From 521147b22d129c3a18616bb2b8b792e367113b07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristhian=20Mart=C3=ADnez=20Ochoa?= <cristhian@qrokes.com>
Date: Thu, 20 Dec 2018 21:10:04 -0600
Subject: [PATCH] tools and default site issues

Failing with SSL and some other issues.
---
 lib/site-ssl                           | 14 +++++++------
 lib/sites                              |  5 ++++-
 lib/webin                              | 14 +++++++++----
 plugins/site                           |  2 +-
 plugins/webinoly                       | 29 ++++++++++++++++++++------
 templates/general/nginx-blackhole      |  8 ++++---
 templates/general/tools-site-blackhole |  8 +++----
 7 files changed, 55 insertions(+), 25 deletions(-)

diff --git a/lib/site-ssl b/lib/site-ssl
index 62d000d..a510064 100644
--- a/lib/site-ssl
+++ b/lib/site-ssl
@@ -83,7 +83,7 @@ site_ssl_on() {
 		sudo certbot certonly --webroot -w /var/www/$root/htdocs/ $domset $param
 	
 	elif [[ -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
-		echo "${blu}Certificate for echo${end} $domain ${blu}already exist and found, wait while we configure your server to use it!${end}"
+		echo "${blu}Certificate for${end} $domain ${blu}already exist and found, wait while we configure your server to use it!${end}"
 	fi
 	
 	
@@ -94,9 +94,6 @@ site_ssl_on() {
 		sudo sed -i '/headers-http.conf/a \	include common/headers-https.conf;' /etc/nginx/sites-available/$domain
 		sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$domain
 		sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s/domain.com/$domain/}" /etc/nginx/sites-available/$domain
-
-		# In case this domain is used as tools-site.
-		[[ $(conf_read tools-site) == $domain ]] && sudo webinoly -tools-site=$domain
 		
 		# HTTP to HTTPS Redirection
 		[[ $subdomflag == 1 ]] && local sername="server_name $domain;" || local sername="server_name $domain www.$domain;"
@@ -104,6 +101,10 @@ site_ssl_on() {
 		sudo sed -i '1r /opt/webinoly/templates/template-site-sslredirect' /etc/nginx/sites-available/$domain
 		sudo sed -i "/#server_name;/c \	$sername" /etc/nginx/sites-available/$domain
 		
+		# In case this domain is used as tools-site or default-site
+		[[ $(conf_read tools-site) == $domain ]] && sudo webinoly -tools-site=$domain
+		[[ $(conf_read default-site) == $domain ]] && sudo webinoly -default-site=$domain
+		
 		# Auto-Renew Certificate
 		if [[ ! -a /var/spool/cron/crontabs/root ]]; then
 			sudo touch /var/spool/cron/crontabs/root
@@ -116,7 +117,7 @@ site_ssl_on() {
 		[[ -z $cronmail && -n $cermail && -z $cronrene ]] && echo "MAILTO=${cermail}" | sudo tee -a /var/spool/cron/crontabs/root
 		[[ -z $cronrene ]] && echo '15 3 * * 7 certbot renew --post-hook "service nginx restart"' | sudo tee -a /var/spool/cron/crontabs/root
 		
-		[[ $(conf_read debug) == "true" ]] && echo "${blu}Debug Mode is enabled, this SSL Cert is just for testing purpose and should not be used in production enviroments.{end}"
+		[[ $(conf_read debug) == "true" ]] && echo "${red}Debug Mode is enabled, this SSL Cert is just for testing purpose and should not be used in production enviroments.${end}"
 		echo "${gre}SSL have been successfully enabled for your site -${blu} $domain${end}"
 	else
 		echo "${red}"
@@ -133,8 +134,9 @@ site_ssl_off() {
 	sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$domain
 	sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{/.*/d}' /etc/nginx/sites-available/$domain
 	
-	# In case this domain is used as tools-site.
+	# In case this domain is used as tools-site or default-site
 	[[ $(conf_read tools-site) == $domain ]] && sudo webinoly -tools-site=$domain
+	[[ $(conf_read default-site) == $domain ]] && sudo webinoly -default-site=$domain
 	
 	if [[ -n $value && ( $value == "force" || $value == "off-force" ) ]]; then
 		answer=="N"
diff --git a/lib/sites b/lib/sites
index 25308d9..55cc8af 100644
--- a/lib/sites
+++ b/lib/sites
@@ -539,6 +539,9 @@ createsite() {
 		wp_cache_plugins
 	fi
 	
+	# Check if only-error log is enabled
+	[[ $(conf_read global-access-log-off) == "true" ]] && sudo log $domain -only-error=on
+	
 	sudo chown -R www-data:www-data /var/www
 	[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
 
