Sindbad~EG File Manager
| Current Path : /opt/nginxhttpd/ |
|
|
| Current File : //opt/nginxhttpd/generator.php |
#!/usr/local/bin/php
<?php
/**
* @version 1.8.7
* @package Engintron for cPanel/WHM
* @author Fotis Evangelou
* @url https://engintron.com
* @copyright Copyright (c) 2010 - 2017 Nuevvo Webware P.C. All rights reserved.
* @license GNU/GPL license: https://www.gnu.org/copyleft/gpl.html
*/
define('HTTPD_CONF', '/etc/apache2/conf/httpd.conf');
define('HTTPD_CONF_LAST_CHANGED', 57); /* In seconds */
define('HTTPD_HTTPS_PORT', '4430');
define('NGINX_HTTPS_PORT', '443');
define('NGINX_DEFAULT_HTTPS_VHOST', '/etc/nginx/sites-enabled/ssl.conf');
function generate_https_vhosts()
{
$hostnamePemFile = '';
if (file_exists('/var/cpanel/ssl/cpanel/cpanel.pem') && is_readable('/var/cpanel/ssl/cpanel/cpanel.pem')) {
$hostnamePemFile = '/var/cpanel/ssl/cpanel/cpanel.pem';
}
if (file_exists('/var/cpanel/ssl/cpanel/mycpanel.pem') && is_readable('/var/cpanel/ssl/cpanel/mycpanel.pem')) {
$hostnamePemFile = '/var/cpanel/ssl/cpanel/mycpanel.pem';
}
// Initialize the output for default_https.conf
$output = '
# Default definition block for HTTPS (Generated on '.date('Y.m.d H:i:s').') #
server {
#listen '.$my_current_ip.':'.NGINX_HTTPS_PORT.' ssl http2 default_server;
listen '.NGINX_HTTPS_PORT.' ssl http2 default_server;
#listen [::]:443 ipv6only=on ssl http2 default_server;
server_name localhost;
ssl_certificate '.$hostnamePemFile.';
ssl_certificate_key '.$hostnamePemFile.';
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers \'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA\';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 5m;
location / {
resolver 109.234.162.49 109.234.161.49 valid=1200s;
proxy_pass https://127.0.0.1:4430;
proxy_http_version 1.1;
proxy_set_header Connection "";
include proxy.inc;
include microcache.inc;
include security-ssl.inc;
}
location ~ (piwik|cprotect|wp-login|xmlrpc|wp-comments-post).php {
limit_req zone=login burst=10 nodelay;
set $block_user_agents 0;
if ($http_user_agent = "") { set $block_user_agents 1; }
if ($http_user_agent = "-") { set $block_user_agents 1; }
if ($block_user_agents = 1) {
return 444;
break;
}
resolver 109.234.162.49 109.234.161.49 valid=3600s;
proxy_pass https://127.0.0.1:4430;
include proxy.inc;
include microcache.inc;
}
location ~ /\.ht {
deny all;
}
}
';
// Process Apache vhosts
if (file_exists(HTTPD_CONF) && is_readable(HTTPD_CONF)) {
$file = file_get_contents(HTTPD_CONF);
$regex = "#\<VirtualHost ([0-9a-f\.\:\[\]\s]+)\:".HTTPD_HTTPS_PORT."\>(.+?)\<\/VirtualHost\>#s";
preg_match_all($regex, $file, $matches, PREG_PATTERN_ORDER);
$ips=$matches[1];
if (count($matches[2])) {
foreach ($matches[2] as $k => $vhost) {
if ($hostnamePemFile && strpos($vhost, $hostnamePemFile)!== false) {
continue;
} // Skip the main hostname entry
$ip = explode(':', $ips[$k]);
$ip = $ip[0];
preg_match("#ServerName (.+?)\n#s", $vhost, $name);
preg_match_all("#ServerAlias (.+?)\n#s", $vhost, $aliases);
preg_match("#SSLCertificateFile (.+?)(\n|\r)#s", $vhost, $certfile);
preg_match("#SSLCertificateKeyFile (.+?)(\n|\r)#s", $vhost, $certkeyfile);
preg_match("#SSLCACertificateFile (.+?)(\n|\r)#s", $vhost, $certcafile);
if ($aliases[1]) {
$vhostAliases = implode(' ', $aliases[1]);
} else {
$vhostAliases = '';
}
$vhostDomains = trim($name[1].' '.$vhostAliases);
$vhostCertFile = $certfile[1];
$vhostCertKeyFile = $certkeyfile[1];
if (strpos($vhostCertFile, '/combined') !== false) {
$fullChainCertName = $vhostCertFile;
$vhostCertKeyFile = $vhostCertFile;
} else {
$fullChainCertName = str_replace('/var/cpanel/ssl/installed/certs/', '/etc/ssl/engintron/', $vhostCertFile);
if ($certcafile[1]) {
$vhostCertCAFile = $certcafile[1];
$vhostFullChainCert = file_get_contents($vhostCertFile)."\n".file_get_contents($vhostCertCAFile);
$ocspStapling = '
# OCSP Stapling
#ssl_trusted_certificate '.$fullChainCertName.';
#ssl_stapling on;
#ssl_stapling_verify on;
';
} else {
$vhostFullChainCert = file_get_contents($vhostCertFile);
$ocspStapling = '';
}
file_put_contents($fullChainCertName, $vhostFullChainCert);
}
$output .= '
server {
error_log /dev/null warn;
listen '.$ip.':'.NGINX_HTTPS_PORT.' ssl http2;
ssl_certificate '.$fullChainCertName.';
ssl_certificate_key '.$vhostCertKeyFile.';
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers \'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA\';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 5m;
#OCSP stapling
'.$ocspStapling.'
# ServerNames
server_name '.$vhostDomains.';
location / {
resolver 109.234.162.49 109.234.161.49 valid=1200s;
proxy_pass https://$host:4430;
proxy_http_version 1.1;
proxy_set_header Connection "";
include proxy.inc;
include microcache.inc;
include security-ssl.inc;
}
location ~ (piwik|cprotect|wp-login|xmlrpc|wp-comments-post).php {
limit_req zone=login burst=10 nodelay;
set $block_user_agents 0;
if ($http_user_agent = "") { set $block_user_agents 1; }
if ($http_user_agent = "-") { set $block_user_agents 1; }
if ($block_user_agents = 1) {
return 444;
break;
}
resolver 109.234.162.49 109.234.161.49 valid=3600s;
proxy_pass https://$host:4430;
include proxy.inc;
include microcache.inc;
include security-ssl.inc;
}
location ~ /\.ht {
deny all;
}
}
';
}
}
}
file_put_contents(NGINX_DEFAULT_HTTPS_VHOST, $output);
}
// Run the check
if (!file_exists(NGINX_DEFAULT_HTTPS_VHOST) || (file_exists(HTTPD_CONF) && is_readable(HTTPD_CONF) && (filemtime(HTTPD_CONF) + HTTPD_CONF_LAST_CHANGED) > time())) {
generate_https_vhosts();
echo(1);
exit(1);
} else {
echo(0);
exit(0);
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists