Include SSL enforcement in domain functions

bin/v-add-mail-domain-ssl

@@ -73,9 +73,6 @@ if [ ! -z "$PROXY_SYSTEM" ]; then
     add_webmail_config "$PROXY_SYSTEM" "default.stpl"
 fi
 
-# Enable force ssl
-$BIN/v-add-mail-domain-ssl-force $user $domain
-
 # Increase value for domain
 increase_user_value "$user" '$U_MAIL_SSL'
 

bin/v-add-mail-domain-ssl-force

@@ -1,77 +0,0 @@
-#!/bin/bash
-# info: Adding force SSL for a mail domain
-# options: USER DOMAIN
-#
-# The function forces SSL for the requested domain.
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-
-# Includes
-source $HESTIA/func/main.sh
-source $HESTIA/conf/hestia.conf
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain' 'ssl_dir'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-is_object_valid 'mail' 'DOMAIN' "$domain"
-is_object_unsuspended 'mail' 'DOMAIN' "$domain"
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-# Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/mail.conf)
-
-# Check if SSL is enabled
-if [ "$SSL" != 'yes' ]; then
-    echo "Error: SSL is not enabled"
-    exit $E_NOTEXIST
-fi
-
-# Update mail templates
-$BIN/v-update-mail-templates
-
-# Check if proxy is active
-
-if [ ! -z "$PROXY_SYSTEM" ] || [ ! -z "$PROXY" ]; then
-    forcessl="/home/$user/conf/mail/$domain/$PROXY_SYSTEM.forcessl.conf"
-else
-    forcessl="/home/$user/conf/mail/$domain/$WEB_SYSTEM.forcessl.conf"
-fi
-
-# Insert redirect commands
-if [ ! -z "$PROXY_SYSTEM" ]; then
-    echo 'return 301 https://$server_name$request_uri;' > $forcessl
-else
-    echo 'RewriteEngine On' > $forcessl
-    echo 'RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]' >> $forcessl
-fi
-
-#----------------------------------------------------------#
-#                       Hestia                             #
-#----------------------------------------------------------#
-
-# Restart web server
-$BIN/v-restart-web
-check_result $? "Web restart failed" > /dev/null
-
-# Restart proxy
-$BIN/v-restart-proxy
-check_result $? "Proxy restart failed" > /dev/null
-
-exit

bin/v-delete-mail-domain-ssl-force

@@ -1,57 +0,0 @@
-#!/bin/bash
-# info: remove ssl force from domain
-# options: USER DOMAIN [RESTART]
-#
-# The function removes force SSL configurations.
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-restart=$3
-
-# Includes
-source $HESTIA/func/main.sh
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain' 'ssl_dir'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-is_object_valid 'mail' 'DOMAIN' "$domain"
-is_object_unsuspended 'mail' 'DOMAIN' "$domain"
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-# Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/mail.conf)
-
-# Remove forcessl configs
-rm -f /home/$user/conf/mail/$domain/forcessl.*.conf
-
-
-#----------------------------------------------------------#
-#                       Hestia                             #
-#----------------------------------------------------------#
-
-# Restart services if requested
-if [ ! -z "$restart" ]; then
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
-
-    $BIN/v-restart-proxy
-    check_result $? "Proxy restart failed" >/dev/null
-fi
-
-exit

func/domain.sh

@@ -643,14 +643,25 @@ add_webmail_config() {
     fi
     if [ "$2" = "default.stpl" ]; then
         if [ ! -z "$WEB_SYSTEM" ]; then
+            forcessl="$HOMEDIR/$user/conf/mail/$domain/$WEB_SYSTEM.forcessl.conf"
             rm -f /etc/$1/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
             ln -s $conf /etc/$1/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
         fi
         if [ ! -z "$PROXY_SYSTEM" ]; then
+            forcessl="$HOMEDIR/$user/conf/mail/$domain/$PROXY_SYSTEM.forcessl.conf"
             rm -f /etc/$1/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
             ln -s $conf /etc/$1/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
         fi
-        # Clear old configurations
+
+        # Add rewrite rules to force HTTPS/SSL connections
+        if [ ! -z "$PROXY_SYSTEM" ]; then
+            echo 'return 301 https://$server_name$request_uri;' > $forcessl
+        else
+            echo 'RewriteEngine On' > $forcessl
+            echo 'RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]' >> $forcessl
+        fi
+
+        # Remove old configurations
         rm -rf $HOMEDIR/$user/conf/mail/$domain.*
         rm -rf $HOMEDIR/$user/conf/mail/ssl.$domain.*
         rm -rf $HOMEDIR/$user/conf/mail/*nginx.$domain.*
@@ -714,6 +725,47 @@ add_mail_ssl_config() {
     chown -h $user:mail /usr/local/hestia/ssl/mail/*
 }
 