@@ -587,7 +590,7 @@ force_redirect() {
 	esac
 	
 	# If SSL is enabled insert after that - First redirect should be to HTTPS due to HSTS.
-	isssl=$( grep -F "ssl_certificate_key" /etc/nginx/sites-available/$domain )
+	isssl=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$domain | grep -F "ssl_certificate_key")
 	if [[ -z $isssl && $value =~ ^(www|root)$ ]]; then
 		sudo sed -i '1r /tmp/template-site-wwwredirect' /etc/nginx/sites-available/$domain
 	elif [[ -n $isssl && $value =~ ^(www|root)$ ]]; then
diff --git a/lib/webin b/lib/webin
index 3a97626..797e388 100644
--- a/lib/webin
+++ b/lib/webin
@@ -528,10 +528,16 @@ remove_domain_default_site() {
 	# In case we have a domain as default before.
 	if ! [[ $(conf_read default-site) =~ ^(default|blackhole)$ || -z $(conf_read default-site) ]]; then
 		[[ -L /etc/nginx/sites-enabled/default ]] || sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-		sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80 default_server;/listen 80;/}" /etc/nginx/sites-available/$(conf_read default-site)
-		sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80 default_server;/listen [::]:80;/}" /etc/nginx/sites-available/$(conf_read default-site)
-		sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2 default_server;/listen 443 ssl http2;/}" /etc/nginx/sites-available/$(conf_read default-site)
-		sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2 default_server;/listen [::]:443 ssl http2;/}" /etc/nginx/sites-available/$(conf_read default-site)
+		sudo sed -i "s/listen 80 default_server;/listen 80;/" /etc/nginx/sites-available/$(conf_read default-site)
+		sudo sed -i "s/listen \[::\]:80 default_server;/listen [::]:80;/" /etc/nginx/sites-available/$(conf_read default-site)
+		sudo sed -i "s/listen 443 ssl http2 default_server;/listen 443 ssl http2;/" /etc/nginx/sites-available/$(conf_read default-site)
+		sudo sed -i "s/listen \[::\]:443 ssl http2 default_server;/listen [::]:443 ssl http2;/" /etc/nginx/sites-available/$(conf_read default-site)
+		sudo sed -i '/WebinolyStartBlackhole/,/WebinolyEndBlackhole/{/.*/d}' /etc/nginx/sites-available/$(conf_read default-site)
 	fi
 }
 
+
+create_blackhole_cert() {
+	[[ ! -a /etc/ssl/certs/webinoly-blackhole.crt.pem ]] && sudo openssl req -new -newkey rsa:2048 -days 36500 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=blackhole" -keyout /etc/ssl/private/webinoly-blackhole.key.pem  -out /etc/ssl/certs/webinoly-blackhole.crt.pem
+}
+
diff --git a/plugins/site b/plugins/site
index d40a904..144e417 100644
--- a/plugins/site
+++ b/plugins/site
@@ -316,7 +316,7 @@ elif [[ "$type" == "-delete" && -a /etc/nginx/sites-available/$domain ]]; then
 
 # SSL (Letsencrypt)
 elif [[ ( $type == "-ssl-on" || $type == "-ssl-off" || $type == "-ssl" ) && -a /etc/nginx/sites-available/$domain ]]; then
-	isssl=$( grep -F "ssl_certificate_key" /etc/nginx/sites-available/$domain )
+	isssl=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$domain | grep -F "ssl_certificate_key")
 	if [[ ( $type == "-ssl-on" && -z $value ) || ( $type == "-ssl" && $value == "on" ) ]]; then
 		[[ -z $isssl ]] && site_ssl_on || echo "${red}SSL is already enabled for your site -${blu} $domain ${end}"
 	elif [[ ( $type == "-ssl-off" || ( $type == "-ssl" && ( $value == "off" || $value == "off-force" ))) ]]; then
diff --git a/plugins/webinoly b/plugins/webinoly
index 28a805c..8016f16 100644
--- a/plugins/webinoly
+++ b/plugins/webinoly
@@ -123,7 +123,7 @@ elif [[ $opt == "-tools-site" ]]; then
 		sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \	listen [::]:$(conf_read tools-port);" /etc/nginx/sites-available/$(conf_read tools-port)
 		
 		# If SSL is enabled
-		isssl=$( grep -F "ssl_certificate_key" /etc/nginx/sites-available/$value )
+		isssl=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$value | grep -F "ssl_certificate_key")
 		if [[ -n $isssl ]]; then
 			sudo sed -i "/listen $(conf_read tools-port)/c \	listen $(conf_read tools-port) ssl http2 deferred;" /etc/nginx/sites-available/$(conf_read tools-port)
 			sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \	listen [::]:$(conf_read tools-port) ssl http2;" /etc/nginx/sites-available/$(conf_read tools-port)
@@ -131,11 +131,18 @@ elif [[ $opt == "-tools-site" ]]; then
 			sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s/domain.com/$value/}" /etc/nginx/sites-available/$(conf_read tools-port)
 			sudo sed -i '/locations.conf/a \	include common/headers-https.conf;' /etc/nginx/sites-available/$(conf_read tools-port)
 			sudo sed -i "/WebinolySSLend/i \	error_page 497  https:\/\/\$host:\$server_port\$request_uri;" /etc/nginx/sites-available/$(conf_read tools-port)
+			create_blackhole_cert
 		fi
 		
