www/nginx: some bugfixes; add a rule for the upcoming naxsi release; add restart action to acme (#742)

* www/nginx: some bugfixes; add a rule for the upcoming naxsi release * www/nginx: theme the two other error pages like the waf error page * security/acme-client: allow to restart nginx (if installed) * add .idea to gitignore * bump versions and upcase nginx
2026-02-03 20:40:37 -05:00 · 2018-07-23 22:52:25 +02:00 · 2018-07-23 22:52:25 +02:00 · e27f0eaa1e
commit e27f0eaa1e
parent 7ef2d30d83
10 changed files with 104 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 */*/work
 *.pyc
+.idea/
+
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=		haproxy
-PLUGIN_VERSION=		2.7
+PLUGIN_VERSION=		2.8
 PLUGIN_REVISION=	2
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy-devel
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@ -677,6 +677,7 @@
                    <OptionValues>
                        <restart_gui>Restart OPNsense Web UI</restart_gui>
                        <restart_haproxy>Restart HAProxy (OPNsense plugin)</restart_haproxy>
+                        <restart_nginx>Restart Nginx (OPNsense plugin)</restart_nginx>
                        <configd>System or Plugin Command (select below)</configd>
                    </OptionValues>
                </type>
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@ -1056,8 +1056,8 @@ function import_certificate($certObj, $modelObj)

    // Write changes to config
    // TODO: Legacy code, should be replaced with code from OPNsense framework
-    write_config("${import_log_message} Let's Encrypt SSL certificate: ${cert_cn}");
-    log_error("AcmeClient: ${import_log_message} Let's Encrypt SSL certificate: ${cert_cn}");
+    write_config("${import_log_message} Let's Encrypt X.509 certificate: ${cert_cn}");
+    log_error("AcmeClient: ${import_log_message} Let's Encrypt X.509 certificate: ${cert_cn}");

    // Update (acme) certificate object (through MVC framework)
    $uuid = $certObj->attributes()->uuid;
@ -1138,6 +1138,9 @@ function run_restart_actions($certlist, $modelObj)
                case 'restart_haproxy':
                    $response = $backend->configdRun("haproxy restart");
                    break;
+                case 'restart_nginx':
+                    $response = $backend->configdRun("nginx restart");
+                    break;
                case 'configd':
                    // Make sure a configd command was specified.
                    if (empty((string)$action->configd)) {
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=          nginx
-PLUGIN_VERSION=       0.2
+PLUGIN_VERSION=       0.3
 PLUGIN_COMMENT=       Nginx HTTP server and reverse proxy
 PLUGIN_DEPENDS=       nginx
 PLUGIN_MAINTAINER=    franz.fabian.94@gmail.com
--- a/www/nginx/src/etc/nginx/views/opnsense_error_404.html
+++ b/www/nginx/src/etc/nginx/views/opnsense_error_404.html
--- a/www/nginx/src/etc/nginx/views/opnsense_server_error.html
+++ b/www/nginx/src/etc/nginx/views/opnsense_server_error.html
--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/naxsirule.conf
+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/naxsirule.conf
@ -47,15 +47,17 @@

 {% if naxsi_ruletype == 'basic' %}
 {# current policy in loop is available as custom_policy, the uuid as custom_policy_uuid #}
-{%   for naxsi_rule_uuid in custom_policy.naxsi_rules.split(',') %}
-{%     if naxsi_rule_uuid not in added_policies %}
-{%       set basic_rule = helpers.getUUID(naxsi_rule_uuid) %}
-{%       if basic_rule.ruletype == 'basic' %}
-{{         naxsi_rule(custom_policy_uuid, basic_rule, "BasicRule") }}
-{%         do added_policies.append(naxsi_rule_uuid) %}
+{%   if custom_policy.naxsi_rules is defined %}
+{%     for naxsi_rule_uuid in custom_policy.naxsi_rules.split(',') %}
+{%       if naxsi_rule_uuid not in added_policies %}
+{%         set basic_rule = helpers.getUUID(naxsi_rule_uuid) %}
+{%         if basic_rule.ruletype == 'basic' %}
+{{           naxsi_rule(custom_policy_uuid, basic_rule, "BasicRule") }}
+{%           do added_policies.append(naxsi_rule_uuid) %}
+{%         endif %}
 {%       endif %}
-{%     endif %}
-{%   endfor %}
+{%     endfor %}
+{%   endif %}
 {% endif %}
 {% if naxsi_ruletype == 'main' %}
 {{   naxsi_rule(custom_policy_uuid, main_rule, "MainRule") }}
--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/php-www.conf
+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/php-www.conf
@ -3,6 +3,9 @@
 user = www
 group = www
 listen = /var/run/php-www.socket
+listen.owner = www
+listen.group = www
+listen.mode = 0660
 pm = dynamic
 pm.max_children = 5
 pm.start_servers = 2
--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/ruleset.conf
+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/ruleset.conf
@ -1,3 +1,4 @@
+MainRule wl:19;
 {% set naxsi_ruletype = 'main' %}
 {% set main_policies = [] %}
 {% set main_rules = [] %}