github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 13:01:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'backups' of github.com:moucho/vesta into backups

Browse source
This commit is contained in:
Marcos 2018-12-24 17:51:15 +01:00
commit 635107b804
641 changed files with 29438 additions and 4737 deletions
Download patch file Download diff file Expand all files Collapse all files

8
bin/v-add-backup-host
View file

@ -38,8 +38,8 @@ EOF
sftpc() { sftpc() {
expect -f "-" <<EOF "$@" expect -f "-" <<EOF "$@"
set count 0 set count 0
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \ spawn "/usr/bin/sftp -o StrictHostKeyChecking=no -o \
Port=$port $user@$host Port=$port '$user@$host'"
expect { expect {
"password:" { "password:" {
send "$password\r" send "$password\r"
@ -94,12 +94,14 @@ EOF
if [ "$type" != 'local' ];then if [ "$type" != 'local' ];then
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
is_format_valid 'host' is_format_valid 'user' 'host' 'path' 'port'
is_password_valid is_password_valid
if [ "$type" = 'sftp' ]; then if [ "$type" = 'sftp' ]; then
which expect >/dev/null 2>&1 which expect >/dev/null 2>&1
check_result $? "expect command not found" $E_NOTEXIST check_result $? "expect command not found" $E_NOTEXIST
fi fi
host "$host" >/dev/null 2>&1
check_result $? "host connection failed" "$E_CONNECT"
fi fi

4
bin/v-add-dns-on-web-alias
View file

@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
# Adding second level domain # Adding second level domain
if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
$BIN/v-add-dns-domain \ $BIN/v-add-dns-domain \
$user $alias $ip '' '' '' '' '' $restart >> /dev/null $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
exit exit
fi fi
# Adding top-level domain and then its sub # Adding top-level domain and then its sub
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null $BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null
# Checking top-level domain # Checking top-level domain
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