 		# Default blackhole for requests different from our assigned Tools-Site
 		sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-blackhole' /etc/nginx/sites-available/$(conf_read tools-port)
 		sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/22222/$(conf_read tools-port)/}" /etc/nginx/sites-available/$(conf_read tools-port)
+		if [[ -z $isssl ]]; then
+			sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/ssl_certificate/d}" /etc/nginx/sites-available/$(conf_read tools-port)
+			sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/error_page/d}" /etc/nginx/sites-available/$(conf_read tools-port)
+			sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/ssl //}" /etc/nginx/sites-available/$(conf_read tools-port)
+			echo "${red}It's highly recommended having an SSL Cert enabled on this site. ${end}"
+		fi
 		
 		conf_write tools-site $value
 		echo "${gre}Domain ${blu}- ${value}:$(conf_read tools-port) -${gre} was successfully assigned to access your server tools!${end}"
@@ -506,17 +513,27 @@ elif [[ $opt == "-default-site" ]]; then
 			exit 1
 		fi
 	elif [[ $value == "blackhole" ]]; then
-		remove_domain_default_site	
+		remove_domain_default_site
 		sudo cat /opt/webinoly/templates/general/nginx-blackhole >| /etc/nginx/sites-available/default
+		create_blackhole_cert
 		conf_write default-site blackhole
 		echo "${gre}Blackhole Nginx site was successfully assigned as default site!${end}"
 	else
 		# Domain option
 		if [[ -L /etc/nginx/sites-enabled/$value ]]; then
-			sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80;/listen 80 default_server;/}" /etc/nginx/sites-available/$value
-			sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}" /etc/nginx/sites-available/$value
-			sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/}" /etc/nginx/sites-available/$value
-			sudo sed -i "/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/}" /etc/nginx/sites-available/$value
+			remove_domain_default_site
+			sudo sed -i "s/listen 80;/listen 80 default_server;/" /etc/nginx/sites-available/$value
+			sudo sed -i "s/listen \[::\]:80;/listen [::]:80 default_server;/" /etc/nginx/sites-available/$value
+			sudo sed -i "s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/" /etc/nginx/sites-available/$value
+			sudo sed -i "s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/" /etc/nginx/sites-available/$value
+			
+			# If default site is Non-SSL, we need add a blackhole for port 443.
+			isssl=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$value | grep -F "ssl_certificate_key")
+			if [[ -z $isssl ]]; then
+				create_blackhole_cert
+				sudo sed -i '1r /opt/webinoly/templates/general/nginx-blackhole' /etc/nginx/sites-available/$value
+				sudo sed -i '/NonSSL/,/NonSSLend/{/.*/d}' /etc/nginx/sites-available/$value
+			fi
 			
 			sudo rm -rf /etc/nginx/sites-enabled/default
 			conf_write default-site $value
diff --git a/templates/general/nginx-blackhole b/templates/general/nginx-blackhole
index 03965ba..15269c4 100644
--- a/templates/general/nginx-blackhole
+++ b/templates/general/nginx-blackhole
@@ -3,15 +3,17 @@ server {
 	listen 443 ssl http2 default_server;
 	listen [::]:443 ssl http2 default_server;
 
-	ssl_certificate /etc/ssl/certs/blackhole.crt.pem;
-	ssl_certificate_key /etc/ssl/private/blackhole.key.pem;
+	ssl_certificate /etc/ssl/certs/webinoly-blackhole.crt.pem;
+	ssl_certificate_key /etc/ssl/private/webinoly-blackhole.key.pem;
 
 	return 444;
 }
+# NonSSL
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 
 	return 444;
 }
-# WebinolyEndBlackhole
\ No newline at end of file
+# NonSSLend
+# WebinolyEndBlackhole
diff --git a/templates/general/tools-site-blackhole b/templates/general/tools-site-blackhole
index 252a8d1..5268bc4 100644
--- a/templates/general/tools-site-blackhole
+++ b/templates/general/tools-site-blackhole
@@ -1,11 +1,11 @@
 
 # WebinolyToolsStartBlackhole
 server {
-	listen 11111 ssl default_server;
-	listen [::]:11111 ssl default_server;
+	listen 22222 ssl default_server;
+	listen [::]:22222 ssl default_server;
 
-	ssl_certificate /etc/ssl/certs/blackhole.crt.pem;
-	ssl_certificate_key /etc/ssl/private/blackhole.key.pem;
+	ssl_certificate /etc/ssl/certs/webinoly-blackhole.crt.pem;
+	ssl_certificate_key /etc/ssl/private/webinoly-blackhole.key.pem;
 	error_page 497  https://$host:$server_port$request_uri;
 	
 	return 444;