diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index 327703a7..bccaa03e 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -38,8 +38,7 @@ EOF sftpc() { expect -f "-" </dev/null 2>&1 check_result $? "expect command not found" $E_NOTEXIST fi + host "$host" >/dev/null 2>&1 + check_result $? "host connection failed" "$E_CONNECT" fi diff --git a/bin/v-add-dns-on-web-alias b/bin/v-add-dns-on-web-alias index cc587483..a6a7272c 100755 --- a/bin/v-add-dns-on-web-alias +++ b/bin/v-add-dns-on-web-alias @@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l) # Adding second level domain if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then $BIN/v-add-dns-domain \ - $user $alias $ip '' '' '' '' '' $restart >> /dev/null + $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null exit fi # Adding top-level domain and then its sub -$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null +$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null # Checking top-level domain if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then diff --git a/bin/v-add-dns-record b/bin/v-add-dns-record index 2b4c52ca..bbf8edd8 100755 --- a/bin/v-add-dns-record +++ b/bin/v-add-dns-record @@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then fi fi -dvalue=${dvalue//\"/} +if [ $rtype != "CAA" ]; then + dvalue=${dvalue//\"/} -if [[ "$dvalue" =~ [\;[:space:]] ]]; then - dvalue='"'"$dvalue"'"' + if [[ "$dvalue" =~ [\;[:space:]] ]]; then + dvalue='"'"$dvalue"'"' + fi fi # Additional argument formatting diff --git a/bin/v-add-firewall-chain b/bin/v-add-firewall-chain index f963dade..0bac12da 100755 --- a/bin/v-add-firewall-chain +++ b/bin/v-add-firewall-chain @@ -21,6 +21,12 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') # Defining absolute path to iptables iptables="/sbin/iptables" +# Get vesta port by reading nginx.conf +vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||") +if [ -z "$vestaport" ]; then + vestaport=8083 +fi + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -41,13 +47,19 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' # Checking known chains case $chain in - SSH) port=22; protocol=TCP ;; + SSH) # Get ssh port by reading ssh config file. + sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) + if [ -z "$sshport" ]; then + sshport=22 + fi + port=$sshport; + protocol=TCP ;; FTP) port=21; protocol=TCP ;; MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; DNS) port=53; protocol=UDP ;; WEB) port='80,443'; protocol=TCP ;; DB) port='3306,5432'; protocol=TCP ;; - VESTA) port=8083; protocol=TCP ;; + VESTA) port=$vestaport; protocol=TCP ;; *) check_args '2' "$#" 'CHAIN PORT' ;; esac diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index c69a21f1..59d51c61 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -1,13 +1,8 @@ #!/bin/bash -# info: adding letsencrypt ssl cetificate for domain -# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY] +# info: check letsencrypt domain +# options: USER DOMAIN [ALIASES] # -# The function turns on SSL support for a domain. Parameter ssl_dir is a path -# to directory where 2 or 3 ssl files can be found. Certificate file -# domain.tld.crt and its key domain.tld.key are mandatory. Certificate -# authority domain.tld.ca file is optional. If home directory parameter -# (ssl_home) is not set, https domain uses public_shtml as separate -# documentroot directory. +# The function check and validates domain with Let's Encript #----------------------------------------------------------# @@ -18,8 +13,9 @@ user=$1 domain=$2 aliases=$3 -restart=$4 -notify=$5 + +# LE API +API='https://acme-v02.api.letsencrypt.org' # Includes source $VESTA/func/main.sh @@ -27,30 +23,67 @@ source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf # Additional argument formatting -format_domain_idn +format_identifier_idn() { + identifier_idn=$identifier + if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then + identifier_idn=$(idn -t --quiet -a $identifier_idn) + fi +} + +# encode base64 +encode_base64() { + cat |base64 |tr '+/' '-_' |tr -d '\r\n=' +} + +# Let's Encrypt v2 curl function +query_le_v2() { + + protected='{"nonce": "'$3'",' + protected=''$protected' "url": "'$1'",' + protected=''$protected' "alg": "RS256", "kid": "'$KID'"}' + content="Content-Type: application/jose+json" + + payload_=$(echo -n "$2" |encode_base64) + protected_=$(echo -n "$protected" |encode_base64) + signature_=$(printf "%s" "$protected_.$payload_" |\ + openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\ + encode_base64) + + post_data='{"protected":"'"$protected_"'",' + post_data=$post_data'"payload":"'"$payload_"'",' + post_data=$post_data'"signature":"'"$signature_"'"}' + + curl -s -i -d "$post_data" "$1" -H "$content" +} + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# -check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]' -is_format_valid 'user' 'domain' +check_args '2' "$#" 'USER DOMAIN [ALIASES]' +is_format_valid 'user' 'domain' 'aliases' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -is_system_enabled "$WEB_SSL" 'SSL_SUPPORT' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" - +get_domain_values 'web' +# check if alias is the letsencrypt wildcard domain, if not, make the normal checks +if [[ "$aliases" != "*.$domain" ]]; then + for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do + check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)" + if [ -z "$check_alias" ]; then + check_result $E_NOTEXIST "domain alias $alias doesn't exist" + fi + done +fi; #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Parsing domain data -get_domain_values 'web' - # Registering LetsEncrypt user account $BIN/v-add-letsencrypt-user $user if [ "$?" -ne 0 ]; then @@ -62,53 +95,153 @@ fi # Parsing LetsEncrypt account data source $USER_DATA/ssl/le.conf -email=$EMAIL -# Validating domain and aliases -i=1 -for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do - $BIN/v-check-letsencrypt-domain $user $alias - if [ "$?" -ne 0 ]; then - touch $VESTA/data/queue/letsencrypt.pipe - sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe - send_notice "LETSENCRYPT" "$alias validation failed" - check_result $E_INVALID "LE domain validation" >/dev/null +# Checking wildcard alias +if [ "$aliases" = "*.$domain" ]; then + wildcard='yes' + proto="dns-01" + if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then + check_result $E_NOTEXIST "DNS domain $domain doesn't exist" + fi +else + proto="http-01" +fi + +# Requesting nonce / STEP 1 +answer=$(curl -s -I "$API/directory") +nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') +if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt nonce request status $status" +fi + +# Placing new order / STEP 2 +url="$API/acme/new-order" +payload='{"identifiers":[' +for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do + format_identifier_idn + payload=$payload'{"type":"dns","value":"'$identifier_idn'"},' +done +payload=$(echo "$payload"|sed "s/,$//") +payload=$payload']}' +answer=$(query_le_v2 "$url" "$payload" "$nonce") +nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"') +finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"') +status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') +if [[ "$status" -ne 201 ]]; then + check_result $E_CONNECT "Let's Encrypt new auth status $status" +fi + +# Requesting authorization token / STEP 3 +for auth in $authz; do + payload='' + answer=$(query_le_v2 "$auth" "$payload" "$nonce") + url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \") + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status" fi - # Checking LE limits per account - if [ "$i" -gt 100 ]; then - touch $VESTA/data/queue/letsencrypt.pipe - sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe - send_notice 'LETSENCRYPT' 'Limit of domains per account is reached' - check_result $E_LIMIT "LE can't sign more than 100 domains" + # Accepting challenge / STEP 4 + if [ "$wildcard" = 'yes' ]; then + record=$(printf "%s" "$token.$THUMB" |\ + openssl dgst -sha256 -binary |encode_base64) + old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT') + old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1) + for old_record in $old_records; do + $BIN/v-delete-dns-record $user $domain $old_record + done + $BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record + check_result $? "DNS _acme-challenge record wasn't created" + else + if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then + conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt" + sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt" + if [ ! -e "$conf" ]; then + echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \ + > $conf + echo ' default_type text/plain;' >> $conf + echo ' return 200 "$1.'$THUMB'";' >> $conf + echo '}' >> $conf + fi + if [ ! -e "$sconf" ]; then + ln -s "$conf" "$sconf" + fi + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null + + else + well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known" + acme_challenge="$well_known/acme-challenge" + mkdir -p $acme_challenge + echo "$token.$THUMB" > $acme_challenge/$token + chown -R $user:$user $well_known + fi + $BIN/v-restart-web + check_result $? "Web restart failed" >/dev/null + fi + + # Requesting ACME validation / STEP 5 + validation_check=$(echo "$answer" |grep '"valid"') + if [[ ! -z "$validation_check" ]]; then + validation='valid' + else + validation='pending' + fi + + # Doing pol check on status + i=1 + while [ "$validation" = 'pending' ]; do + payload='{}' + answer=$(query_le_v2 "$url" "$payload" "$nonce") + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt validation status $status" + fi + + i=$((i + 1)) + if [ "$i" -gt 10 ]; then + check_result $E_CONNECT "Let's Encrypt domain validation timeout" + fi + sleep 1 + done + if [ "$validation" = 'invalid' ]; then + check_result $E_CONNECT "Let's Encrypt domain verification failed" fi - i=$((i++)) done -# Generating CSR -ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \ + +# Generating new ssl certificate +ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\ "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') -# Signing CSR -crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir) -if [ "$?" -ne 0 ]; then - touch $VESTA/data/queue/letsencrypt.pipe - sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe - send_notice "LETSENCRYPT" "$alias validation failed" - check_result "$E_INVALID" "LE $domain validation" +# Sending CSR to finalize order / STEP 6 +csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64) +payload='{"csr":"'$csr'"}' +answer=$(query_le_v2 "$finalize" "$payload" "$nonce") +nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') +certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"') +if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt finalize bad status $status" fi -echo "$crt" > $ssl_dir/$domain.crt -# Dowloading CA certificate -le_certs='https://letsencrypt.org/certs' -x1='lets-encrypt-x1-cross-signed.pem.txt' -x3='lets-encrypt-x3-cross-signed.pem.txt' -issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:") -if [ -z "$(echo $issuer|grep X3)" ]; then - curl -s $le_certs/$x1 > $ssl_dir/$domain.ca -else - curl -s $le_certs/$x3 > $ssl_dir/$domain.ca -fi +# Downloading signed certificate / STEP 7 +curl -s "$certificate" -o $ssl_dir/$domain.pem + +# Splitting up downloaded pem +crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:) +head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt + +pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ') +ca_end=$(grep -n "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :) +ca_end=$(( pem_lines - crt_end + 1 )) +tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca # Adding SSL ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') @@ -140,18 +273,13 @@ update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes' # Vesta # #----------------------------------------------------------# -# Restarting web -$BIN/v-restart-web $restart -if [ "$?" -ne 0 ]; then - send_notice 'LETSENCRYPT' "web server needs to be restarted manually" -fi +# Deleteing task from queue +touch $VESTA/data/queue/letsencrypt.pipe +sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe # Notifying user send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" -# Deleteing task from queue -touch $VESTA/data/queue/letsencrypt.pipe -sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user index 3b14cd69..11aec113 100755 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -1,8 +1,8 @@ #!/bin/bash # info: register letsencrypt user account -# options: USER [EMAIL] +# options: USER # -# The function creates and register LetsEncript account key +# The function creates and register LetsEncript account #----------------------------------------------------------# @@ -11,8 +11,9 @@ # Argument definition user=$1 -email=$2 -key_size=4096 + +# LE API +API='https://acme-v02.api.letsencrypt.org' # Includes source $VESTA/func/main.sh @@ -23,15 +24,38 @@ encode_base64() { cat |base64 |tr '+/' '-_' |tr -d '\r\n=' } +# Let's Encrypt v2 curl function +query_le_v2() { + protected='{"nonce": "'$3'",' + protected=''$protected' "url": "'$1'",' + protected=''$protected' "alg": "RS256", "jwk": '$jwk'}' + content="Content-Type: application/jose+json" + + payload_=$(echo -n "$2" |encode_base64) + protected_=$(echo -n "$protected" |encode_base64) + signature_=$(printf "%s" "$protected_.