+check_mail_ssl_config(){
+    if [ -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt ]; then
+        SSL='yes'
+    else
+        echo "Error: SSL certificate not available."
+        exit $E_NOTEXIST
+    fi
+}
+
+repair_mail_ssl_config(){
+    if [ -f $USER_DATA/ssl/mail.$domain.crt ]; then
+
+        # Ensure SSL directory exists
+        if [ ! -d $HOMEDIR/$user/conf/mail/$domain/ssl/ ]; then
+            mkdir -p $HOMEDIR/$user/conf/mail/$domain/ssl/
+        fi
+
+        # Remove existing certificates
+        rm -rf $HOMEDIR/$user/conf/mail/$domain/ssl/*
+
+        # Add certificates to user home directory
+        cp -f $USER_DATA/ssl/mail.$domain.crt $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt
+        cp -f $USER_DATA/ssl/mail.$domain.key $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key
+        cp -f $USER_DATA/ssl/mail.$domain.pem $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem
+
+        if [ -e "$USER_DATA/ssl/mail.$domain.ca" ]; then
+            cp -f $USER_DATA/ssl/mail.$domain.ca $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.ca
+        fi
+
+        # Increase value for domain
+        increase_user_value "$user" '$U_MAIL_SSL'
+
+        # Set SSL as enabled in configuration
+        update_object_value 'mail' 'DOMAIN' "$domain" '$SSL' "yes"
+
+    else
+        echo "Error: no available SSL certificates for $domain."
+        exit $E_NOTEXIST
+    fi
+}
+
 # Delete SSL support for mail domain
 del_mail_ssl_config() {
     
@@ -724,7 +776,7 @@ del_mail_ssl_config() {
     rm -f /etc/dovecot/conf.d/domains/mail.$domain.conf
 
     # Remove SSL vhost configuration
-    rm -f $HOMEDIR/$user/conf/mail/$domain/*.ssl.conf
+    rm -f $HOMEDIR/$user/conf/mail/$domain/*.*ssl.conf
     rm -f /etc/$WEB_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
     rm -f /etc/$PROXY_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
 
@@ -742,16 +794,16 @@ del_mail_ssl_certificates(){
 # Delete webmail support
 del_webmail_config() {
     if [ ! -z "$WEB_SYSTEM" ]; then 
-        rm -f $HOMEDIR/$user/conf/mail/$domain/$WEB_SYSTEM.conf
+        rm -f $HOMEDIR/$user/conf/mail/$domain/$WEB_SYSTEM.*conf
         rm -f /etc/$WEB_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.conf
-        rm -f $HOMEDIR/$user/conf/mail/$domain/$WEB_SYSTEM.ssl.conf
+        rm -f $HOMEDIR/$user/conf/mail/$domain/$WEB_SYSTEM.*ssl.conf
         rm -f /etc/$WEB_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
     fi
 
     if [ ! -z "$PROXY_SYSTEM" ]; then
-        rm -f $HOMEDIR/$user/conf/mail/$domain/$PROXY_SYSTEM.conf
+        rm -f $HOMEDIR/$user/conf/mail/$domain/$PROXY_SYSTEM.*conf
         rm -f /etc/$PROXY_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.conf
-        rm -f $HOMEDIR/$user/conf/mail/$domain/$PROXY_SYSTEM.ssl.conf
+        rm -f $HOMEDIR/$user/conf/mail/$domain/$PROXY_SYSTEM.*ssl.conf
         rm -f /etc/$PROXY_SYSTEM/conf.d/domains/$WEBMAIL_ALIAS.$domain.ssl.conf
     fi
 }