300 lines
11 KiB
PHP
300 lines
11 KiB
PHP
<?php
|
|
function xmpp_control($_action, $_data = null) {
|
|
global $lang;
|
|
$_data_log = $_data;
|
|
switch ($_action) {
|
|
case 'reload':
|
|
$curl = curl_init();
|
|
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
|
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/reload_config');
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
|
$response = curl_exec($curl);
|
|
curl_close($curl);
|
|
|
|
if ($response === "0") {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_reloaded'
|
|
);
|
|
}
|
|
else {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'danger',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_reload_failed'
|
|
);
|
|
}
|
|
break;
|
|
case 'restart':
|
|
$curl = curl_init();
|
|
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
|
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/restart');
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
|
$response = curl_exec($curl);
|
|
curl_close($curl);
|
|
|
|
if ($response === "0") {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_restarted'
|
|
);
|
|
}
|
|
else {
|
|
// If no host is available, the container might be in sleeping state, we need to restart the container
|
|
$response = json_decode(docker('post', 'ejabberd-mailcow', 'restart'), true);
|
|
if (isset($response['type']) && $response['type'] == "success") {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_restarted'
|
|
);
|
|
}
|
|
else {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'danger',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_restart_failed'
|
|
);
|
|
}
|
|
}
|
|
break;
|
|
case 'status':
|
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'danger',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'access_denied'
|
|
);
|
|
return false;
|
|
}
|
|
foreach (array(
|
|
'onlineusers' => 'stats?name=onlineusers',
|
|
'uptimeseconds' => 'stats?name=uptimeseconds',
|
|
'muc_online_rooms' => 'muc_online_rooms?service=global'
|
|
) as $stat => $url) {
|
|
$curl = curl_init();
|
|
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
|
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/' . $url);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
|
|
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
|
$response_json = json_decode(curl_exec($curl), true);
|
|
if (isset($response_json['stat'])) {
|
|
$response_data[$stat] = $response_json['stat'];
|
|
}
|
|
else {
|
|
$response_data[$stat] = $response_json;
|
|
}
|
|
curl_close($curl);
|
|
// Something went wrong
|
|
if ($response_data[$stat] === false) {
|
|
$response_data[$stat] = '?';
|
|
}
|
|
}
|
|
return $response_data;
|
|
break;
|
|
}
|
|
}
|
|
function xmpp_rebuild_configs() {
|
|
global $pdo;
|
|
global $lang;
|
|
$_data_log = $_data;
|
|
|
|
try {
|
|
$xmpp_domains = array();
|
|
$stmt = $pdo->query('SELECT CONCAT(`xmpp_prefix`, ".", `domain`) AS `xmpp_host`, `domain` FROM `domain` WHERE `xmpp` = 1');
|
|
$xmpp_domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
foreach ($xmpp_domain_rows as $xmpp_domain_row) {
|
|
$xmpp_domains[$xmpp_domain_row['domain']] = array('xmpp_host' => $xmpp_domain_row['xmpp_host']);
|
|
$stmt = $pdo->query('SELECT CONCAT(`local_part`, "@", CONCAT(`domain`.`xmpp_prefix`, ".", `domain`.`domain`)) AS `xmpp_username` FROM `mailbox`
|
|
JOIN `domain`
|
|
WHERE `domain`.`xmpp` = 1
|
|
AND JSON_VALUE(`attributes`, "$.xmpp_admin") = 1');
|
|
$xmpp_admin_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
foreach ($xmpp_admin_rows as $xmpp_admin_row) {
|
|
$xmpp_domains[$xmpp_domain_row['domain']]['xmpp_admins'][] = $xmpp_admin_row['xmpp_username'];
|
|
}
|
|
}
|
|
|
|
touch('/ejabberd/ejabberd_hosts.yml');
|
|
touch('/ejabberd/ejabberd_acl.yml');
|
|
touch('/etc/nginx/conf.d/ZZZ-ejabberd.conf');
|
|
$ejabberd_hosts_md5 = md5_file('/ejabberd/ejabberd_hosts.yml');
|
|
$ejabberd_acl_md5 = md5_file('/ejabberd/ejabberd_acl.yml');
|
|
$ejabberd_site_md5 = md5_file('/etc/nginx/conf.d/ZZZ-ejabberd.conf');
|
|
|
|
if (!empty($xmpp_domains)) {
|
|
// Handle hosts file
|
|
$hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
|
|
if (!$hosts_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
fwrite($hosts_handle, 'hosts:' . PHP_EOL);
|
|
foreach ($xmpp_domains as $domain => $domain_values) {
|
|
fwrite($hosts_handle, ' - ' . $xmpp_domains[$domain]['xmpp_host'] . PHP_EOL);