$payload_" |\ + openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\ + encode_base64) + + post_data='{"protected":"'"$protected_"'",' + post_data=$post_data'"payload":"'"$payload_"'",' + post_data=$post_data'"signature":"'"$signature_"'"}' + + curl -s -i -d "$post_data" "$1" -H "$content" +} + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# -check_args '1' "$#" 'USER [EMAIL]' +check_args '1' "$#" 'USER' is_format_valid 'user' is_object_valid 'user' 'USER' "$user" if [ -e "$USER_DATA/ssl/le.conf" ]; then + source "$USER_DATA/ssl/le.conf" +fi +if [ ! -z "$KID" ]; then exit fi @@ -40,57 +64,57 @@ fi # Action # #----------------------------------------------------------# -api='https://acme-v01.api.letsencrypt.org' -if [ -z "$email" ]; then - email=$(get_user_value '$CONTACT') + +# Defining user email +if [[ -z "$EMAIL" ]]; then + EMAIL=$(get_user_value '$CONTACT') fi -agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n') +# Defining user agreement +agreement='' -# Generating key -key="$USER_DATA/ssl/user.key" -if [ ! -e "$key" ]; then - openssl genrsa -out $key $key_size >/dev/null 2>&1 - chmod 600 $key +# Generating user key +KEY="$USER_DATA/ssl/user.key" +if [ ! -e "$KEY" ]; then + openssl genrsa -out $KEY 4096 >/dev/null 2>&1 + chmod 600 $KEY fi # Defining key exponent -exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ - grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ - xxd -r -p |encode_base64) +if [ -z "$EXPONENT" ]; then + EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\ + grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ + xxd -r -p |encode_base64) +fi # Defining key modulus -modulus=$(openssl rsa -in "$key" -modulus -noout |\ - sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) +if [ -z "$MODULUS" ]; then + MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\ + sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) +fi -# Defining key thumb -thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)" +# Defining JWK +jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}' -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' +# Defining key thumbnail +if [ -z "$THUMB" ]; then + THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" +fi -# Requesting nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) -# Defining registration query -query='{"resource":"new-reg","contact":["mailto:'"$email"'"],' -query=$query'"agreement":"'$agreement'"}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' +# Requesting ACME nonce +nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n') -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$api/acme/new-reg") -status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') +# Creating ACME account +url="$API/acme/new-acct" +payload='{"termsOfServiceAgreed": true}' +answer=$(query_le_v2 "$url" "$payload" "$nonce") +kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r') -# Checking http answer status -if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then - check_result $E_CONNECT "LetsEncrypt account registration $status" +# Checking answer status +status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') +if [[ "${status:0:2}" -ne "20" ]]; then + check_result $E_CONNECT "Let's Encrypt acc registration failed $status" fi @@ -99,12 +123,17 @@ fi #----------------------------------------------------------# # Adding le.conf -echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf -echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf -echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf -echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf -chmod 660 $USER_DATA/ssl/le.conf - +if [ ! -e "$USER_DATA/ssl/le.conf" ]; then + echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf + echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf + echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf + echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf + chmod 660 $USER_DATA/ssl/le.conf +else + sed -i '/^KID=/d' $USER_DATA/ssl/le.conf + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf +fi # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-add-mail-domain b/bin/v-add-mail-domain index 2676e750..6681035f 100755 --- a/bin/v-add-mail-domain +++ b/bin/v-add-mail-domain @@ -45,6 +45,7 @@ is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_domain_new 'mail' "$domain" is_package_full 'MAIL_DOMAINS' +is_dir_symlink $HOMEDIR/$user/mail #----------------------------------------------------------# diff --git a/bin/v-add-sys-mail-ssl b/bin/v-add-sys-mail-ssl new file mode 100755 index 00000000..1ebffdc3 --- /dev/null +++ b/bin/v-add-sys-mail-ssl @@ -0,0 +1,106 @@ +#!/bin/bash +# info: copy mail ssl certificate +# options: USER DOMAIN [RESTART] +# +# The function copies user domain SSL to mail SSL directory + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +restart=$3 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'USER DOMAIN [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Defining certificate location +dom_crt="/home/$user/conf/web/ssl.$domain.pem" +dom_key="/home/$user/conf/web/ssl.$domain.key" +vst_crt="$VESTA/ssl/mail.crt" +vst_key="$VESTA/ssl/mail.key" + +# Checking certificate +if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then + check_result $E_NOTEXIST "$domain certificate doesn't exist" +fi + +# Checking difference +diff $dom_crt $vst_crt >/dev/null 2>&1 +if [ $? -ne 0 ]; then + rm -f $vst_crt.old $vst_key.old + mv $vst_crt $vst_crt.old >/dev/null 2>&1 + mv $vst_key $vst_key.old >/dev/null 2>&1 + cp $dom_crt $vst_crt 2>/dev/null + cp $dom_key $vst_key 2>/dev/null + chown root:mail $vst_crt $vst_key +else + restart=no +fi + +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi +fi + +# Updating vesta.conf +if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then + echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf +else + sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \ + $VESTA/conf/vesta.conf +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-sys-vesta-ssl b/bin/v-add-sys-vesta-ssl new file mode 100755 index 00000000..32cd6c14 --- /dev/null +++ b/bin/v-add-sys-vesta-ssl @@ -0,0 +1,97 @@ +#!/bin/bash +# info: add vesta ssl certificate +# options: USER DOMAIN [RESTART] +# +# The function copies user domain SSL to vesta SSL directory + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +restart=$3 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'USER DOMAIN [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Defining certificate location +dom_crt="/home/$user/conf/web/ssl.$domain.pem" +dom_key="/home/$user/conf/web/ssl.$domain.key" +vst_crt="$VESTA/ssl/certificate.crt" +vst_key="$VESTA/ssl/certificate.key" + +# Checking certificate +if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then + check_result $E_NOTEXIST "$domain certificate doesn't exist" +fi + +# Checking difference +diff $dom_crt $vst_crt >/dev/null 2>&1 +if [ $? -ne 0 ]; then + rm -f $vst_crt.old $vst_key.old + mv $vst_crt $vst_crt.old + mv $vst_key $vst_key.old + cp $dom_crt $vst_crt 2>/dev/null + cp $dom_key $vst_key 2>/dev/null + chown root:mail $vst_crt $vst_key +else + restart=no +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi + if [ ! -z "$FTP_SYSTEM" ]; then + $BIN/v-restart-service "$FTP_SYSTEM" + fi + if [ -e "/var/run/vesta-nginx.pid" ]; then + kill -HUP $(cat /var/run/vesta-nginx.pid) + else + service vesta restart + fi +fi + +# Updating vesta.conf +if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then + echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf +else + sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \ + $VESTA/conf/vesta.conf +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 23f42725..0cab1a3d 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -30,37 +30,37 @@ is_package_new() { is_package_consistent() { source $pkg_dir/$package.pkg if [ "$WEB_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' + is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi if [ "$WEB_ALIASES" != 'unlimited' ]; then - is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' + is_int_format_valid $WEB_ALIASES 'WEB_ALIASES' fi if [ "$DNS_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' + is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS' fi if [ "$DNS_RECORDS" != 'unlimited' ]; then - is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' + is_int_format_valid $DNS_RECORDS 'DNS_RECORDS' fi if [ "$MAIL_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' + is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS' fi if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then - is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' + is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' fi if [ "$DATABASES" != 'unlimited' ]; then - is_format_valid_int $DATABASES 'DATABASES' + is_int_format_valid $DATABASES 'DATABASES' fi if [ "$CRON_JOBS" != 'unlimited' ]; then - is_format_valid_int $CRON_JOBS 'CRON_JOBS' + is_int_format_valid $CRON_JOBS 'CRON_JOBS' fi if [ "$DISK_QUOTA" != 'unlimited' ]; then - is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' + is_int_format_valid $DISK_QUOTA 'DISK_QUOTA' fi if [ "$BANDWIDTH" != 'unlimited' ]; then - is_format_valid_int $BANDWIDTH 'BANDWIDTH' + is_int_format_valid $BANDWIDTH 'BANDWIDTH' fi if [ "$BACKUPS" != 'unlimited' ]; then - is_format_valid_int $BACKUPS 'BACKUPS' + is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL } diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index 018adcb4..8a71cc9f 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -47,6 +47,7 @@ is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_package_full 'WEB_DOMAINS' 'WEB_ALIASES' is_domain_new 'web' "$domain,$aliases" +is_dir_symlink $HOMEDIR/$user/web if [ ! -z "$ip" ]; then is_ip_valid "$ip" "$user" else @@ -62,7 +63,7 @@ fi source $USER_DATA/user.conf # Creating domain directories -mkdir -p $HOMEDIR/$user/web/$domain \ +sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ $HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/document_errors \ @@ -79,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \ $HOMEDIR/$user/web/$domain/logs/ # Adding domain skeleton -cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 +sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do sed -i "s/%domain%/$domain/g" $file done @@ -90,7 +91,7 @@ chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs -chmod 644 $HOMEDIR/$user/web/$domain/public_*html/* +chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.* # Addding PHP-FPM backend if [ ! -z "$WEB_BACKEND" ]; then @@ -112,9 +113,12 @@ if [ "$aliases" = 'none' ]; then ALIAS='' else ALIAS="www.$domain" - if [ ! -z "$aliases" ]; then - ALIAS="$ALIAS,$aliases" + if [ -z "$aliases" ]; then + ALIAS="www.$domain" + else + ALIAS="$aliases" fi + ip_alias=$(get_ip_alias $domain) if [ ! -z "$ip_alias" ]; then ALIAS="$ALIAS,$ip_alias" diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index 4f1e83c0..43e5cce3 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -120,6 +120,33 @@ check_result $? "Web restart failed" >/dev/null $BIN/v-restart-proxy $restart check_result $? "Proxy restart failed" >/dev/null +# Updating system ssl dependencies +if [ ! -z "$VESTA_CERTIFICATE" ]; then + crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1 + fi +fi +if [ ! -z "$MAIL_CERTIFICATE" ]; then + crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1 + fi +fi + +if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then + hostname=$(hostname) + if [ "$hostname" = "$domain" ]; then + $BIN/v-update-host-certificate $user $domain + fi +fi + +if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then + eval "$UPDATE_SSL_SCRIPT $user $domain" +fi + # Logging log_history "enabled ssl support for $domain" log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-backup-user b/bin/v-backup-user index cc28a1c8..f9fcf6f5 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do (( ++i)) done +if [ -z "$BACKUP_TEMP" ]; then + BACKUP_TEMP=$BACKUP +fi + # Creating temporary directory -tmpdir=$(mktemp -p /tmp -d) +tmpdir=$(mktemp -p $BACKUP_TEMP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify @@ -212,24 +216,32 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then cp $USER_DATA/ssl/$domain.* vesta/ fi + # Changin dir to documentroot + cd $HOMEDIR/$user/web/$domain + # Define exclude arguments exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") set -f fargs=() - fargs+=(--exclude='logs/*') + fargs+=(--exclude='./logs/*') if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" for xpath in $xdirs; do - fargs+=(--exclude=$xpath/*) - echo "$(date "+%F %T") excluding directory $xpath" - msg="$msg\n$(date "+%F %T") excluding directory $xpath" + if [ -d "$xpath" ]; then + fargs+=(--exclude=$xpath/*) + echo "$(date "+%F %T") excluding directory $xpath" + msg="$msg\n$(date "+%F %T") excluding directory $xpath" + else + echo "$(date "+%F %T") excluding file $xpath" + msg="$msg\n$(date "+%F %T") excluding file $xpath" + fargs+=(--exclude=$xpath) + fi done fi set +f # Backup files - cd $HOMEDIR/$user/web/$domain - tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz + tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done # Print total @@ -388,14 +400,17 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then grep "DB='$database'" $conf > vesta/db.conf dump="$tmpdir/db/$database/$database.$TYPE.sql" + dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" - case $TYPE in - mysql) dump_mysql_database ;; - pgsql) dump_pgsql_database ;; - esac + if [ ! -f "$dumpgz" ]; then + case $TYPE in + mysql) dump_mysql_database ;; + pgsql) dump_pgsql_database ;; + esac - # Compress dump - gzip -$BACKUP_GZIP $dump + # Compress dump + gzip -$BACKUP_GZIP $dump + fi done # Print total @@ -445,11 +460,15 @@ if [ "$USER" != '*' ]; then fi fargs=() for xpath in $(echo "$USER" |tr ',' '\n'); do - fargs+=(-not) - fargs+=(-path) - fargs+=("./$xpath*") - echo "$(date "+%F %T") excluding directory $xpath" |\ + if [ -d "$xpath" ]; then + fargs+=(--exclude=$xpath/*) + echo "$(date "+%F %T") excluding directory $xpath" |\ tee -a $BACKUP/$user.log + else + echo "$(date "+%F %T") excluding file $xpath" |\ + tee -a $BACKUP/$user.log + fargs+=(--exclude=$xpath) + fi done IFS=$'\n' @@ -464,7 +483,7 @@ if [ "$USER" != '*' ]; then echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log # Backup files and dirs - tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz + tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz fi done set +f diff --git a/bin/v-backup-users b/bin/v-backup-users index e96eb2fb..bbabf3db 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then exit fi for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) log=$VESTA/log/backup.log if [ ! -z "$check_suspend" ]; then diff --git a/bin/v-change-sys-ip-nat b/bin/v-change-sys-ip-nat index 58232212..a3b24830 100755 --- a/bin/v-change-sys-ip-nat +++ b/bin/v-change-sys-ip-nat @@ -34,48 +34,72 @@ is_ip_valid "$ip" # Action # #----------------------------------------------------------# -# Changing nat ip +# Updating IP if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip + old='' + new=$nat_ip else - update_ip_value '$NAT' "$nat_ip" -fi - -# Check ftp system -if [ "$FTP_SYSTEM" = 'vsftpd' ]; then - - # Find configuration - if [ -e '/etc/vsftpd/vsftpd.conf' ]; then - conf='/etc/vsftpd/vsftpd.conf' - fi - - if [ -e '/etc/vsftpd.conf' ]; then - conf='/etc/vsftpd.conf' - fi - - # Update config - if [ -z "$(grep pasv_address $conf)" ]; then - if [ ! -z "$nat_ip" ]; then - echo "pasv_address=$nat_ip" >> $conf - fi - else - if [ ! -z "$nat_ip" ]; then - sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf - else - sed -i "/pasv_address/d" $conf - fi + old=$(get_ip_value '$NAT') + new=$nat_ip + sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip + if [ -z "$nat_ip" ]; then + new=$ip fi fi +# Updating WEB configs +if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then + sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-web-domains $user no + done + $BIN/v-restart-dns $restart +fi + +# Updating DNS configs +if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then + sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf + sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-dns-domains $user no + done + $BIN/v-restart-dns $restart +fi + +# Updating FTP +if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then + conf=$(find /etc -name $FTP_SYSTEM.conf) + if [ -e "$conf" ]; then + sed -i "s/$old/$new/g" $conf + if [ "$FTP_SYSTEM" = 'vsftpd' ]; then + check_pasv=$(grep pasv_address $conf) + if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then + echo "pasv_address=$nat_ip" >> $conf + fi + if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then + sed -i "/pasv_address/d" $conf + fi + if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then + sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf + fi + fi + fi + $BIN/v-restart-ftp $restart +fi + +# Updating firewall +if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf + $BIN/v-update-firewall +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -# Restart ftp server -$BIN/v-restart-ftp $restart -check_result $? "FTP restart failed" >/dev/null - # Logging log_history "changed associated nat address on $ip to $nat_ip" '' 'admin' log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-change-sys-service-config b/bin/v-change-sys-service-config index 97c14a17..0500ecb9 100755 --- a/bin/v-change-sys-service-config +++ b/bin/v-change-sys-service-config @@ -95,13 +95,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then if [ "$service" = 'php' ]; then if [ "$WEB_SYSTEM" = "nginx" ]; then - service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p) + if [ $(ps --no-headers -o comm 1) == systemd ]; then + service=$(systemctl | grep -o -E "php.*fpm.*\.service") + service=${service//.service/} + else + service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /) + fi else service=$WEB_SYSTEM fi fi - service $service restart >/dev/null 2>&1 + for single_service in $service; do + service $single_service restart >/dev/null 2>&1 + done <<< "$service" + if [ $? -ne 0 ]; then for config in $dst; do cat $config.vst.back > $config diff --git a/bin/v-change-user-password b/bin/v-change-user-password index a420502a..22a3d78f 100755 --- a/bin/v-change-user-password +++ b/bin/v-change-user-password @@ -37,6 +37,10 @@ is_password_valid echo "$user:$password" | /usr/sbin/chpasswd md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow) +if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then + rm -f $VESTA/web/reset.admin +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-web-domain-ip b/bin/v-change-web-domain-ip index 17eb55d9..5b2ab31b 100755 --- a/bin/v-change-web-domain-ip +++ b/bin/v-change-web-domain-ip @@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user" # Preparing variables for vhost replace get_domain_values 'web' old=$(get_real_ip $IP) -new=$ip +new=$(get_real_ip $ip) # Replacing vhost replace_web_config "$WEB_SYSTEM" "$TPL.tpl" diff --git a/bin/v-check-api-key b/bin/v-check-api-key new file mode 100755 index 00000000..8d0d409e --- /dev/null +++ b/bin/v-check-api-key @@ -0,0 +1,40 @@ +#!/bin/bash +# info: check api key +# options: KEY +# +# The function checks a key file in /usr/local/vesta/data/keys/ + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [ -z "$1" ]; then + echo "Error: key missmatch" + exit 9 +fi +key=$(basename $1) +ip=${2-127.0.0.1} +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ ! -e $VESTA/data/keys/$key ]; then + echo "Error: key missmatch" + echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log + +exit diff --git a/bin/v-check-letsencrypt-domain b/bin/v-check-letsencrypt-domain deleted file mode 100755 index 97e24878..00000000 --- a/bin/v-check-letsencrypt-domain +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash -# info: check letsencrypt domain -# options: USER DOMAIN -# -# The function check and validates domain with LetsEncript - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -user=$1 -domain=$2 - -# Includes -source $VESTA/func/main.sh -source $VESTA/conf/vesta.conf - -# encode base64 -encode_base64() { - cat |base64 |tr '+/' '-_' |tr -d '\r\n=' -} - -# Additional argument formatting -format_domain_idn - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '2' "$#" 'USER DOMAIN' -is_format_valid 'user' 'domain' -is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" -if [ ! -e "$USER_DATA/ssl/le.conf" ]; then - check_result $E_NOTEXIST "LetsEncrypt key doesn't exist" -fi -rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf) -if [ -z "$rdomain" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -source $USER_DATA/ssl/le.conf -api='https://acme-v01.api.letsencrypt.org' -r_domain=$(echo "$rdomain" |cut -f 2 -d \') -key="$USER_DATA/ssl/user.key" -exponent="$EXPONENT" -modulus="$MODULUS" -thumb="$THUMB" - -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' - -# Requesting nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) - -# Defining ACME query (request challenge) -query='{"resource":"new-authz","identifier"' -query=$query':{"type":"dns","value":"'"$domain_idn"'"}}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$api/acme/new-authz") - -# Checking http answer status -status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') -if [[ "$status" -ne "201" ]]; then - check_result $E_CONNECT "LetsEncrypt challenge request $status" -fi - -# Parsing domain nonce,token and uri -nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) -token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \") -uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \") - -# Adding location wrapper for request challenge -if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then - conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt" - sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt" - if [ ! -e "$conf" ]; then - echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf - echo ' default_type text/plain;' >> $conf - echo ' return 200 "$1.'$thumb'";' >> $conf - echo '}' >> $conf - fi - if [ ! -e "$sconf" ]; then - ln -s "$conf" "$sconf" - fi -else - acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge" - if [ ! -d "$acme" ]; then - mkdir -p $acme - fi - echo "$token.$thumb" > $acme/$token - chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known -fi - -# Restarting web server -if [ -z "$PROXY_SYSTEM" ]; then - $BIN/v-restart-web - check_result $? "Proxy restart failed" >/dev/null -else - $BIN/v-restart-proxy - $BIN/v-restart-web - check_result $? "Web restart failed" >/dev/null -fi - -# Defining ACME query (request validation) -query='{"resource":"challenge","type":"http-01","keyAuthorization"' -query=$query':"'$token.$thumb'","token":"'$token'"}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$uri") - -# Checking domain validation status -i=1 -status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \") -location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n') -while [ "$status" = 'pending' ]; do - answer=$(curl -s -i "$location") - detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \") - sleep 1 - i=$((i + 1)) - if [ "$i" -gt 60 ]; then - check_result $E_CONNECT "$detail" - fi -done -if [ "$status" = 'invalid' ]; then - detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - check_result $E_CONNECT "$detail" -fi - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-check-user-hash b/bin/v-check-user-hash new file mode 100755 index 00000000..a18aba0e --- /dev/null +++ b/bin/v-check-user-hash @@ -0,0 +1,100 @@ +#!/bin/bash +# info: check user hash +# options: USER HASH [IP] +# +# The function verifies user hash + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +hash=$2; HIDE=2 +ip=${3-127.0.0.1} + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +check_args '2' "$#" 'USER HASH' +is_format_valid 'user' + +# Checking user +if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Checking user hash +is_hash_valid + +# Checking empty hash +if [[ -z "$hash" ]]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +# Parsing user's salt +shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :) + +if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$' +then + salt=$(echo "$shadow" |cut -f 3 -d \$) + method=$(echo "$shadow" |cut -f 2 -d \$) + if [ "$method" -eq '1' ]; then + method='md5' + elif [ "$method" -eq '6' ]; then + method='sha-512' + else + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 + fi +else + salt=${shadow:0:2} + method='des' +fi + +# Checking salt +if [ -z "$salt" ]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Comparing hashes +if [[ "$shadow" != "$hash" ]]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log + +exit diff --git a/bin/v-check-user-password b/bin/v-check-user-password index 6d829c3a..fbb0221e 100755 --- a/bin/v-check-user-password +++ b/bin/v-check-user-password @@ -82,7 +82,8 @@ if [ -z "$salt" ]; then fi # Generating hash -hash=$($BIN/v-generate-password-hash $method $salt <<< $password) +set -o noglob +hash=$($BIN/v-generate-password-hash $method $salt <<< "$password") if [[ -z "$hash" ]]; then echo "Error: password missmatch" echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index f3541edb..ee727aa9 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -56,7 +56,7 @@ fi # Deleting dkim dns record if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1) for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done diff --git a/bin/v-delete-sys-mail-ssl b/bin/v-delete-sys-mail-ssl new file mode 100755 index 00000000..06dab82b --- /dev/null +++ b/bin/v-delete-sys-mail-ssl @@ -0,0 +1,75 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +vst_crt="$VESTA/ssl/certificate.crt" +vst_key="$VESTA/ssl/certificate.key" + +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + +# Moving old certificates +if [ -e "$VESTA/ssl/mail.crt" ]; then + mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old +fi +if [ -e "VESTA/ssl/mail.key" ]; then + mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old +fi + +# Updating vesta.conf value +sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-sys-vesta-ssl b/bin/v-delete-sys-vesta-ssl new file mode 100755 index 00000000..e90f32b9 --- /dev/null +++ b/bin/v-delete-sys-vesta-ssl @@ -0,0 +1,37 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Updating vesta.conf value +sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-user-favourites b/bin/v-delete-user-favourites index 374fa430..28a8dd97 100755 --- a/bin/v-delete-user-favourites +++ b/bin/v-delete-user-favourites @@ -32,6 +32,8 @@ case $system in DNS_REC) is_format_valid 'id' ;; *) is_format_valid 'object' esac + +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" diff --git a/bin/v-get-user-salt b/bin/v-get-user-salt new file mode 100755 index 00000000..08ee5a9c --- /dev/null +++ b/bin/v-get-user-salt @@ -0,0 +1,118 @@ +#!/bin/bash +# info: get user salt +# options: USER [IP] [FORMAT] +# +# The function provides users salt + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +ip=${2-127.0.0.1} +format=${3-shell} + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# JSON list function +json_list() { + echo '{' + echo ' "'$user'": { + "METHOD": "'$method'", + "SALT": "'$salt'", + "TIME": "'$time'", + "DATE": "'$date'" + }' + echo '}' +} + +# SHELL list function +shell_list() { + echo "METHOD: $method" + echo "SALT: $salt" +} + +# PLAIN list function +plain_list() { + echo -e "$method\t$salt" +} + +# CSV list function +csv_list() { + echo "METHOD,SALT" + echo "$method, $salt" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +check_args '1' "$#" 'USER [IP] [SALT]' +is_format_valid 'user' + +# Checking user +if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing user's salt +shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :) + +if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$' +then + salt=$(echo "$shadow" |cut -f 3 -d \$) + method=$(echo "$shadow" |cut -f 2 -d \$) + if [ "$method" -eq '1' ]; then + method='md5' + elif [ "$method" -eq '6' ]; then + method='sha-512' + else + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 + fi +else + salt=${shadow:0:2} + method='des' +fi + +if [ -z "$salt" ]; then + echo "Error: password missmatch" + echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging + +exit diff --git a/bin/v-list-dns-domain b/bin/v-list-dns-domain index f72943f9..c9c3f1ea 100755 --- a/bin/v-list-dns-domain +++ b/bin/v-list-dns-domain @@ -71,6 +71,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'dns' 'DOMAIN' "$domain" diff --git a/bin/v-list-letsencrypt-user b/bin/v-list-letsencrypt-user index cded9600..f6e2c774 100755 --- a/bin/v-list-letsencrypt-user +++ b/bin/v-list-letsencrypt-user @@ -23,7 +23,8 @@ json_list() { "EMAIL": "'$EMAIL'", "EXPONENT": "'$EXPONENT'", "MODULUS": "'$MODULUS'", - "THUMB: "'$THUMB'" + "THUMB": "'$THUMB'", + "KID": "'$KID'" }' echo '}' } @@ -35,17 +36,18 @@ shell_list() { echo "THUMB: $THUMB" echo "EXPONENT: $EXPONENT" echo "MODULUS: $MODULUS" + echo "KID: $KID" } # PLAIN list function plain_list() { - echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB" + echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID" } # CSV list function csv_list() { - echo "USER,EMAIL,EXPONENT,MODULUS,THUMB" - echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB" + echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID" + echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID" } @@ -54,6 +56,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" if [ ! -e "$USER_DATA/ssl/le.conf" ]; then check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist" diff --git a/bin/v-list-mail-domain-dkim-dns b/bin/v-list-mail-domain-dkim-dns index d7b3e2a6..d9f9d5ba 100755 --- a/bin/v-list-mail-domain-dkim-dns +++ b/bin/v-list-mail-domain-dkim-dns @@ -57,6 +57,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'mail' 'DOMAIN' "$domain" @@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain" # Parsing domain keys if [ -e "$USER_DATA/mail/$domain.pub" ]; then - pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----") + pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r") pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g') else pub="DKIM-SUPPORT-IS-NOT-ACTIVATED" diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 879c3ab3..7764af29 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -51,7 +51,9 @@ json_list() { "MAIL_URL": "'$MAIL_URL'", "DB_PMA_URL": "'$DB_PMA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'", - "SOFTACULOUS": "'$SOFTACULOUS'" + "SOFTACULOUS": "'$SOFTACULOUS'", + "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" } }' } @@ -138,6 +140,12 @@ shell_list() { if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then echo "Language: $LANGUAGE" fi + if [ ! -z "$MAIL_CERTIFICATE" ]; then + echo "Mail SSL: $MAIL_CERTIFICATE" + fi + if [ ! -z "$VESTA_CERTIFICATE" ]; then + echo "Vesta SSL: $VESTA_CERTIFICATE" + fi echo "Version: $VERSION" } @@ -151,7 +159,8 @@ plain_list() { echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" - echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" + echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t" + echo -e "$VESTA_CERTIFICATE" } @@ -165,7 +174,8 @@ csv_list() { echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," - echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" + echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS'," + echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'" echo echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," @@ -176,6 +186,7 @@ csv_list() { echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" + echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'" echo } @@ -187,7 +198,7 @@ csv_list() { # Listing data case $format in json) json_list ;; - plain) shell_list ;; + plain) plain_list ;; csv) csv_list ;; shell) shell_list ;; esac diff --git a/bin/v-list-sys-mail-ssl b/bin/v-list-sys-mail-ssl new file mode 100755 index 00000000..5da74e08 --- /dev/null +++ b/bin/v-list-sys-mail-ssl @@ -0,0 +1,135 @@ +#!