138
bin/v-add-letsencrypt-user
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# info: register letsencrypt user account # info: register letsencrypt user account
# options: USER [EMAIL] # options: USER [TYPE]
# #
# The function creates and register LetsEncript account key # The function creates and register LetsEncript account key
@ -11,7 +11,7 @@
# Argument definition # Argument definition
user=$1 user=$1
email=$2 type=${2-1}
key_size=4096 key_size=4096
# Includes # Includes
@ -28,11 +28,17 @@ encode_base64() {
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [EMAIL]' check_args '1' "$#" 'USER [TYPE]'
is_format_valid 'user' is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf"
if [ "$type" -eq 1 ] && [ ! -z "$EMAIL" ]; then
exit exit
fi
if [ "$type" -eq 2 ] && [ ! -z "$KID" ]; then
exit
fi
fi fi
@ -40,14 +46,29 @@ fi
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
api='https://acme-v01.api.letsencrypt.org' # Defining LE API endpoint
if [ -z "$email" ]; then if [ "$type" -eq 1 ]; then
api='https://acme-v01.api.letsencrypt.org'
else
api='https://acme-v02.api.letsencrypt.org'
fi
# Defining user email
if [ $type -eq 1 ]; then
email=$(get_user_value '$CONTACT') email=$(get_user_value '$CONTACT')
fi fi
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n') # Defining user agreement
if [ "$type" -eq 1 ]; then
agreement=$(curl -s -I "$api/terms" |grep Location |\
cut -f 2 -d \ |tr -d '\r\n')
else
#agreement=$(curl -s "$api/directory" |grep termsOfService |\
# cut -f 4 -d '"')
agreement=''
fi
# Generating key # Generating user key
key="$USER_DATA/ssl/user.key" key="$USER_DATA/ssl/user.key"
if [ ! -e "$key" ]; then if [ ! -e "$key" ]; then
openssl genrsa -out $key $key_size >/dev/null 2>&1 openssl genrsa -out $key $key_size >/dev/null 2>&1
@ -55,41 +76,77 @@ if [ ! -e "$key" ]; then
fi fi
# Defining key exponent # Defining key exponent
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ if [ -z "$EXPONENT" ]; then
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
xxd -r -p |encode_base64) xxd -r -p |encode_base64)
else
exponent="$EXPONENT"
fi
# Defining key modulus # Defining key modulus
modulus=$(openssl rsa -in "$key" -modulus -noout |\ if [ -z "$MODULUS" ]; then
modulus=$(openssl rsa -in "$key" -modulus -noout |\
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
else
modulus="$MODULUS"
fi
# Defining key thumb # Defining JWK token
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' jwk='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
# Defining JWK header # Defining key thumbnail
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' if [ -z "$THUMB" ]; then
header='{"alg":"RS256","jwk":'"$header"'}' thumb="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
else
thumb="$THUMB"
fi
# Requesting nonce # Requesting ACME nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining registration query # Defining payload and protected data for v1 and v2
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],' if [ "$type" -eq 1 ]; then
query=$query'"agreement":"'$agreement'"}' header='{"alg":"RS256","jwk":'"$jwk"'}'
payload=$(echo -n "$query" |encode_base64) protected='{"nonce":"'"$nonce"'"}'
payload='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
payload=$payload'"agreement":"'$agreement'"}'
else
protected='{"nonce": "'$nonce'",'
protected=''$protected' "url": "'$api/acme/new-acct'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
payload='{"termsOfServiceAgreed": true}'
fi
# Encoding data
protected=$(echo -n "$protected" |encode_base64)
payload=$(echo -n "$payload" |encode_base64)
# Signing request
signature=$(printf "%s" "$protected.$payload" |\ signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64) openssl dgst -sha256 -binary -sign "$key" |\
data='{"header":'"$header"',"protected":"'"$protected"'",' encode_base64)
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API if [ "$type" -eq 1 ]; then
answer=$(curl -s -i -d "$data" "$api/acme/new-reg") data='{"header":'"$header"',"protected":"'"$protected"'",'
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
else
data='{"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'",'
data=$data'"signature":"'"$signature"'"}'
answer=$(curl -s -i -d "$data" "$api/acme/new-acct" \
-H "Content-Type: application/jose+json")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r')
fi
# Checking http answer status # Checking http answer status
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then if [[ "${status:0:2}" -ne "20" ]] && [[ "$status" -ne "409" ]]; then
check_result $E_CONNECT "LetsEncrypt account registration $status" check_result $E_CONNECT "LetsEncrypt account registration $status"
fi fi
@ -99,12 +156,25 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Adding le.conf # Adding le.conf
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf echo "EXPONENT='$exponent'" > $USER_DATA/ssl/le.conf
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf if [ "$type" -eq 1 ]; then
echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf
else
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
chmod 660 $USER_DATA/ssl/le.conf
else
if [ "$type" -eq 1 ]; then
sed -i '/^EMAIL=/d' $USER_DATA/ssl/le.conf
echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf
else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
fi
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

22
bin/v-add-user-package
View file

@ -30,37 +30,37 @@ is_package_new() {
is_package_consistent() { is_package_consistent() {
source $pkg_dir/$package.pkg source $pkg_dir/$package.pkg
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
fi fi
if [ "$WEB_ALIASES" != 'unlimited' ]; then if [ "$WEB_ALIASES" != 'unlimited' ]; then
is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
fi fi
if [ "$DNS_DOMAINS" != 'unlimited' ]; then if [ "$DNS_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
fi fi
if [ "$DNS_RECORDS" != 'unlimited' ]; then if [ "$DNS_RECORDS" != 'unlimited' ]; then
is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
fi fi
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
fi fi
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
fi fi
if [ "$DATABASES" != 'unlimited' ]; then if [ "$DATABASES" != 'unlimited' ]; then
is_format_valid_int $DATABASES 'DATABASES' is_int_format_valid $DATABASES 'DATABASES'
fi fi
if [ "$CRON_JOBS" != 'unlimited' ]; then if [ "$CRON_JOBS" != 'unlimited' ]; then
is_format_valid_int $CRON_JOBS 'CRON_JOBS' is_int_format_valid $CRON_JOBS 'CRON_JOBS'
fi fi
if [ "$DISK_QUOTA" != 'unlimited' ]; then if [ "$DISK_QUOTA" != 'unlimited' ]; then
is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
fi fi
if [ "$BANDWIDTH" != 'unlimited' ]; then if [ "$BANDWIDTH" != 'unlimited' ]; then
is_format_valid_int $BANDWIDTH 'BANDWIDTH' is_int_format_valid $BANDWIDTH 'BANDWIDTH'
fi fi
if [ "$BACKUPS" != 'unlimited' ]; then if [ "$BACKUPS" != 'unlimited' ]; then
is_format_valid_int $BACKUPS 'BACKUPS' is_int_format_valid $BACKUPS 'BACKUPS'
fi fi
is_format_valid_shell $SHELL is_format_valid_shell $SHELL
} }