|
|
}
|
|
fclose($hosts_handle);
|
|
|
|
// Handle ACL file
|
|
$acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
|
|
if (!$acl_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
fwrite($acl_handle, 'append_host_config:' . PHP_EOL);
|
|
foreach ($xmpp_domains as $domain => $domain_values) {
|
|
fwrite($acl_handle, ' ' . $xmpp_domains[$domain]['xmpp_host'] . ':' . PHP_EOL);
|
|
fwrite($acl_handle, ' acl:' . PHP_EOL);
|
|
fwrite($acl_handle, ' admin:' . PHP_EOL);
|
|
fwrite($acl_handle, ' user:' . PHP_EOL);
|
|
foreach ($xmpp_domains[$domain]['xmpp_admins'] as $xmpp_admin) {
|
|
fwrite($acl_handle, ' - ' . $xmpp_admin . PHP_EOL);
|
|
}
|
|
}
|
|
fclose($acl_handle);
|
|
|
|
// Handle Nginx site
|
|
$site_handle = @fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'r+');
|
|
if ($site_handle !== false) {
|
|
ftruncate($site_handle, 0);
|
|
fclose($site_handle);
|
|
}
|
|
$site_handle = fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'w');
|
|
if (!$site_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($site_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
foreach ($xmpp_domains as $domain => $domain_values) {
|
|
$site_config = <<<EOF
|
|
server {
|
|
root /web;
|
|
|
|
include /etc/nginx/conf.d/listen_ssl.active;
|
|
include /etc/nginx/conf.d/listen_plain.active;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_certificate /etc/ssl/mail/cert.pem;
|
|
ssl_certificate_key /etc/ssl/mail/key.pem;
|
|
|
|
server_name %s conference.%s proxy.%s pubsub.%s upload.%s;
|
|
|
|
if (\$request_uri ~* "%%0A|%%0D") {
|
|
return 403;
|
|
}
|
|
|
|
set_real_ip_from 10.0.0.0/8;
|
|
set_real_ip_from 172.16.0.0/12;
|
|
set_real_ip_from 192.168.0.0/16;
|
|
set_real_ip_from fc00::/7;
|
|
real_ip_header X-Forwarded-For;
|
|
real_ip_recursive on;
|
|
|
|
location / {
|
|
proxy_pass http://ejabberd:5281/;
|
|
proxy_set_header Host \$http_host;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_redirect off;
|
|
}
|
|
}
|
|
|
|
EOF;
|
|
fwrite($site_handle, sprintf($site_config,
|
|
$xmpp_domains[$domain]['xmpp_host'],
|
|
$xmpp_domains[$domain]['xmpp_host'],
|
|
$xmpp_domains[$domain]['xmpp_host'],
|
|
$xmpp_domains[$domain]['xmpp_host'],
|
|
$xmpp_domains[$domain]['xmpp_host']
|
|
));
|
|
}
|
|
fclose($site_handle);
|
|
}
|
|
else {
|
|
// Write empty hosts file
|
|
$hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
|
|
if (!$hosts_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
fclose($hosts_handle);
|
|
|
|
// Write empty ACL file
|
|
$acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
|
|
if (!$acl_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
fclose($acl_handle);
|
|
|
|
// Write empty Nginx site
|
|
$acl_handle = fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'w');
|
|
if (!$acl_handle) {
|
|
throw new Exception($lang['danger']['file_open_error']);
|
|
}
|
|
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
|
|
fclose($acl_handle);
|
|
}
|
|
|
|
if (md5_file('/ejabberd/ejabberd_acl.yml') != $ejabberd_acl_md5) {
|
|
xmpp_control('restart');
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_maps_updated'
|
|
);
|
|
}
|
|
elseif (md5_file('/ejabberd/ejabberd_hosts.yml') != $ejabberd_hosts_md5) {
|
|
xmpp_control('reload');
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'xmpp_maps_updated'
|
|
);
|
|
}
|
|
|
|
if (md5_file('/etc/nginx/conf.d/ZZZ-ejabberd.conf') != $ejabberd_site_md5) {
|
|
$response = json_decode(docker('post', 'nginx-mailcow', 'exec', array("cmd" => "reload", "task" => "nginx"), 'Content-type: application/json'), true);
|
|
if (isset($response['type']) && $response['type'] == "success") {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'success',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => 'nginx_reloaded'
|
|
);
|
|
}
|
|
else {
|
|
if (!empty($response['msg'])) {
|
|
$error = $response['msg'];
|
|
}
|
|
else {
|
|
$error = '-';
|
|
}
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'danger',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => array('nginx_reload_failed', htmlspecialchars($error))
|
|
);
|
|
}
|
|
}
|
|
}
|
|
catch (Exception $e) {
|
|
$_SESSION['return'][] = array(
|
|
'type' => 'danger',
|
|
'log' => array(__FUNCTION__, $_action, $_data_log),
|
|
'msg' => array('xmpp_map_write_error', htmlspecialchars($e->getMessage()))
|
|
);
|
|
}
|
|
}
|
|
|