/bin/bash +# info: list mail ssl certificate +# options: [FORMAT] +# +# The function of obtaining mail ssl files. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + echo '{' + echo -e "\t\"MAIL\": {" + echo " \"CRT\": \"$crt\"," + echo " \"KEY\": \"$key\"," + echo " \"CA\": \"$ca\"," + echo " \"SUBJECT\": \"$subj\"," + echo " \"ALIASES\": \"$alt_dns\"," + echo " \"NOT_BEFORE\": \"$before\"," + echo " \"NOT_AFTER\": \"$after\"," + echo " \"SIGNATURE\": \"$signature\"," + echo " \"PUB_KEY\": \"$pub_key\"," + echo " \"ISSUER\": \"$issuer\"" + echo -e "\t}\n}" +} + +# SHELL list function +shell_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$crt" ]; then + echo + echo + echo "SUBJECT: $subj" + if [ ! -z "$alt_dns" ]; then + echo "ALIASES: ${alt_dns//,/ }" + fi + echo "VALID FROM: $before" + echo "VALID TIL: $after" + echo "SIGNATURE: $signature" + echo "PUB_KEY: $pub_key" + echo "ISSUER: $issuer" + fi +} + +# PLAIN list function +plain_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$ca" ]; then + echo -e "\n$ca" + fi + if [ ! -z "$crt" ]; then + echo "$subj" + echo "${alt_dns//,/ }" + echo "$before" + echo "$after" + echo "$signature" + echo "$pub_key" + echo "$issuer" + fi + +} + +# CSV list function +csv_list() { + echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE," + echo "PUB_KEY,ISSUER" + echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\"," + echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\"" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing SSL certificate +if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then + exit +fi + +crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g') +key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g') + + +# Parsing SSL certificate details without CA +info=$(openssl x509 -text -in $VESTA/ssl/mail.crt) +subj=$(echo "$info" |grep Subject: |cut -f 2 -d =) +before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //") +after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //") +signature=$(echo "$info" |grep "Algorithm:" |head -n1 ) +signature=$(echo "$signature"| sed -e "s/.*Algorithm: //") +pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \)) +issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //") +alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',') +alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d") +alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g') + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-user b/bin/v-list-user index 05649f91..57b48bb3 100755 --- a/bin/v-list-user +++ b/bin/v-list-user @@ -154,6 +154,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-list-user-backup b/bin/v-list-user-backup index 2e0a98d0..8ee8a41b 100755 --- a/bin/v-list-user-backup +++ b/bin/v-list-user-backup @@ -75,6 +75,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER BACKUP [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" is_object_valid 'backup' 'BACKUP' "$backup" diff --git a/bin/v-list-user-log b/bin/v-list-user-log index f8581341..ca317f7d 100755 --- a/bin/v-list-user-log +++ b/bin/v-list-user-log @@ -23,7 +23,10 @@ json_list() { objects=$(echo "$logs" |wc -l) echo "{" for str in $logs; do - eval $str + ID=$(echo "$str" |cut -f 2 -d \') + DATE=$(echo "$str" |cut -f 4 -d \') + TIME=$(echo "$str" |cut -f 6 -d \') + CMD=$(echo "$str" |cut -f 8 -d \') CMD=${CMD//\"/\\\"} echo -n ' "'$ID'": { "CMD": "'$CMD'", @@ -46,13 +49,9 @@ shell_list() { echo "DATE~TIME~CMD" echo "----~----~---" for str in $logs; do - eval $str - if [ -z "$DATE" ]; then - DATE='no' - fi - if [ -z "$TIME" ]; then - TIME='no' - fi + DATE=$(echo "$str" |cut -f 4 -d \') + TIME=$(echo "$str" |cut -f 6 -d \') + CMD=$(echo "$str" |cut -f 8 -d \') echo "$DATE~$TIME~$CMD" done } @@ -61,7 +60,9 @@ shell_list() { plain_list() { IFS=$'\n' for str in $logs; do - eval $str + DATE=$(echo "$str" |cut -f 4 -d \') + TIME=$(echo "$str" |cut -f 6 -d \') + CMD=$(echo "$str" |cut -f 8 -d \') echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE" done } @@ -71,7 +72,9 @@ csv_list() { IFS=$'\n' echo "ID,CMD,UNDO,TIME,DATE" for str in $logs; do - eval $str + DATE=$(echo "$str" |cut -f 4 -d \') + TIME=$(echo "$str" |cut -f 6 -d \') + CMD=$(echo "$str" |cut -f 8 -d \') echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE" done } diff --git a/bin/v-list-user-stats b/bin/v-list-user-stats index 11b867af..0fa7dc90 100755 --- a/bin/v-list-user-stats +++ b/bin/v-list-user-stats @@ -115,6 +115,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-list-users b/bin/v-list-users index 14a6d007..32a94736 100755 --- a/bin/v-list-users +++ b/bin/v-list-users @@ -15,9 +15,14 @@ format=${1-shell} # JSON list function json_list() { echo '{' - object_count=$(grep '@' /etc/passwd |wc -l) i=1 while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi + if [ $i -gt 1 ]; then + echo "," + fi source $VESTA/data/users/$USER/user.conf echo -n ' "'$USER'": { "FNAME": "'$FNAME'", @@ -74,14 +79,8 @@ json_list() { "TIME": "'$TIME'", "DATE": "'$DATE'" }' - if [ "$i" -lt "$object_count" ]; then - echo ',' - else - echo - fi ((i++)) done < <(grep '@' /etc/passwd |cut -f1 -d:) - echo '}' } @@ -90,6 +89,9 @@ shell_list() { echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "---- --- --- --- --- -- ---- -- ---- ----" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" @@ -99,6 +101,9 @@ shell_list() { # PLAIN list function plain_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" @@ -131,6 +136,9 @@ csv_list() { echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," @@ -151,6 +159,9 @@ csv_list() { # Raw list function raw_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi echo $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf done < <(grep '@' /etc/passwd |cut -f1 -d:) diff --git a/bin/v-list-web-domain b/bin/v-list-web-domain index e0f9492c..7e33a4ab 100755 --- a/bin/v-list-web-domain +++ b/bin/v-list-web-domain @@ -110,6 +110,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-list-web-domain-ssl b/bin/v-list-web-domain-ssl index c91a7cca..d637cf89 100755 --- a/bin/v-list-web-domain-ssl +++ b/bin/v-list-web-domain-ssl @@ -19,6 +19,7 @@ source $VESTA/func/main.sh # JSON list function json_list() { + issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g") echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," @@ -97,6 +98,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-list-web-domains b/bin/v-list-web-domains index a31199fa..23de5fb4 100755 --- a/bin/v-list-web-domains +++ b/bin/v-list-web-domains @@ -100,6 +100,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-open-fs-config b/bin/v-open-fs-config index 6a4f54fd..720df86a 100755 --- a/bin/v-open-fs-config +++ b/bin/v-open-fs-config @@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then echo "Error: invalid source path $src_file" exit 2 fi + spath=$(echo "$rpath" |egrep "/etc|/var/lib") + if [ -z "$spath" ]; then + echo "Error: invalid source path $src_file" + exit 2 + fi fi # Reading conf diff --git a/bin/v-rebuild-web-domains b/bin/v-rebuild-web-domains index d28a943d..2094d19c 100755 --- a/bin/v-rebuild-web-domains +++ b/bin/v-rebuild-web-domains @@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user" #----------------------------------------------------------# # Deleting old web configs -sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf +sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf fi @@ -47,7 +47,7 @@ fi # Deleting old proxy configs if [ ! -z "$PROXY_SYSTEM" ]; then - sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf + sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf diff --git a/bin/v-restore-user b/bin/v-restore-user index 79e1e28c..bd3d86bb 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -229,8 +229,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do (( ++i)) done +if [ -z "$BACKUP_TEMP" ]; then + BACKUP_TEMP=$BACKUP +fi + # Creating temporary directory -tmpdir=$(mktemp -p /tmp -d) +tmpdir=$(mktemp -p $BACKUP_TEMP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify sed -i "/ $user /d" $VESTA/data/queue/backup.pipe @@ -402,15 +406,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then fi # Restoring web domain data - tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ - -C $HOMEDIR/$user/web/$domain/ - if [ "$?" -ne 0 ]; then - rm -rf $tmpdir - error="can't unpack $domain data tarball" - echo "$error" |$SENDMAIL -s "$subj" $email $notify - sed -i "/ $user /d" $VESTA/data/queue/backup.pipe - check_result "$E_PARSING" "$error" + chown $user $tmpdir + chmod u+w $HOMEDIR/$user/web/$domain + sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ + -C $HOMEDIR/$user/web/$domain/ --exclude=logs/* \ + 2> $HOMEDIR/$user/web/$domain/restore_errors.log + if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then + chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log fi + #if [ "$?" -ne 0 ]; then + # rm -rf $tmpdir + # error="can't unpack $domain data tarball" + # echo "$error" |$SENDMAIL -s "$subj" $email $notify + # sed -i "/ $user /d" $VESTA/data/queue/backup.pipe + # check_result "$E_PARSING" "$error" + #fi # Applying Fix for tar < 1.24 find $HOMEDIR/$user/web/$domain -type d \ @@ -582,13 +592,15 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then # Rebuilding mail config rebuild_mail_domain_conf - + domain_idn=$domain format_domain_idn # Restoring emails if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then - tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ + chown $user $tmpdir + chmod u+w $HOMEDIR/$user/mail/$domain_idn + sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then rm -rf $tmpdir diff --git a/bin/v-search-ssl-certificates b/bin/v-search-ssl-certificates new file mode 100755 index 00000000..c9208830 --- /dev/null +++ b/bin/v-search-ssl-certificates @@ -0,0 +1,93 @@ +#!/bin/bash +# info: search ssl certificates +# options: [FORMAT] +# +# The function to obtain the list of available ssl certificates. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + objects=$(echo "$search_cmd" |wc -l) + i=1 + echo '[' + for str in $search_cmd; do + eval $str + if [ "$i" -lt "$objects" ]; then + echo -e "\t\"$USER:$DOMAIN\"," + else + echo -e "\t\"$USER:$DOMAIN\"" + fi + (( ++i)) + done + echo "]" +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "USER DOMAIN" + echo "---- ------" + for str in $search_cmd; do + eval $str + echo "$USER $DOMAIN" + done +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + for str in $search_cmd; do + eval $str + echo -e "$USER\t$DOMAIN" + done +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "USER,DOMAIN" + for str in $search_cmd; do + eval $str + echo "$USER,$DOMAIN" + done +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\ + cut -f 1 -d ' ' |\ + sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |") + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-sign-letsencrypt-csr b/bin/v-sign-letsencrypt-csr deleted file mode 100755 index 414eb8b3..00000000 --- a/bin/v-sign-letsencrypt-csr +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash -# info: sing letsencrypt csr -# options: USER DOMAIN CSR_DIR [FORMAT] -# -# The function signs certificate request using LetsEncript API - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -user=$1 -domain=$2 -csr="$3/$domain.csr" -format=$4 - -# Includes -source $VESTA/func/main.sh -source $VESTA/conf/vesta.conf - -# encode base64 -encode_base64() { - cat |base64 |tr '+/' '-_' |tr -d '\r\n=' -} - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '3' "$#" 'USER DOMAIN CSR' -is_format_valid 'user' 'domain' -is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" -if [ ! -e "$USER_DATA/ssl/le.conf" ]; then - check_result $E_NOTEXIST "LetsEncrypt key doesn't exist" -fi -check_domain=$(grep -w "$domain'" $USER_DATA/web.conf) -if [ -z "$check_domain" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi -if [ ! -e "$csr" ]; then - check_result $E_NOTEXIST "$csr doesn't exist" -fi - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -source $USER_DATA/ssl/le.conf -api='https://acme-v01.api.letsencrypt.org' -key="$USER_DATA/ssl/user.key" -exponent="$EXPONENT" -modulus="$MODULUS" -thumb="$THUMB" - -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' - -# Requesting nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) - -# Defining ACME query (request challenge) -csr=$(openssl req -in $csr -outform DER |encode_base64) -query='{"resource":"new-cert","csr":"'$csr'"}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(mktemp) -curl -s -d "$data" "$api/acme/new-cert" -o $answer -if [ ! -z "$(grep Error $answer)" ]; then - detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - detail=$(echo "$detail" |awk -F "::" '{print $2}') - rm $answer - check_result $E_LIMIT "$detail" -fi - -# Printing certificate -crt=$(cat "$answer" |openssl base64 -e) -rm $answer -if [ "$format" != 'json' ]; then - echo "-----BEGIN CERTIFICATE-----" - echo "$crt" - echo "-----END CERTIFICATE-----" -else - echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\"" - echo -n '-----BEGIN CERTIFICATE-----\n' - echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g' - echo -n '-----END CERTIFICATE-----' - echo -e "\"\n\t\t}\n\t}" -fi - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-suspend-dns-domain b/bin/v-suspend-dns-domain index b42e2e99..bfe30f0b 100755 --- a/bin/v-suspend-dns-domain +++ b/bin/v-suspend-dns-domain @@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain" # Action # #----------------------------------------------------------# +# Deleting system configs +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + if [ -e '/etc/named.conf' ]; then + dns_conf='/etc/named.conf' + else + dns_conf='/etc/bind/named.conf' + fi + + sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-dns-domain b/bin/v-unsuspend-dns-domain index bc8de6ee..38008d2f 100755 --- a/bin/v-unsuspend-dns-domain +++ b/bin/v-unsuspend-dns-domain @@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain" # Action # #----------------------------------------------------------# +# Creating system configs +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + if [ -e '/etc/named.conf' ]; then + dns_conf='/etc/named.conf' + dns_group='named' + else + dns_conf='/etc/bind/named.conf' + dns_group='bind' + fi + # Adding zone in named.conf + named="zone \"$domain_idn\" {type master; file" + named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};" + echo "$named" >> $dns_conf +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-mail-account b/bin/v-unsuspend-mail-account index 314c13bc..57e54af5 100755 --- a/bin/v-unsuspend-mail-account +++ b/bin/v-unsuspend-mail-account @@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account" if [[ "$MAIL_SYSTEM" =~ exim ]]; then md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5') quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA') + if [ "$quota" = 'unlimited' ]; then + quota=0 + fi sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd diff --git a/bin/v-update-firewall b/bin/v-update-firewall index da91acc8..46e2073a 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then conntrack_ftp='no' fi -# Checking custom OpenSSH port -sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) -if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then - sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules -fi # Creating temporary file tmp=$(mktemp) diff --git a/bin/v-update-host-certificate b/bin/v-update-host-certificate index 0f3324b9..71a87709 100755 --- a/bin/v-update-host-certificate +++ b/bin/v-update-host-certificate @@ -72,11 +72,16 @@ chown $exim_user:mail $VESTA/ssl/certificate.crt chown $exim_user:mail $VESTA/ssl/certificate.key # Restart exim, dovecot & vesta -v-restart-mail -v-restart-service dovecot -v-restart-service vesta - - +$BIN/v-restart-mail +if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service "$IMAP_SYSTEM" +fi +if [ ! -z "$FTP_SYSTEM" ]; then + $BIN/v-restart-service "$FTP_SYSTEM" +fi +if [ -f "/var/run/vesta-nginx.pid" ]; then + kill -HUP $(cat /var/run/vesta-nginx.pid) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 93fe9023..459b9879 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -22,42 +22,33 @@ source $VESTA/conf/vesta.conf # Action # #----------------------------------------------------------# -# Defining user list -users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }') +lecounter=0 -# Checking users -for user in $users; do +# Checking user certificates +for user in $($BIN/v-list-users plain |cut -f 1); do USER_DATA=$VESTA/data/users/$user - # Checking user certificates - for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do - crt="$VESTA/data/users/$user/ssl/$domain.crt" - crt_data=$(openssl x509 -text -in "$crt") - expire=$(echo "$crt_data" |grep "Not After") - expire=$(echo "$expire" |cut -f 2,3,4 -d :) - expire=$(date -d "$expire" +%s) + for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do + crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt) + not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :) + expiration=$(date -d "$not_after" +%s) now=$(date +%s) - expire=$((expire - now)) - expire=$((expire / 86400)) - domain=$(basename $crt |sed -e "s/.crt$//") - if [[ "$expire" -lt 31 ]]; then - aliases=$(echo "$crt_data" |grep DNS:) - aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") - aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") - aliases=$(echo "$aliases" |grep -v "^$domain$") - if [ ! -z "$aliases" ]; then - aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') - msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) - if [ $? -ne 0 ]; then - echo "$domain $msg" - fi - else - msg==$($BIN/v-add-letsencrypt-domain $user $domain) - if [ $? -ne 0 ]; then - echo "$domain $msg" - fi + seconds_valid=$((expiration - now)) + days_valid=$((seconds_valid / 86400)) + if [[ "$days_valid" -lt 31 ]]; then + if [ $lecounter -gt 0 ]; then + sleep 10 + fi + ((lecounter++)) + aliases=$(echo "$crt_data" |grep DNS:) + aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g") + aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") + aliases=$(echo "$aliases" |egrep -v "^$domain,?$") + aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') + msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) + if [ $? -ne 0 ]; then + echo "$domain $msg" fi - sleep 10 fi done done diff --git a/bin/v-update-sys-ip b/bin/v-update-sys-ip index ab7bc129..6c07edc6 100755 --- a/bin/v-update-sys-ip +++ b/bin/v-update-sys-ip @@ -1,6 +1,6 @@ #!/bin/bash # info: update system ip -# options: [USER] [IP_STATUS] +# options: [NONE] # # The function scans configured ip in the system and register them with vesta # internal database. This call is intended for use on vps servers, where ip is @@ -11,12 +11,10 @@ # Variable&Function # #----------------------------------------------------------# -# Argument definition -user=${1-admin} -ip_status=${2-shared} +# Importing system variables +source /etc/profile # Includes -source /etc/profile.d/vesta.sh source $VESTA/func/main.sh source $VESTA/func/ip.sh source $VESTA/conf/vesta.conf @@ -26,87 +24,84 @@ source $VESTA/conf/vesta.conf # Verifications # #----------------------------------------------------------# -check_args '0' "$#" '[USER] [IP_STATUS]' -is_format_valid 'user' 'ip_status' -is_object_valid 'user' 'USER' "$user" "$user" - #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Get list of ip addresses -ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}') -ip_list=$(echo "$ip_list"|cut -f 1 -d /) -ip_num=$(echo "$ip_list" | wc -l) +# Listing system ip addresses +ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/) +v_ips=$(ls $VESTA/data/ips/) +ip_num=$(echo "$ips" |wc -l) +v_ip_num=$(echo "$v_ips" |wc -l) -# WorkAround for DHCP IP address -vst_ip_list=$(ls $VESTA/data/ips/) -vst_ip_num=$(echo "$vst_ip_list" | wc -l) - -if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then - if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then - new=$ip_list - old=$vst_ip_list - mv $VESTA/data/ips/$old $VESTA/data/ips/$new - if [ ! -z "$PROXY_SYSTEM" ]; then - mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \ - /etc/$PROXY_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf - fi - if [ ! -z "$WEB_SYSTEM" ]; then - mv /etc/$WEB_SYSTEM/conf.d/$old.conf \ - /etc/$WEB_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf - - # Rebuild web domains - for user in $(ls $VESTA/data/users/); do - $BIN/v-rebuild-web-domains $user no - done - fi - if [ ! -z "$FTP_SYSTEM" ];then - ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf) - sed -i "s/$old/$new/g" $ftpd_conf_file - fi - - # Restarting web server - $BIN/v-restart-web - - # Restarting ftp server - $BIN/v-restart-ftp - - # Restarting proxy server - if [ ! -z "$PROXY_SYSTEM" ]; then - $BIN/v-restart-proxy - fi - - # Restarting firewall - if [ ! -z "$FIREWALL_SYSTEM" ]; then - $BIN/v-update-firewall - fi - - if [ ! -z "$DNS_SYSTEM" ]; then - # Rebuild dns domains - for user in $(ls $VESTA/data/users/); do - sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf - sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf - $BIN/v-rebuild-dns-domains $user no - done - $BIN/v-restart-dns - check_result $? "dns restart failed" >/dev/null - fi - - # No further comparation is needed - exit +# Checking primary IP change +if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then + if [ "$ips" != "$v_ips" ]; then + new=$ips + old=$v_ips fi fi -# Compare ips -for ip in $ip_list; do +# Updating configs +if [ ! -z "$old" ]; then + mv $VESTA/data/ips/$old $VESTA/data/ips/$new + + # Updating PROXY + if [ ! -z "$PROXY_SYSTEM" ]; then + cd /etc/$PROXY_SYSTEM/conf.d + if [ -e "$old.conf" ]; then + mv $old.conf $new.conf + sed -i "s/$old/$new/g" $new.conf + fi + fi + + # Updating WEB + if [ ! -z "$WEB_SYSTEM" ]; then + cd /etc/$WEB_SYSTEM/conf.d + if [ -e "$old.conf" ]; then + mv $old.conf $new.conf + sed -i "s/$old/$new/g" $new.conf + fi + sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-web-domains $user no + done + $BIN/v-restart-proxy + $BIN/v-restart-web + fi + + # Updating DNS + if [ ! -z "$DNS_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf + sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-dns-domains $user no + done + $BIN/v-restart-dns + fi + + # Updating FTP + if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then + conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf) + if [ ! -z "$conf" ]; then + sed -i "s/$old/$new/g" $conf + $BIN/v-restart-ftp + fi + fi + + # Updating firewall + if [ ! -z "$FIREWALL_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf + $BIN/v-update-firewall + fi +fi + +# Adding system IP +for ip in $ips; do check_ifconfig=$(/sbin/ifconfig |grep "$ip") if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then - interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq) + interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq) interface=$(echo "$interface" |cut -f 1 -d : |head -n 1) netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ ) netmask=$(convert_cidr $netmask) @@ -114,6 +109,15 @@ for ip in $ip_list; do fi done +# Updating NAT +pub_ip=$(curl -s vestacp.com/what-is-my-ip/) +if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then + if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then + ip=$(ls -t $VESTA/data/ips/ |head -n1) + $BIN/v-change-sys-ip-nat $ip $pub_ip + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-sys-rrd-mysql b/bin/v-update-sys-rrd-mysql index aa6734e9..8c6bb75e 100755 --- a/bin/v-update-sys-rrd-mysql +++ b/bin/v-update-sys-rrd-mysql @@ -14,6 +14,7 @@ period=${1-daily} # Includes source $VESTA/func/main.sh +source $VESTA/func/db.sh source $VESTA/conf/vesta.conf @@ -66,23 +67,10 @@ for host in $hosts; do fi if [ "$period" = 'daily' ]; then - # Defining host credentials - host_str=$(grep "HOST='$host'" $conf) - for key in $host_str; do - eval ${key%%=*}=${key#*=} - done - sql="mysql -h $HOST -u $USER -p$PASSWORD -e" - - # Checking empty vars - if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ]; then - echo "Error: config is broken" - log_event "$E_PARSING" "$ARGUMENTS" - exit $E_PARSING - fi - - # Parsing data - status=$($sql "SHOW GLOBAL STATUS" 2>/dev/null); code="$?" - if [ '0' -ne "$code" ]; then + mysql_connect $host + query='SHOW GLOBAL STATUS' + status=$(mysql_query "$query" 2>/dev/null) + if [ $? -ne 0 ]; then active=0 slow=0 else diff --git a/bin/v-update-sys-rrd-pgsql b/bin/v-update-sys-rrd-pgsql index 6e15c9e8..de2fec8f 100755 --- a/bin/v-update-sys-rrd-pgsql +++ b/bin/v-update-sys-rrd-pgsql @@ -85,7 +85,7 @@ for host in $hosts; do # Parsing data q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends) FROM pg_stat_database;' - status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?" + status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?" if [ '0' -ne "$code" ]; then active=0 slow=0 diff --git a/bin/v-update-sys-vesta b/bin/v-update-sys-vesta index 39cd33a2..418fe26f 100755 --- a/bin/v-update-sys-vesta +++ b/bin/v-update-sys-vesta @@ -33,7 +33,7 @@ check_args '1' "$#" 'PACKAGE' # Action # #----------------------------------------------------------# -if [ -d "/etc/sysconfig" ]; then +if [ -n "$(command -v yum)" ]; then # Clean yum chache yum -q clean all diff --git a/bin/v-update-user-counters b/bin/v-update-user-counters index 5fcdd671..b0f94430 100755 --- a/bin/v-update-user-counters +++ b/bin/v-update-user-counters @@ -53,6 +53,7 @@ for user in $user_list; do IP_OWNED=0 U_USERS=0 U_DISK=0 + DISK=0 U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') if [ -z "$U_DISK_DIRS" ]; then U_DISK_DIRS=0 diff --git a/bin/v-update-user-quota b/bin/v-update-user-quota index b0f376a2..3483bca5 100755 --- a/bin/v-update-user-quota +++ b/bin/v-update-user-quota @@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user" # Updating disk quota # Had quota equals package value. Soft quota equals 90% of package value for warnings. quota=$(get_user_value '$DISK_QUOTA') -soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .) +soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .) hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .) # Searching home mount point diff --git a/bin/v-update-user-stats b/bin/v-update-user-stats index f6b5ff56..23854328 100755 --- a/bin/v-update-user-stats +++ b/bin/v-update-user-stats @@ -67,6 +67,9 @@ TOTAL_USERS=0 # Updating user stats for user in $user_list; do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi USER_DATA=$VESTA/data/users/$user source $USER_DATA/user.conf next_month=$(date +'%m/01/%y' -d '+ 1 month') diff --git a/func/db.sh b/func/db.sh index c42677a2..30018065 100644 --- a/func/db.sh +++ b/func/db.sh @@ -38,23 +38,31 @@ mysql_connect() { exit $E_CONNECT fi mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -) + mysql_fork="mysql" + check_mysql_fork=$(grep "MariaDB" $mysql_out) + if [ ! -z "$check_mysql_fork" ]; then + mysql_fork="mariadb" + fi rm -f $mysql_out } mysql_query() { - mysql --defaults-file=$mycnf -e "$1" 2>/dev/null + sql_tmp=$(mktemp) + echo "$1" > $sql_tmp + mysql --defaults-file=$mycnf < "$sql_tmp" 2>/dev/null + rm -f "$sql_tmp" } mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi - echo "Error: dump $database failed" + echo "Error: dump $database failed\n$(cat $err)" log_event "$E_DB" "$ARGUMENTS" exit $E_DB fi @@ -84,7 +92,10 @@ psql_connect() { } psql_query() { - psql -h $HOST -U $USER -c "$1" 2>/dev/null + sql_tmp=$(mktemp) + echo "$1" > $sql_tmp + psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null + rm -f $sql_tmp } psql_dump() { diff --git a/func/domain.sh b/func/domain.sh index 1d4b5479..713cc52a 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -215,7 +215,11 @@ add_web_config() { fi fi - trigger="${2/.