7
bin/v-add-web-domain
View file

@ -113,9 +113,12 @@ if [ "$aliases" = 'none' ]; then
ALIAS='' ALIAS=''
else else
ALIAS="www.$domain" ALIAS="www.$domain"
if [ ! -z "$aliases" ]; then if [ -z "$aliases" ]; then
ALIAS="$ALIAS,$aliases" ALIAS="www.$domain"
else
ALIAS="$aliases"
fi fi
ip_alias=$(get_ip_alias $domain) ip_alias=$(get_ip_alias $domain)
if [ ! -z "$ip_alias" ]; then if [ ! -z "$ip_alias" ]; then
ALIAS="$ALIAS,$ip_alias" ALIAS="$ALIAS,$ip_alias"

18
bin/v-backup-user
View file

@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
(( ++i)) (( ++i))
done done
if [ -z "$BACKUP_TEMP" ]; then
BACKUP_TEMP=$BACKUP
fi
# Creating temporary directory # Creating temporary directory
tmpdir=$(mktemp -p /tmp -d) tmpdir=$(mktemp -p $BACKUP_TEMP -d)
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
@ -212,6 +216,9 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
cp $USER_DATA/ssl/$domain.* vesta/ cp $USER_DATA/ssl/$domain.* vesta/
fi fi
# Changin dir to documentroot
cd $HOMEDIR/$user/web/$domain
# Define exclude arguments # Define exclude arguments
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f set -f
@ -220,9 +227,15 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
if [ ! -z "$exlusion" ]; then if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do for xpath in $xdirs; do
if [ -d "$xpath" ]; then
fargs+=(--exclude=$xpath/*) fargs+=(--exclude=$xpath/*)
echo "$(date "+%F %T") excluding directory $xpath" echo "$(date "+%F %T") excluding directory $xpath"
msg="$msg\n$(date "+%F %T") excluding directory $xpath" msg="$msg\n$(date "+%F %T") excluding directory $xpath"
else
echo "$(date "+%F %T") excluding file $xpath"
msg="$msg\n$(date "+%F %T") excluding file $xpath"
fargs+=(--exclude=$xpath)
fi
done done
fi fi
set +f set +f
@ -387,7 +400,9 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
grep "DB='$database'" $conf > vesta/db.conf grep "DB='$database'" $conf > vesta/db.conf
dump="$tmpdir/db/$database/$database.$TYPE.sql" dump="$tmpdir/db/$database/$database.$TYPE.sql"
dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
if [ ! -f "$dumpgz" ]; then
case $TYPE in case $TYPE in
mysql) dump_mysql_database ;; mysql) dump_mysql_database ;;
pgsql) dump_pgsql_database ;; pgsql) dump_pgsql_database ;;
@ -395,6 +410,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
# Compress dump # Compress dump
gzip -$BACKUP_GZIP $dump gzip -$BACKUP_GZIP $dump
fi
done done
# Print total # Print total

