
return [x509, p12, pwd]
def auto_restart_rph(self,get):
#设置申请或续签SSL时自动停止反向代理、重定向、http to https申请完成后自动开启
conf_file = '{}/data/stop_rp_when_renew_ssl.pl'.format(public.get_panel_path())
conf = public.readFile(conf_file)
if not conf:
public.writeFile(conf_file,json.dumps([get.sitename]))
try:
conf = json.loads(conf)
if get.sitename not in conf:
conf.append(get.sitename)
public.writeFile(conf_file,json.dumps(conf))
except:
return public.returnMsg(True, public.lang("Error parsing configuration file"))
return public.returnMsg(True, public.lang("Setup successfully"))
def remove_auto_restart_rph(self,get):
#设置申请或续签SSL时自动停止反向代理、重定向、http to https申请完成后自动开启
conf_file = '{}/data/stop_rp_when_renew_ssl.pl'.format(public.get_panel_path())
conf = public.readFile(conf_file)
if not conf:
return public.returnMsg(False, public.lang("Website [proxy,redirect,http to https] are not set to restart automatically"))
try:
conf = json.loads(conf)
conf.remove(get.sitename)
public.writeFile(conf_file,json.dumps(conf))
except:
return public.returnMsg(False, public.lang("Configuration file parsing error"))
return public.returnMsg(True, public.lang("Setup successfully"))
def get_auto_restart_rph(self,get):
#设置申请或续签SSL时自动停止反向代理、重定向、http to https申请完成后自动开启
conf_file = '{}/data/stop_rp_when_renew_ssl.pl'.format(public.get_panel_path())
conf = public.readFile(conf_file)
if not conf:
return public.returnMsg(False, public.lang("Website [proxy,redirect,http to https] are not set to restart automatically"))
try:
conf = json.loads(conf)
if get.sitename in conf:
return public.returnMsg(True, public.lang("This website has turn on [proxy,redirect,http to https] auto restart"))
return public.returnMsg(False, public.lang("Website has turn off auto restart"))
except:
return public.returnMsg(False, public.lang("Configuration file parsing error"))
def reset_wp_password(self,get):
return one_key_wp.one_key_wp().reset_wp_password(get)
def is_update (self,get):
return one_key_wp.one_key_wp().is_update(get)
def purge_all_cache(self,get):
return one_key_wp.one_key_wp().purge_all_cache(get)
def set_fastcgi_cache(self,get):
return one_key_wp.one_key_wp().set_fastcgi_cache(get)
def update_wp(self,get):
return one_key_wp.one_key_wp().update_wp(get)
def get_language(self,get):
return one_key_wp.one_key_wp().get_language(get)
def deploy_wp(self,get):
return one_key_wp.one_key_wp().deploy_wp(get)
def get_wp_username(self,get):
return one_key_wp.one_key_wp().get_wp_username(get)
def reset_wp_db(self,get):
return one_key_wp.one_key_wp().reset_wp_db(get)
@staticmethod
def test_domains_api(get):
try:
domains = json.loads(get.domains.strip())
except (json.JSONDecodeError, AttributeError, KeyError):
return public.returnMsg(False, public.lang("parameter error"))
try:
from panelDnsapi import DnsMager
public.print_log("开始测试域名解析---- {}")
# public.print_log("开始测试域名解析---- {}".format(domains[0]))
return DnsMager().test_domains_api(domains)
except:
pass
@staticmethod
def get_ssl_protocol(get):
""" 获取全局TLS版本
@author baozi <202-04-18>
@param:
@return
"""
protocols = {
"TLSv1": False,
"TLSv1.1": True,
"TLSv1.2": True,
"TLSv1.3": False,
}
file_path = public.get_panel_path() + "/data/ssl_protocol.json"
if os.path.exists(file_path):
data = public.readFile(file_path)
if data is not False:
protocols = json.loads(data)
return protocols
return protocols
def site_rname(self, get):
try:
if not (hasattr(get, "id") and hasattr(get, "rname")):
return public.returnMsg(False, public.lang("parameter error"))
id = get.id
rname = get.rname
data = public.M('sites').where("id=?", (id,)).select()
if not data:
return public.returnMsg(False, public.lang("The site does not exist!"))
data = data[0]
name = data['rname'] if 'rname' in data.keys() and data.get('rname', '') else data['name']
if 'rname' not in data.keys():
public.M('sites').execute("ALTER TABLE 'sites' ADD 'rname' text DEFAULT ''", ())
public.M('sites').where('id=?', data['id']).update({'rname': rname})
# public.write_log_gettext('Site manager', 'Website [{}] renamed: [{}]'.format(name, rname))
return public.returnMsg(True, public.lang("Website [{}] renamed: [{}]", name, rname))
except:
import traceback
return public.returnMsg(False, traceback.format_exc())
Reference in New Issue View Git Blame Copy Permalink