*pl/.sh}" + trigger="${2/%.tpl/.sh}" + if [[ "$2" =~ stpl$ ]]; then + trigger="${2/%.stpl/.sh}" + fi + if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then $WEBTPL/$1/$WEB_BACKEND/$trigger \ $user $domain $local_ip $HOMEDIR \ @@ -269,7 +273,7 @@ replace_web_config() { fi } -# Delete web configuartion +# Delete web configuration del_web_config() { conf="$HOMEDIR/$user/conf/web/$domain.$1.conf" if [[ "$2" =~ stpl$ ]]; then @@ -285,12 +289,16 @@ del_web_config() { if [[ "$2" =~ stpl$ ]]; then conf="$HOMEDIR/$user/conf/web/s$1.conf" fi - get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf - sed -i "$top_line,$bottom_line d" $conf - - web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) - if [ "$web_domain" -eq '0' ]; then - sed -i "/.*\/$user\/.*$1.conf/d" /etc/$1/conf.d/vesta.conf + if [ -e "$conf" ]; then + get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf + sed -i "$top_line,$bottom_line d" $conf + fi + fi + # clean-up for both config styles if there is no more domains + web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) + if [ "$web_domain" -eq '0' ]; then + sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf + if [ -f "$conf" ]; then rm -f $conf fi fi @@ -335,7 +343,7 @@ is_web_domain_cert_valid() { check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)" fi - openssl s_server -quiet -cert $ssl_dir/$domain.crt \ + openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \ -key $ssl_dir/$domain.key >> /dev/null 2>&1 & pid=$! sleep 0.5 diff --git a/func/ip.sh b/func/ip.sh index d78cfa73..c99a3272 100644 --- a/func/ip.sh +++ b/func/ip.sh @@ -26,7 +26,7 @@ get_ip_iface() { } -# Check ip address speciefic value +# Check ip address specific value is_ip_key_empty() { key="$1" string=$(cat $VESTA/data/ips/$ip) @@ -141,7 +141,7 @@ get_real_ip() { else nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) if [ ! -z "$nat" ]; then - echo "$nat" |cut -f 1 -d : |cut -f 7 -d / + echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1 fi fi } diff --git a/func/main.sh b/func/main.sh index cec97888..edbaa664 100644 --- a/func/main.sh +++ b/func/main.sh @@ -35,6 +35,7 @@ E_DB=17 E_RRD=18 E_UPDATE=19 E_RESTART=20 +E_TEAPOT=418 # Event string for logger for ((I=1; I <= $# ; I++)); do @@ -212,7 +213,8 @@ is_object_new() { # Check if object is valid is_object_valid() { if [ $2 = 'USER' ]; then - if [ ! -d "$VESTA/data/users/$3" ]; then + user_vst_dir=$(basename $3) + if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then check_result $E_NOTEXIST "$1 $3 doesn't exist" fi else @@ -273,11 +275,27 @@ is_object_value_exist() { is_password_valid() { if [[ "$password" =~ ^/tmp/ ]]; then if [ -f "$password" ]; then - password=$(head -n1 $password) + password="$(head -n1 $password)" fi fi } +# Check if hash is transmitted via file +is_hash_valid() { + if [[ "$hash" =~ ^/tmp/ ]]; then + if [ -f "$hash" ]; then + hash="$(head -n1 $hash)" + fi + fi +} + +# Check if directory is a symlink +is_dir_symlink() { + if [[ -L "$1" ]]; then + check_result $E_FORBIDEN "$1 directory is a symlink" + fi +} + # Get object value get_object_value() { object=$(grep "$2='$3'" $USER_DATA/$1.conf) @@ -516,7 +534,7 @@ is_user_format_valid() { is_domain_format_valid() { object_name=${2-domain} exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" - if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then + if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then check_result $E_INVALID "invalid $object_name format :: $1" fi } @@ -643,7 +661,7 @@ is_dbuser_format_valid() { # DNS record type validator is_dns_type_format_valid() { - known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA' + known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA' if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then check_result $E_INVALID "invalid dns record type format :: $1" fi @@ -789,7 +807,16 @@ is_password_format_valid() { check_result $E_INVALID "invalid password format :: $1" fi } - +# Missing function - +# Before: validate_format_shell +# After: is_format_valid_shell +is_format_valid_shell() { + if [ -z "$(grep -w $1 /etc/shells)" ]; then + echo "Error: shell $1 is not valid" + log_event "$E_INVALID" "$EVENT" + exit $E_INVALID + fi +} # Format validation controller is_format_valid() { for arg_name in $*; do @@ -856,7 +883,9 @@ is_format_valid() { restart) is_boolean_format_valid "$arg" 'restart' ;; rtype) is_dns_type_format_valid "$arg" ;; rule) is_int_format_valid "$arg" "rule id" ;; - soa) is_domain_format_valid "$arg" 'SOA' ;; + soa) is_domain_format_valid "$arg" 'SOA' ;; + #missing command: is_format_valid_shell + shell) is_format_valid_shell "$arg" ;; stats_pass) is_password_format_valid "$arg" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;; @@ -906,7 +935,7 @@ format_aliases() { aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/^[.]*//") - aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") + aliases=$(echo "$aliases" |sed -e "/^$/d") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") fi } diff --git a/func/rebuild.sh b/func/rebuild.sh index e5ab182a..cf743d65 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -71,6 +71,9 @@ rebuild_user_conf() { echo "$BIN/v-update-web-domains-disk $user" \ >> $VESTA/data/queue/disk.pipe + if [[ -L "$HOMEDIR/$user/web" ]]; then + rm $HOMEDIR/$user/web + fi mkdir -p $HOMEDIR/$user/conf/web mkdir -p $HOMEDIR/$user/web mkdir -p $HOMEDIR/$user/tmp @@ -105,6 +108,9 @@ rebuild_user_conf() { echo "$BIN/v-update-mail-domains-disk $user" \ >> $VESTA/data/queue/disk.pipe + if [[ -L "$HOMEDIR/$user/mail" ]]; then + rm $HOMEDIR/$user/mail + fi mkdir -p $HOMEDIR/$user/conf/mail mkdir -p $HOMEDIR/$user/mail chmod 751 $HOMEDIR/$user/mail @@ -146,7 +152,7 @@ rebuild_web_domain_conf() { prepare_web_domain_values # Rebuilding domain directories - mkdir -p $HOMEDIR/$user/web/$domain \ + sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ $HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/document_errors \ @@ -172,7 +178,8 @@ rebuild_web_domain_conf() { # Propagating html skeleton if [ ! -e "$WEBTPL/skel/document_errors/" ]; then - cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/ + sudo -u $user cp -r $WEBTPL/skel/document_errors/ \ + $HOMEDIR/$user/web/$domain/ fi # Set folder permissions @@ -535,12 +542,30 @@ rebuild_mail_domain_conf() { rebuild_mysql_database() { mysql_connect $HOST mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null - if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then - mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" >/dev/null - mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" >/dev/null - query="UPDATE mysql.user SET authentication_string='$MD5'" - query="$query WHERE User='$DBUSER'" + if [ "$mysql_fork" = "mysql" ]; then + # mysql + if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then + # mysql >= 5.7 + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null + query="UPDATE mysql.user SET authentication_string='$MD5'" + query="$query WHERE User='$DBUSER'" + else + # mysql < 5.7 + query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" + fi else + # mariadb + if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then + # mariadb = 5 + mysql_query "CREATE USER \`$DBUSER\`" > /dev/null + mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null + else + # mariadb = 10 + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null + fi + # mariadb any version query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" fi mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null @@ -576,7 +601,7 @@ rebuild_pgsql_database() { exit $E_CONNECT fi - query="CREATE ROLE $DBUSER" + query="CREATE ROLE $DBUSER WITH LOGIN" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'" @@ -593,7 +618,7 @@ rebuild_pgsql_database() { query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 - query="GRANT CONNECT ON DATABASE template1 to $dbuser" + query="GRANT CONNECT ON DATABASE template1 to $DBUSER" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 } diff --git a/install/debian/7/nginx/nginx.conf b/install/debian/7/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/debian/7/nginx/nginx.conf +++ b/install/debian/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/debian/7/pma/config.inc.php b/install/debian/7/pma/config.inc.php index a643a065..4b6a3a6b 100644 --- a/install/debian/7/pma/config.inc.php +++ b/install/debian/7/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/7/sudo/admin b/install/debian/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/7/sudo/admin +++ b/install/debian/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/7/templates/web/apache2/basedir.stpl b/install/debian/7/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/debian/7/templates/web/apache2/basedir.stpl +++ b/install/debian/7/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/7/templates/web/apache2/hosting.stpl b/install/debian/7/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/debian/7/templates/web/apache2/hosting.stpl +++ b/install/debian/7/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/7/templates/web/apache2/phpcgi.stpl b/install/debian/7/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/debian/7/templates/web/apache2/phpcgi.stpl +++ b/install/debian/7/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/7/templates/web/apache2/phpfcgid.stpl b/install/debian/7/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/debian/7/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/7/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/7/templates/web/nginx/caching.stpl b/install/debian/7/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/debian/7/templates/web/nginx/caching.stpl +++ b/install/debian/7/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/7/templates/web/nginx/default.stpl b/install/debian/7/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/7/templates/web/nginx/default.stpl +++ b/install/debian/7/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/7/templates/web/nginx/hosting.stpl b/install/debian/7/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/7/templates/web/nginx/hosting.stpl +++ b/install/debian/7/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/7/templates/web/nginx/http2.stpl b/install/debian/7/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/debian/7/templates/web/nginx/http2.stpl +++ b/install/debian/7/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/7/templates/web/nginx/http2.tpl b/install/debian/7/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/7/templates/web/nginx/http2.tpl +++ b/install/debian/7/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl b/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/nginx/nginx.conf b/install/debian/8/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/8/nginx/nginx.conf +++ b/install/debian/8/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/debian/8/pma/config.inc.php b/install/debian/8/pma/config.inc.php index eafc6d67..a3803697 100644 --- a/install/debian/8/pma/config.inc.php +++ b/install/debian/8/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/8/sudo/admin b/install/debian/8/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/8/sudo/admin +++ b/install/debian/8/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/8/templates/web/apache2/basedir.stpl b/install/debian/8/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/debian/8/templates/web/apache2/basedir.stpl +++ b/install/debian/8/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/8/templates/web/apache2/hosting.stpl b/install/debian/8/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/debian/8/templates/web/apache2/hosting.stpl +++ b/install/debian/8/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpcgi.stpl b/install/debian/8/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.stpl +++ b/install/debian/8/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/8/templates/web/apache2/phpfcgid.stpl b/install/debian/8/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/nginx/caching.stpl b/install/debian/8/templates/web/nginx/caching.stpl index 52641dbe..3c56004d 100755 --- a/install/debian/8/templates/web/nginx/caching.stpl +++ b/install/debian/8/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/8/templates/web/nginx/default.stpl b/install/debian/8/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/8/templates/web/nginx/default.stpl +++ b/install/debian/8/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/8/templates/web/nginx/hosting.stpl b/install/debian/8/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/8/templates/web/nginx/hosting.stpl +++ b/install/debian/8/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/8/templates/web/nginx/http2.stpl b/install/debian/8/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/debian/8/templates/web/nginx/http2.stpl +++ b/install/debian/8/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/8/templates/web/nginx/http2.tpl b/install/debian/8/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/8/templates/web/nginx/http2.tpl +++ b/install/debian/8/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl b/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/9/dovecot/conf.d/15-mailboxes.conf b/install/debian/9/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 00000000..7b2bab97 --- /dev/null +++ b/install/debian/9/dovecot/conf.d/15-mailboxes.conf @@ -0,0 +1,29 @@ +## Mailbox definitions +## + + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = subscribe + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + mailbox "Sent Messages" { + special_use = \Sent + } +} diff --git a/install/debian/9/nginx/nginx.conf