3
bin/v-backup-users
View file

@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
exit exit
fi fi
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
log=$VESTA/log/backup.log log=$VESTA/log/backup.log
if [ ! -z "$check_suspend" ]; then if [ ! -z "$check_suspend" ]; then

70
bin/v-change-sys-ip-nat
View file

@ -34,48 +34,72 @@ is_ip_valid "$ip"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Changing nat ip # Updating IP
if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
old=''
new=$nat_ip
else else
update_ip_value '$NAT' "$nat_ip" old=$(get_ip_value '$NAT')
new=$nat_ip
sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
if [ -z "$nat_ip" ]; then
new=$ip
fi
fi fi
# Check ftp system # Updating WEB configs
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
$BIN/v-restart-dns $restart
fi
# Find configuration # Updating DNS configs
if [ -e '/etc/vsftpd/vsftpd.conf' ]; then if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
conf='/etc/vsftpd/vsftpd.conf' sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
fi sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns $restart
fi
if [ -e '/etc/vsftpd.conf' ]; then # Updating FTP
conf='/etc/vsftpd.conf' if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
fi conf=$(find /etc -name $FTP_SYSTEM.conf)
if [ -e "$conf" ]; then
# Update config sed -i "s/$old/$new/g" $conf
if [ -z "$(grep pasv_address $conf)" ]; then if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
if [ ! -z "$nat_ip" ]; then check_pasv=$(grep pasv_address $conf)
if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
echo "pasv_address=$nat_ip" >> $conf echo "pasv_address=$nat_ip" >> $conf
fi fi
else if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
if [ ! -z "$nat_ip" ]; then
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
else
sed -i "/pasv_address/d" $conf sed -i "/pasv_address/d" $conf
fi fi
if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
fi fi
fi
fi
$BIN/v-restart-ftp $restart
fi fi
# Updating firewall
if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
$BIN/v-update-firewall
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
# Restart ftp server
$BIN/v-restart-ftp $restart
check_result $? "FTP restart failed" >/dev/null
# Logging # Logging
log_history "changed associated nat address on $ip to $nat_ip" '' 'admin' log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

2
bin/v-change-web-domain-ip
View file

@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
# Preparing variables for vhost replace # Preparing variables for vhost replace
get_domain_values 'web' get_domain_values 'web'
old=$(get_real_ip $IP) old=$(get_real_ip $IP)
new=$ip new=$(get_real_ip $ip)
# Replacing vhost # Replacing vhost
replace_web_config "$WEB_SYSTEM" "$TPL.tpl" replace_web_config "$WEB_SYSTEM" "$TPL.tpl"

10
bin/v-list-letsencrypt-user
View file

@ -23,7 +23,8 @@ json_list() {
"EMAIL": "'$EMAIL'", "EMAIL": "'$EMAIL'",
"EXPONENT": "'$EXPONENT'", "EXPONENT": "'$EXPONENT'",
"MODULUS": "'$MODULUS'", "MODULUS": "'$MODULUS'",
"THUMB: "'$THUMB'" "THUMB": "'$THUMB'",
"KID": "'$KID'"
}' }'
echo '}' echo '}'
} }
@ -35,17 +36,18 @@ shell_list() {
echo "THUMB: $THUMB" echo "THUMB: $THUMB"
echo "EXPONENT: $EXPONENT" echo "EXPONENT: $EXPONENT"
echo "MODULUS: $MODULUS" echo "MODULUS: $MODULUS"
echo "KID: $KID"
} }
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB" echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
} }
# CSV list function # CSV list function
csv_list() { csv_list() {
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB" echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB" echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
} }

