boban
/
mailwolt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Race Condition SSL-Wizard + fastcgi_param HTTPS on 

- mailwolt-apply-domains schreibt State-Dateien (done=1) BEVOR nginx auf HTTPS
  switcht, dann sleep 6s → Browser kann noch über HTTP redirecten
- WizardDomains.php überschreibt done nicht wenn Shell-Script es bereits gesetzt hat
- fastcgi_param HTTPS on in HTTPS-Blocks ergänzt (ohne dies liefert Laravel 404
  weil Request-Schema falsch erkannt wird)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
main v1.1.11
boban 2026-04-24 16:06:25 +02:00
parent 1547302297
commit 9d3cbd88b6
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Console/Commands/WizardDomains.php
View File

@ -86,8 +86,12 @@ class WizardDomains extends Command
} }
} }
file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0'); // Shell-Script schreibt done bereits vor dem nginx-Switch — nicht überschreiben
Setting::set('ssl_configured', $helperOk ? '1' : '0'); $alreadyDone = trim((string) @file_get_contents(self::STATE_DIR . '/done')) === '1';
if (!$alreadyDone) {
file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
}
Setting::set('ssl_configured', ($helperOk || $alreadyDone) ? '1' : '0');
// SESSION_SECURE_COOKIE wird nicht automatisch gesetzt — // SESSION_SECURE_COOKIE wird nicht automatisch gesetzt —
// nginx leitet HTTP→HTTPS weiter, Secure-Flag wird im Admin gesetzt // nginx leitet HTTP→HTTPS weiter, Secure-Flag wird im Admin gesetzt

13
installer.sh
View File

@ -739,6 +739,7 @@ server {
location / { try_files \$uri \$uri/ /index.php?\$query_string; } location / { try_files \$uri \$uri/ /index.php?\$query_string; }
location ~ \.php\$ { location ~ \.php\$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_param HTTPS on;
fastcgi_pass unix:${PHP_FPM_SOCK}; fastcgi_pass unix:${PHP_FPM_SOCK};
} }
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; } location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
@ -765,6 +766,7 @@ server {
location / { try_files \$uri \$uri/ /index.php?\$query_string; } location / { try_files \$uri \$uri/ /index.php?\$query_string; }
location ~ \.php\$ { location ~ \.php\$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_param HTTPS on;
fastcgi_pass unix:${PHP_FPM_SOCK}; fastcgi_pass unix:${PHP_FPM_SOCK};
} }
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; } location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
@ -774,6 +776,17 @@ CONF
fi fi
) > "${NGINX_SITE}" ) > "${NGINX_SITE}"
# State-Dateien VOR dem nginx-Switch schreiben damit der Browser
# noch über HTTP redirecten kann bevor nginx auf HTTPS wechselt
STATE_DIR="/var/lib/mailwolt/wizard"
if [ -d "${STATE_DIR}" ]; then
for k in ui mail webmail; do
[ -f "${STATE_DIR}/${k}" ] && printf "done" > "${STATE_DIR}/${k}"
done
printf "1" > "${STATE_DIR}/done"
sleep 6 # 3 Poll-Zyklen (à 2s) — Browser hat Zeit zu redirecten
fi
nginx -t && systemctl reload nginx nginx -t && systemctl reload nginx
HELPER HELPER
chmod 755 /usr/local/sbin/mailwolt-apply-domains chmod 755 /usr/local/sbin/mailwolt-apply-domains