b/install/debian/9/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/9/nginx/nginx.conf +++ b/install/debian/9/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/debian/9/pma/config.inc.php b/install/debian/9/pma/config.inc.php index eafc6d67..a3803697 100644 --- a/install/debian/9/pma/config.inc.php +++ b/install/debian/9/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/9/sudo/admin b/install/debian/9/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/9/sudo/admin +++ b/install/debian/9/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/9/templates/web/apache2/basedir.stpl b/install/debian/9/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/debian/9/templates/web/apache2/basedir.stpl +++ b/install/debian/9/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/9/templates/web/apache2/hosting.stpl b/install/debian/9/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/debian/9/templates/web/apache2/hosting.stpl +++ b/install/debian/9/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpcgi.stpl b/install/debian/9/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.stpl +++ b/install/debian/9/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/9/templates/web/apache2/phpfcgid.stpl b/install/debian/9/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/nginx/caching.stpl b/install/debian/9/templates/web/nginx/caching.stpl index 52641dbe..3c56004d 100755 --- a/install/debian/9/templates/web/nginx/caching.stpl +++ b/install/debian/9/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/9/templates/web/nginx/default.stpl b/install/debian/9/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/9/templates/web/nginx/default.stpl +++ b/install/debian/9/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/9/templates/web/nginx/hosting.stpl b/install/debian/9/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/9/templates/web/nginx/hosting.stpl +++ b/install/debian/9/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/9/templates/web/nginx/http2.stpl b/install/debian/9/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/debian/9/templates/web/nginx/http2.stpl +++ b/install/debian/9/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/9/templates/web/nginx/http2.tpl b/install/debian/9/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/9/templates/web/nginx/http2.tpl +++ b/install/debian/9/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/nginx/nginx.conf b/install/rhel/5/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/5/nginx/nginx.conf +++ b/install/rhel/5/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/rhel/5/pma/config.inc.conf b/install/rhel/5/pma/config.inc.conf index 47ae207e..f7584089 100644 --- a/install/rhel/5/pma/config.inc.conf +++ b/install/rhel/5/pma/config.inc.conf @@ -16,6 +16,12 @@ */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ diff --git a/install/rhel/5/sudo/admin b/install/rhel/5/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/5/sudo/admin +++ b/install/rhel/5/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/5/templates/web/httpd/basedir.stpl b/install/rhel/5/templates/web/httpd/basedir.stpl index 4ced9f38..2a3f9fbd 100644 --- a/install/rhel/5/templates/web/httpd/basedir.stpl +++ b/install/rhel/5/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/5/templates/web/httpd/hosting.stpl b/install/rhel/5/templates/web/httpd/hosting.stpl index f94ba186..f94fdb64 100644 --- a/install/rhel/5/templates/web/httpd/hosting.stpl +++ b/install/rhel/5/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/5/templates/web/httpd/phpcgi.stpl b/install/rhel/5/templates/web/httpd/phpcgi.stpl index 591693a4..d544411c 100644 --- a/install/rhel/5/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/5/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/5/templates/web/httpd/phpfcgid.stpl b/install/rhel/5/templates/web/httpd/phpfcgid.stpl index 3bb82cca..38c5dd17 100644 --- a/install/rhel/5/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/5/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/5/templates/web/nginx/caching.stpl b/install/rhel/5/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/5/templates/web/nginx/caching.stpl +++ b/install/rhel/5/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/5/templates/web/nginx/default.stpl b/install/rhel/5/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/5/templates/web/nginx/default.stpl +++ b/install/rhel/5/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/5/templates/web/nginx/hosting.stpl b/install/rhel/5/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/5/templates/web/nginx/hosting.stpl +++ b/install/rhel/5/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/5/templates/web/nginx/http2.stpl b/install/rhel/5/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/rhel/5/templates/web/nginx/http2.stpl +++ b/install/rhel/5/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/5/templates/web/nginx/http2.tpl b/install/rhel/5/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/rhel/5/templates/web/nginx/http2.tpl +++ b/install/rhel/5/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/nginx/nginx.conf b/install/rhel/6/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/6/nginx/nginx.conf +++ b/install/rhel/6/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/rhel/6/pma/config.inc.conf b/install/rhel/6/pma/config.inc.conf index 47ae207e..f7584089 100644 --- a/install/rhel/6/pma/config.inc.conf +++ b/install/rhel/6/pma/config.inc.conf @@ -16,6 +16,12 @@ */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ diff --git a/install/rhel/6/roundcube/vesta.php b/install/rhel/6/roundcube/vesta.php index fee26078..1e9523a5 100644 --- a/install/rhel/6/roundcube/vesta.php +++ b/install/rhel/6/roundcube/vesta.php @@ -48,7 +48,7 @@ class rcube_vesta_password $context = stream_context_create(); $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); - result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); $result = stream_context_set_option($context, 'ssl', 'verify_host', false); $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); diff --git a/install/rhel/6/sudo/admin b/install/rhel/6/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/6/sudo/admin +++ b/install/rhel/6/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/6/templates/web/httpd/basedir.stpl b/install/rhel/6/templates/web/httpd/basedir.stpl index 4ced9f38..2a3f9fbd 100644 --- a/install/rhel/6/templates/web/httpd/basedir.stpl +++ b/install/rhel/6/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/6/templates/web/httpd/hosting.stpl b/install/rhel/6/templates/web/httpd/hosting.stpl index f1c1c111..06bd6183 100644 --- a/install/rhel/6/templates/web/httpd/hosting.stpl +++ b/install/rhel/6/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/6/templates/web/httpd/phpcgi.stpl b/install/rhel/6/templates/web/httpd/phpcgi.stpl index 591693a4..d544411c 100644 --- a/install/rhel/6/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/6/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/6/templates/web/httpd/phpfcgid.stpl b/install/rhel/6/templates/web/httpd/phpfcgid.stpl index 3bb82cca..38c5dd17 100644 --- a/install/rhel/6/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/6/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/6/templates/web/nginx/caching.stpl b/install/rhel/6/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/6/templates/web/nginx/caching.stpl +++ b/install/rhel/6/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/6/templates/web/nginx/default.stpl b/install/rhel/6/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/6/templates/web/nginx/default.stpl +++ b/install/rhel/6/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/6/templates/web/nginx/hosting.stpl b/install/rhel/6/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/6/templates/web/nginx/hosting.stpl +++ b/install/rhel/6/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/6/templates/web/nginx/http2.stpl b/install/rhel/6/templates/web/nginx/http2.stpl index 40e79aef..cfdb9188 100644 --- a/install/rhel/6/templates/web/nginx/http2.stpl +++ b/install/rhel/6/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/6/templates/web/nginx/http2.tpl b/install/rhel/6/templates/web/nginx/http2.tpl index 826276bd..b20e2922 100644 --- a/install/rhel/6/templates/web/nginx/http2.tpl +++ b/install/rhel/6/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/dovecot/conf.d/15-mailboxes.conf b/install/rhel/7/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 00000000..7b2bab97 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/15-mailboxes.conf @@ -0,0 +1,29 @@ +## Mailbox definitions +## + + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = subscribe + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + mailbox "Sent Messages" { + special_use = \Sent + } +} diff --git a/install/rhel/7/nginx/nginx.conf b/install/rhel/7/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/7/nginx/nginx.conf +++ b/install/rhel/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/rhel/7/pma/config.inc.conf b/install/rhel/7/pma/config.inc.conf index 47ae207e..1a65fd6c 100644 --- a/install/rhel/7/pma/config.inc.conf +++ b/install/rhel/7/pma/config.inc.conf @@ -4,24 +4,32 @@ * phpMyAdmin sample configuration, you can use it as base for * manual configuration. For easier setup you can use setup/ * - * All directives are explained in Documentation.html and on phpMyAdmin - * wiki . + * All directives are explained in documentation in the doc/ folder + * or at . * - * @package phpMyAdmin + * @package PhpMyAdmin */ -/* +/** * This is needed for cookie based authentication to encrypt password in - * cookie + * cookie. Needs to be 32 chars long. */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/** +======= +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ $i = 0; -/* +/** * First server */ $i++; @@ -29,44 +37,64 @@ $i++; $cfg['Servers'][$i]['auth_type'] = 'cookie'; /* Server parameters */ $cfg['Servers'][$i]['host'] = 'localhost'; -$cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['compress'] = false; -/* Select mysqli if your server has it */ -$cfg['Servers'][$i]['extension'] = 'mysql'; $cfg['Servers'][$i]['AllowNoPassword'] = false; -/* +/** * phpMyAdmin configuration storage settings. */ /* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +$cfg['Servers'][$i]['controlhost'] = ''; +$cfg['Servers'][$i]['controlport'] = ''; +$cfg['Servers'][$i]['controluser'] = 'phpmyadmin'; +$cfg['Servers'][$i]['controlpass'] = '%phpmyadmin_pass%'; /* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma_relation'; -// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; -// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; -// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; -// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; -// $cfg['Servers'][$i]['history'] = 'pma_history'; -// $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; -// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; -// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; -/* Contrib / Swekey authentication */ -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; -/* +/** * End of servers configuration */ -/* +/** * Directories for saving/loading files from server */ -$cfg['UploadDir'] = ''; -$cfg['SaveDir'] = ''; +$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload'; +$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save'; + +/* + * Temp dir for faster beahivour + * +*/ +$cfg['TempDir'] = '/tmp'; + + +/** + * Whether to display icons or text or both icons and text in table row + * action segment. Value can be either of 'icons', 'text' or 'both'. + * default = 'both' + */ +//$cfg['RowActionType'] = 'icons'; /** * Defines whether a user should be displayed a "show all (records)" @@ -78,25 +106,21 @@ $cfg['SaveDir'] = ''; /** * Number of rows displayed when browsing a result set. If the result * set contains more rows, "Previous" and "Next". - * default = 30 + * Possible values: 25, 50, 100, 250, 500 + * default = 25 */ //$cfg['MaxRows'] = 50; /** - * Use graphically less intense menu tabs - * default = false - */ -//$cfg['LightTabs'] = true; - -/** - * disallow editing of binary fields + * Disallow editing of binary fields * valid values are: - * false allow editing - * 'blob' allow editing except for BLOB fields - * 'all' disallow editing - * default = blob + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'noblob' disallow editing except for BLOB fields + * 'all' disallow editing + * default = 'blob' */ -//$cfg['ProtectBinary'] = 'false'; +//$cfg['ProtectBinary'] = false; /** * Default language to use, if not browser-defined or user-defined @@ -107,12 +131,6 @@ $cfg['SaveDir'] = ''; //$cfg['DefaultLang'] = 'en'; //$cfg['DefaultLang'] = 'de'; -/** - * default display direction (horizontal|vertical|horizontalflipped) - */ -//$cfg['DefaultDisplay'] = 'vertical'; - - /** * How many columns should be used for table display of a database? * (a value larger than 1 results in some information being hidden) @@ -131,13 +149,21 @@ $cfg['SaveDir'] = ''; /** * When using DB-based query history, how many entries should be kept? - * * default = 25 */ //$cfg['QueryHistoryMax'] = 100; -/* - * You can find more configuration options in Documentation.html - * or here: http://wiki.phpmyadmin.net/pma/Config +/** + * Whether or not to query the user before sending the error report to + * the phpMyAdmin team when a JavaScript error occurs + * + * Available options + * ('ask' | 'always' | 'never') + * default = 'ask' + */ +//$cfg['SendErrorReports'] = 'always'; + +/** + * You can find more configuration options in the documentation + * in the doc/ folder or at . */ -?