25
bin/v-list-users
View file

@ -15,9 +15,14 @@ format=${1-shell}
# JSON list function # JSON list function
json_list() { json_list() {
echo '{' echo '{'
object_count=$(grep '@' /etc/passwd |wc -l)
i=1 i=1
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
if [ $i -gt 1 ]; then
echo ","
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n ' "'$USER'": { echo -n ' "'$USER'": {
"FNAME": "'$FNAME'", "FNAME": "'$FNAME'",
@ -74,14 +79,8 @@ json_list() {
"TIME": "'$TIME'", "TIME": "'$TIME'",
"DATE": "'$DATE'" "DATE": "'$DATE'"
}' }'
if [ "$i" -lt "$object_count" ]; then
echo ','
else
echo
fi
((i++)) ((i++))
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)
echo '}' echo '}'
} }
@ -90,6 +89,9 @@ shell_list() {
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
echo "---- --- --- --- --- -- ---- -- ---- ----" echo "---- --- --- --- --- -- ---- -- ---- ----"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -99,6 +101,9 @@ shell_list() {
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -131,6 +136,9 @@ csv_list() {
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -151,6 +159,9 @@ csv_list() {
# Raw list function # Raw list function
raw_list() { raw_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
echo $VESTA/data/users/$USER/user.conf echo $VESTA/data/users/$USER/user.conf
cat $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)

1
bin/v-list-web-domain-ssl
View file

@ -19,6 +19,7 @@ source $VESTA/func/main.sh
# JSON list function # JSON list function
json_list() { json_list() {
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
echo '{' echo '{'
echo -e "\t\"$domain\": {" echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\"," echo " \"CRT\": \"$crt\","

5
bin/v-open-fs-config
View file

@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
echo "Error: invalid source path $src_file" echo "Error: invalid source path $src_file"
exit 2 exit 2
fi fi
spath=$(echo "$rpath" |egrep "/etc|/var/lib")
if [ -z "$spath" ]; then
echo "Error: invalid source path $src_file"
exit 2
fi
fi fi
# Reading conf # Reading conf

4
bin/v-rebuild-web-domains
View file

@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
#----------------------------------------------------------# #----------------------------------------------------------#
# Deleting old web configs # Deleting old web configs
sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then
rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
fi fi
@ -47,7 +47,7 @@ fi
# Deleting old proxy configs # Deleting old proxy configs
if [ ! -z "$PROXY_SYSTEM" ]; then if [ ! -z "$PROXY_SYSTEM" ]; then
sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf

6
bin/v-restore-user
View file

@ -229,8 +229,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
(( ++i)) (( ++i))
done done
if [ -z "$BACKUP_TEMP" ]; then
BACKUP_TEMP=$BACKUP
fi
# Creating temporary directory # Creating temporary directory
tmpdir=$(mktemp -p /tmp -d) tmpdir=$(mktemp -p $BACKUP_TEMP -d)
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe sed -i "/ $user /d" $VESTA/data/queue/backup.pipe

10
bin/v-suspend-dns-domain
View file

@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Deleting system configs
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
if [ -e '/etc/named.conf' ]; then
dns_conf='/etc/named.conf'
else
dns_conf='/etc/bind/named.conf'
fi
sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

14
bin/v-unsuspend-dns-domain
View file

@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Creating system configs
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
if [ -e '/etc/named.conf' ]; then
dns_conf='/etc/named.conf'
dns_group='named'
else
dns_conf='/etc/bind/named.conf'
dns_group='bind'
fi
# Adding zone in named.conf
named="zone \"$domain_idn\" {type master; file"
named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
echo "$named" >> $dns_conf
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

