Fix SSL cert issue for phpMyadmin

scripts/pma-gateway/create_pma_gateway.sh

@@ -30,6 +30,51 @@ else
   ENV_HOST=${ENV_HOST#node*-}   # strip nodeXXXX-
 fi
 
+# ==============================================================================
+# Step 1: Ensure xmlstarlet is installed for safe XML parsing
+# ==============================================================================
+if ! command -v xmlstarlet &> /dev/null; then
+    echo "xmlstarlet not found. Installing for safe XML parsing..." >&2
+    if ! sudo dnf install -y xmlstarlet; then
+        echo "FATAL: Failed to install xmlstarlet. Cannot safely read LiteSpeed config." >&2
+        exit 1
+    fi
+fi
+
+# ==============================================================================
+# Step 2: Dynamically read SSL configuration from main LiteSpeed config
+# ==============================================================================
+LITESPEED_CONFIG="/var/www/conf/httpd_config.xml"
+KEY_FILE_PATH=""
+CERT_FILE_PATH=""
+
+if [[ -f "$LITESPEED_CONFIG" ]]; then
+    echo "Reading SSL configuration from LiteSpeed main config..." >&2
+
+    # Query the main HTTPS listener (port 443) for keyFile and certFile
+    # This is the most specific and robust XPath
+    KEY_FILE_PATH=$(sudo xmlstarlet sel -t -v \
+        "//httpServerConfig/listenerList/listener[name='HTTPS' and secure='1' and address='*:443'][1]/keyFile" \
+        "$LITESPEED_CONFIG" 2>/dev/null | xargs)
+
+    CERT_FILE_PATH=$(sudo xmlstarlet sel -t -v \
+        "//httpServerConfig/listenerList/listener[name='HTTPS' and secure='1' and address='*:443'][1]/certFile" \
+        "$LITESPEED_CONFIG" 2>/dev/null | xargs)
+fi
+
+# ==============================================================================
+# Step 3: Implement fallback to default self-signed certificate
+# ==============================================================================
+if [[ -z "$KEY_FILE_PATH" ]] || [[ -z "$CERT_FILE_PATH" ]]; then
+    echo "No custom SSL certificate found. Falling back to default self-signed certificate." >&2
+    # Use SINGLE quotes to write the literal string "$SERVER_ROOT" to the config,
+    # not the shell variable. This is critical.
+    KEY_FILE_PATH='$SERVER_ROOT/ssl/litespeed.key'
+    CERT_FILE_PATH='$SERVER_ROOT/ssl/litespeed.crt'
+else
+    echo "Using SSL certificate: $CERT_FILE_PATH" >&2
+fi
+
 PMADB_DIR="/usr/share/phpMyAdmin"
 GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php"
 
@@ -120,8 +165,8 @@ if [ ! -s "$VHOST_CONFIG" ]; then
 RewriteRule ^/nospider/         -   [F]</rules>
   </rewrite>
   <vhssl>
-    <keyFile>/var/www/ssl/litespeed.key</keyFile>
-    <certFile>/var/www/ssl/litespeed.crt</certFile>
+    <keyFile>__KEY_FILE_PLACEHOLDER__</keyFile>
+    <certFile>__CERT_FILE_PLACEHOLDER__</certFile>
     <certChain>1</certChain>
   </vhssl>
   <frontPage>
@@ -139,6 +184,20 @@ RewriteRule ^/nospider/         -   [F]</rules>
   </awstats>
 </virtualHostConfig>
 EOF
+    
+    # ==============================================================================
+    # Step 5: Inject the discovered certificate paths using sed
+    # ==============================================================================
+    # Escape special characters (/, $, &, \, ') in paths for use with sed
+    ESCAPED_KEY_PATH=$(printf '%s\n' "$KEY_FILE_PATH" | sed 's/[\/&$\\'"'"']/\\&/g')
+    ESCAPED_CERT_PATH=$(printf '%s\n' "$CERT_FILE_PATH" | sed 's/[\/&$\\'"'"']/\\&/g')
+
+    # Replace placeholders with actual certificate paths
+    sudo sed -i "s|__KEY_FILE_PLACEHOLDER__|$ESCAPED_KEY_PATH|g" "$VHOST_CONFIG"
+    sudo sed -i "s|__CERT_FILE_PLACEHOLDER__|$ESCAPED_CERT_PATH|g" "$VHOST_CONFIG"
+    
+    echo "SSL certificate paths injected into vhost configuration." >&2
+    
     NEEDS_RESTART=1
 fi