17
bin/v-update-letsencrypt-ssl
View file

@ -25,13 +25,18 @@ source $VESTA/conf/vesta.conf
# Defining user list # Defining user list
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }') users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
lecounter=0
# Checking users # Checking users
for user in $users; do for user in $users; do
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
# Checking user certificates # Checking user certificates
lecounter=0
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
# Working on Web domain check - if is suspended
webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='yes")
if [ ! -z "$webSuspended" ]; then
continue;
fi;
crt="$VESTA/data/users/$user/ssl/$domain.crt" crt="$VESTA/data/users/$user/ssl/$domain.crt"
crt_data=$(openssl x509 -text -in "$crt") crt_data=$(openssl x509 -text -in "$crt")
expire=$(echo "$crt_data" |grep "Not After") expire=$(echo "$crt_data" |grep "Not After")
@ -42,6 +47,10 @@ for user in $users; do
expire=$((expire / 86400)) expire=$((expire / 86400))
domain=$(basename $crt |sed -e "s/.crt$//") domain=$(basename $crt |sed -e "s/.crt$//")
if [[ "$expire" -lt 31 ]]; then if [[ "$expire" -lt 31 ]]; then
if [ $lecounter -gt 0 ]; then
sleep 10
fi
((lecounter++))
aliases=$(echo "$crt_data" |grep DNS:) aliases=$(echo "$crt_data" |grep DNS:)
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
@ -58,10 +67,6 @@ for user in $users; do
echo "$domain $msg" echo "$domain $msg"
fi fi
fi fi
if [ $lecounter -gt 0 ]; then
sleep 10
fi
((lecounter++))
fi fi
done done
done done

154
bin/v-update-sys-ip
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# info: update system ip # info: update system ip
# options: [USER] [IP_STATUS] # options: [NONE]
# #
# The function scans configured ip in the system and register them with vesta # The function scans configured ip in the system and register them with vesta
# internal database. This call is intended for use on vps servers, where ip is # internal database. This call is intended for use on vps servers, where ip is
@ -11,12 +11,10 @@
# Variable&Function # # Variable&Function #
#----------------------------------------------------------# #----------------------------------------------------------#
# Argument definition # Importing system variables
user=${1-admin} source /etc/profile
ip_status=${2-shared}
# Includes # Includes
source /etc/profile.d/vesta.sh
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/ip.sh source $VESTA/func/ip.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
@ -26,87 +24,84 @@ source $VESTA/conf/vesta.conf
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '0' "$#" '[USER] [IP_STATUS]'
is_format_valid 'user' 'ip_status'
is_object_valid 'user' 'USER' "$user" "$user"
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Get list of ip addresses # Listing system ip addresses
ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}') ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
ip_list=$(echo "$ip_list"|cut -f 1 -d /) v_ips=$(ls $VESTA/data/ips/)
ip_num=$(echo "$ip_list" | wc -l) ip_num=$(echo "$ips" |wc -l)
v_ip_num=$(echo "$v_ips" |wc -l)
# WorkAround for DHCP IP address # Checking primary IP change
vst_ip_list=$(ls $VESTA/data/ips/) if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
vst_ip_num=$(echo "$vst_ip_list" | wc -l) if [ "$ips" != "$v_ips" ]; then
new=$ips
if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then old=$v_ips
if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
new=$ip_list
old=$vst_ip_list
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
if [ ! -z "$PROXY_SYSTEM" ]; then
mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
/etc/$PROXY_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
fi
if [ ! -z "$WEB_SYSTEM" ]; then
mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
/etc/$WEB_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
# Rebuild web domains
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
fi
if [ ! -z "$FTP_SYSTEM" ];then
ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
sed -i "s/$old/$new/g" $ftpd_conf_file
fi
# Restarting web server
$BIN/v-restart-web
# Restarting ftp server
$BIN/v-restart-ftp
# Restarting proxy server
if [ ! -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-proxy
fi
# Restarting firewall
if [ ! -z "$FIREWALL_SYSTEM" ]; then
$BIN/v-update-firewall
fi
if [ ! -z "$DNS_SYSTEM" ]; then
# Rebuild dns domains
for user in $(ls $VESTA/data/users/); do
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns
check_result $? "dns restart failed" >/dev/null
fi
# No further comparation is needed
exit
fi fi
fi fi
# Compare ips # Updating configs
for ip in $ip_list; do if [ ! -z "$new" ]; then
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
# Updating PROXY
if [ ! -z "$PROXY_SYSTEM" ]; then
cd /etc/$PROXY_SYSTEM/conf.d
if [ -e "$old.conf" ]; then
mv $old.conf $new.conf
sed -i "s/$old/$new/g" $new.conf
fi
fi
# Updating WEB
if [ ! -z "$WEB_SYSTEM" ]; then
cd /etc/$WEB_SYSTEM/conf.d
if [ -e "$old.conf" ]; then
mv $old.conf $new.conf
sed -i "s/$old/$new/g" $new.conf
fi
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
$BIN/v-restart-proxy
$BIN/v-restart-web
fi
# Updating DNS
if [ ! -z "$DNS_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns
fi
# Updating FTP
if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
if [ ! -z "$conf" ]; then
sed -i "s/$old/$new/g" $conf
$BIN/v-restart-ftp
fi
fi
# Updating firewall
if [ ! -z "$FIREWALL_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
$BIN/v-update-firewall
fi
fi
# Adding system IP
for ip in $ips; do
check_ifconfig=$(/sbin/ifconfig |grep "$ip") check_ifconfig=$(/sbin/ifconfig |grep "$ip")
if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq) interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
interface=$(echo "$interface" |cut -f 1 -d : |head -n 1) interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ ) netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
netmask=$(convert_cidr $netmask) netmask=$(convert_cidr $netmask)
@ -114,12 +109,11 @@ for ip in $ip_list; do
fi fi
done done
# Checking NAT # Updating NAT
pub_ip=$(curl -s vestacp.com/what-is-my-ip/) pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
if [ ! -z "$pub_ip" ] && [ ! -e "$VESTA/data/ips/$pub_ip" ]; then if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
check_nat=$(grep -R "$pub_ip" $VESTA/data/ips/) if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
if [ -z "$check_nat" ]; then ip=$(ls -t $VESTA/data/ips/ |head -n1)
ip=$(ls -t $VESTA/data/ips/|head -n1)
$BIN/v-change-sys-ip-nat $ip $pub_ip $BIN/v-change-sys-ip-nat $ip $pub_ip
fi fi
fi fi

1
bin/v-update-user-counters
View file

@ -53,6 +53,7 @@ for user in $user_list; do
IP_OWNED=0 IP_OWNED=0
U_USERS=0 U_USERS=0
U_DISK=0 U_DISK=0
DISK=0
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
if [ -z "$U_DISK_DIRS" ]; then if [ -z "$U_DISK_DIRS" ]; then
U_DISK_DIRS=0 U_DISK_DIRS=0

2
bin/v-update-user-quota
View file

@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
# Updating disk quota # Updating disk quota
# Had quota equals package value. Soft quota equals 90% of package value for warnings. # Had quota equals package value. Soft quota equals 90% of package value for warnings.
quota=$(get_user_value '$DISK_QUOTA') quota=$(get_user_value '$DISK_QUOTA')
soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .) soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .) hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
# Searching home mount point # Searching home mount point

3
bin/v-update-user-stats
View file

@ -67,6 +67,9 @@ TOTAL_USERS=0
# Updating user stats # Updating user stats
for user in $user_list; do for user in $user_list; do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
source $USER_DATA/user.conf source $USER_DATA/user.conf
next_month=$(date +'%m/01/%y' -d '+ 1 month') next_month=$(date +'%m/01/%y' -d '+ 1 month')

4
func/domain.sh
View file

@ -269,7 +269,7 @@ replace_web_config() {
fi fi
} }
# Delete web configuartion # Delete web configuration
del_web_config() { del_web_config() {
conf="$HOMEDIR/$user/conf/web/$domain.$1.conf" conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
if [[ "$2" =~ stpl$ ]]; then if [[ "$2" =~ stpl$ ]]; then
@ -291,7 +291,7 @@ del_web_config() {
# clean-up for both config styles if there is no more domains # clean-up for both config styles if there is no more domains
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
if [ "$web_domain" -eq '0' ]; then if [ "$web_domain" -eq '0' ]; then
sed -i "/.*\/$user\/.*/d" /etc/$1/conf.d/vesta.conf sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
if [ -f "$conf" ]; then if [ -f "$conf" ]; then
rm -f $conf rm -f $conf
fi fi

2
func/ip.sh
View file

@ -26,7 +26,7 @@ get_ip_iface() {
} }
# Check ip address speciefic value # Check ip address specific value
is_ip_key_empty() { is_ip_key_empty() {
key="$1" key="$1"
string=$(cat $VESTA/data/ips/$ip) string=$(cat $VESTA/data/ips/$ip)

17
func/main.sh
View file

@ -532,7 +532,7 @@ is_user_format_valid() {
is_domain_format_valid() { is_domain_format_valid() {
object_name=${2-domain} object_name=${2-domain}
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
check_result $E_INVALID "invalid $object_name format :: $1" check_result $E_INVALID "invalid $object_name format :: $1"
fi fi
} }
@ -805,7 +805,16 @@ is_password_format_valid() {
check_result $E_INVALID "invalid password format :: $1" check_result $E_INVALID "invalid password format :: $1"
fi fi
} }
# Missing function -
# Before: validate_format_shell
# After: is_format_valid_shell
is_format_valid_shell() {
if [ -z "$(grep -w $1 /etc/shells)" ]; then
echo "Error: shell $1 is not valid"
log_event "$E_INVALID" "$EVENT"
exit $E_INVALID
fi
}
# Format validation controller # Format validation controller
is_format_valid() { is_format_valid() {
for arg_name in $*; do for arg_name in $*; do
@ -873,6 +882,8 @@ is_format_valid() {
rtype) is_dns_type_format_valid "$arg" ;; rtype) is_dns_type_format_valid "$arg" ;;
rule) is_int_format_valid "$arg" "rule id" ;; rule) is_int_format_valid "$arg" "rule id" ;;
soa) is_domain_format_valid "$arg" 'SOA' ;; soa) is_domain_format_valid "$arg" 'SOA' ;;
#missing command: is_format_valid_shell
shell) is_format_valid_shell "$arg" ;;
stats_pass) is_password_format_valid "$arg" ;; stats_pass) is_password_format_valid "$arg" ;;
stats_user) is_user_format_valid "$arg" "$arg_name" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;;
template) is_object_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;;
@ -922,7 +933,7 @@ format_aliases() {
aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |tr -s '.')
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
aliases=$(echo "$aliases" |sed -e "s/^[.]*//") aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") aliases=$(echo "$aliases" |sed -e "/^$/d")
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
fi fi
} }

1
install/debian/7/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/7/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/debian/8/nginx/nginx.conf
View file

@ -51,6 +51,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/8/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/debian/9/nginx/nginx.conf
View file

@ -51,6 +51,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/9/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

6
install/debian/9/templates/web/nginx/http2.stpl
View file

@ -4,14 +4,14 @@ server {
ssl on; ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/9/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

48
install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/5/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/5/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/6/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/6/roundcube/vesta.php
View file

@ -48,7 +48,7 @@ class rcube_vesta_password
$context = stream_context_create(); $context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'verify_peer', false); $result = stream_context_set_option($context, 'ssl', 'verify_peer', false);
result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
$result = stream_context_set_option($context, 'ssl', 'verify_host', false); $result = stream_context_set_option($context, 'ssl', 'verify_host', false);
$result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true);

2
install/rhel/6/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/7/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/7/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/12.04/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/12.04/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

6
install/ubuntu/12.04/templates/web/nginx/http2.stpl
View file

@ -4,14 +4,14 @@ server {
ssl on; ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/ubuntu/12.04/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

48
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/12.10/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/12.10/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

6
install/ubuntu/12.10/templates/web/nginx/http2.stpl
View file

@ -4,14 +4,14 @@ server {
ssl on; ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/ubuntu/12.10/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

48
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/13.04/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/13.04/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

6
install/ubuntu/13.04/templates/web/nginx/http2.stpl
View file

@ -4,14 +4,14 @@ server {
ssl on; ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/ubuntu/13.04/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

Some files were not shown because too many files have changed in this diff Show more