> diff --git a/install/rhel/7/sudo/admin b/install/rhel/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/7/sudo/admin +++ b/install/rhel/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/7/templates/web/httpd/basedir.stpl b/install/rhel/7/templates/web/httpd/basedir.stpl index 95221539..210edc13 100644 --- a/install/rhel/7/templates/web/httpd/basedir.stpl +++ b/install/rhel/7/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/7/templates/web/httpd/hosting.stpl b/install/rhel/7/templates/web/httpd/hosting.stpl index 673c9c01..699c413b 100644 --- a/install/rhel/7/templates/web/httpd/hosting.stpl +++ b/install/rhel/7/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/7/templates/web/httpd/phpcgi.stpl b/install/rhel/7/templates/web/httpd/phpcgi.stpl index 1f7b3547..1eb39e0a 100644 --- a/install/rhel/7/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/7/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/7/templates/web/httpd/phpfcgid.stpl b/install/rhel/7/templates/web/httpd/phpfcgid.stpl index 6d7e81df..31f09bc1 100644 --- a/install/rhel/7/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/7/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/7/templates/web/nginx/caching.stpl b/install/rhel/7/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/7/templates/web/nginx/caching.stpl +++ b/install/rhel/7/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/7/templates/web/nginx/default.stpl b/install/rhel/7/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/7/templates/web/nginx/default.stpl +++ b/install/rhel/7/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/7/templates/web/nginx/hosting.stpl b/install/rhel/7/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/7/templates/web/nginx/hosting.stpl +++ b/install/rhel/7/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/7/templates/web/nginx/http2.stpl b/install/rhel/7/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/rhel/7/templates/web/nginx/http2.stpl +++ b/install/rhel/7/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/7/templates/web/nginx/http2.tpl b/install/rhel/7/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/rhel/7/templates/web/nginx/http2.tpl +++ b/install/rhel/7/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/8/vsftpd/vsftpd.conf b/install/rhel/8/vsftpd/vsftpd.conf new file mode 100644 index 00000000..75e0104f --- /dev/null +++ b/install/rhel/8/vsftpd/vsftpd.conf @@ -0,0 +1,40 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_promiscuous=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key diff --git a/install/ubuntu/12.04/nginx/nginx.conf b/install/ubuntu/12.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.04/nginx/nginx.conf +++ b/install/ubuntu/12.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/12.04/pma/config.inc.php b/install/ubuntu/12.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/12.04/pma/config.inc.php +++ b/install/ubuntu/12.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/12.04/sudo/admin b/install/ubuntu/12.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.04/sudo/admin +++ b/install/ubuntu/12.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.04/templates/web/apache2/basedir.stpl b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/12.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/12.04/templates/web/apache2/hosting.stpl b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/ubuntu/12.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.04/templates/web/nginx/caching.stpl b/install/ubuntu/12.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/12.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.04/templates/web/nginx/default.stpl b/install/ubuntu/12.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/12.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.stpl b/install/ubuntu/12.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.tpl b/install/ubuntu/12.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/nginx/nginx.conf b/install/ubuntu/12.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.10/nginx/nginx.conf +++ b/install/ubuntu/12.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/12.10/pma/config.inc.php b/install/ubuntu/12.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/12.10/pma/config.inc.php +++ b/install/ubuntu/12.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/12.10/sudo/admin b/install/ubuntu/12.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.10/sudo/admin +++ b/install/ubuntu/12.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.10/templates/web/apache2/basedir.stpl b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/12.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/12.10/templates/web/apache2/hosting.stpl b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/ubuntu/12.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.stpl b/install/ubuntu/12.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/12.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.10/templates/web/nginx/default.stpl b/install/ubuntu/12.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/12.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.stpl b/install/ubuntu/12.10/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.tpl b/install/ubuntu/12.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/nginx/nginx.conf b/install/ubuntu/13.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.04/nginx/nginx.conf +++ b/install/ubuntu/13.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/13.04/pma/config.inc.php b/install/ubuntu/13.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/13.04/pma/config.inc.php +++ b/install/ubuntu/13.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/13.04/sudo/admin b/install/ubuntu/13.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.04/sudo/admin +++ b/install/ubuntu/13.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.04/templates/web/apache2/basedir.stpl b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/13.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/13.04/templates/web/apache2/hosting.stpl b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl index ce0763ae..be7ef310 100644 --- a/install/ubuntu/13.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.stpl b/install/ubuntu/13.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/13.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.04/templates/web/nginx/default.stpl b/install/ubuntu/13.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/13.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.stpl b/install/ubuntu/13.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.tpl b/install/ubuntu/13.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/nginx/nginx.conf b/install/ubuntu/13.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.10/nginx/nginx.conf +++ b/install/ubuntu/13.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/13.10/pma/config.inc.php b/install/ubuntu/13.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/13.10/pma/config.inc.php +++ b/install/ubuntu/13.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/13.10/sudo/admin b/install/ubuntu/13.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.10/sudo/admin +++ b/install/ubuntu/13.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.10/templates/web/apache2/basedir.stpl b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/13.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/13.10/templates/web/apache2/hosting.stpl b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/13.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.stpl b/install/ubuntu/13.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/13.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.10/templates/web/nginx/default.stpl b/install/ubuntu/13.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/13.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.stpl b/install/ubuntu/13.10/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.tpl b/install/ubuntu/13.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/nginx/nginx.conf b/install/ubuntu/14.04/nginx/nginx.conf index 1932d171..c44ab650 100644 --- a/install/ubuntu/14.04/nginx/nginx.conf +++ b/install/ubuntu/14.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/14.04/pma/config.inc.php b/install/ubuntu/14.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/14.04/pma/config.inc.php +++ b/install/ubuntu/14.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/14.04/sudo/admin b/install/ubuntu/14.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.04/sudo/admin +++ b/install/ubuntu/14.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.04/templates/web/apache2/basedir.stpl b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/14.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/14.04/templates/web/apache2/hosting.stpl b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/14.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.stpl b/install/ubuntu/14.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/14.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.04/templates/web/nginx/default.stpl b/install/ubuntu/14.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/14.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.stpl b/install/ubuntu/14.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.tpl b/install/ubuntu/14.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/nginx/nginx.conf b/install/ubuntu/14.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/14.10/nginx/nginx.conf +++ b/install/ubuntu/14.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/14.10/pma/config.inc.php b/install/ubuntu/14.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/14.10/pma/config.inc.php +++ b/install/ubuntu/14.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/14.10/sudo/admin b/install/ubuntu/14.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.10/sudo/admin +++ b/install/ubuntu/14.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.10/templates/web/apache2/basedir.stpl b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/14.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/14.10/templates/web/apache2/hosting.stpl b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/14.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.stpl b/install/ubuntu/14.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/14.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.10/templates/web/nginx/default.stpl b/install/ubuntu/14.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/14.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.stpl b/install/ubuntu/14.10/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.tpl b/install/ubuntu/14.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/nginx/nginx.conf b/install/ubuntu/15.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.04/nginx/nginx.conf +++ b/install/ubuntu/15.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/15.04/pma/config.inc.php b/install/ubuntu/15.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/15.04/pma/config.inc.php +++ b/install/ubuntu/15.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/15.04/sudo/admin b/install/ubuntu/15.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.04/sudo/admin +++ b/install/ubuntu/15.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.04/templates/web/apache2/basedir.stpl b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/15.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/15.04/templates/web/apache2/hosting.stpl b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/15.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.stpl b/install/ubuntu/15.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/15.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.04/templates/web/nginx/default.stpl b/install/ubuntu/15.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/15.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.stpl b/install/ubuntu/15.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.tpl b/install/ubuntu/15.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/nginx/nginx.conf b/install/ubuntu/15.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.10/nginx/nginx.conf +++ b/install/ubuntu/15.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/15.10/pma/config.inc.php b/install/ubuntu/15.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/15.10/pma/config.inc.php +++ b/install/ubuntu/15.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/15.10/sudo/admin b/install/ubuntu/15.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.10/sudo/admin +++ b/install/ubuntu/15.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.10/templates/web/apache2/basedir.stpl b/install/ubuntu/15.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/15.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/15.10/templates/web/apache2/hosting.stpl b/install/ubuntu/15.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/15.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.10/templates/web/nginx/caching.stpl b/install/ubuntu/15.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/15.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.10/templates/web/nginx/default.stpl b/install/ubuntu/15.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/15.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.stpl b/install/ubuntu/15.10/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.tpl b/install/ubuntu/15.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.04/dovecot/dovecot.conf b/install/ubuntu/16.04/dovecot/dovecot.conf index 311a3351..163460ba 100644 --- a/install/ubuntu/16.04/dovecot/dovecot.conf +++ b/install/ubuntu/16.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace { +namespace inbox { type = private separator = / prefix = diff --git a/install/ubuntu/16.04/nginx/nginx.conf b/install/ubuntu/16.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.04/nginx/nginx.conf +++ b/install/ubuntu/16.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/16.04/pma/config.inc.php b/install/ubuntu/16.04/pma/config.inc.php index d8a903e4..fb131d65 100644 --- a/install/ubuntu/16.04/pma/config.inc.php +++ b/install/ubuntu/16.04/pma/config.inc.php @@ -139,6 +139,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/16.04/roundcube/vesta.php b/install/ubuntu/16.04/roundcube/vesta.php index 99e1d4bc..b6646b2b 100644 --- a/install/ubuntu/16.04/roundcube/vesta.php +++ b/install/ubuntu/16.04/roundcube/vesta.php @@ -6,8 +6,9 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password +{ + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +70,4 @@ } } +} \ No newline at end of file diff --git a/install/ubuntu/16.04/sudo/admin b/install/ubuntu/16.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.04/sudo/admin +++ b/install/ubuntu/16.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.04/templates/web/apache2/basedir.stpl b/install/ubuntu/16.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/16.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/16.04/templates/web/apache2/hosting.stpl b/install/ubuntu/16.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/16.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.04/templates/web/nginx/caching.stpl b/install/ubuntu/16.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/16.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.04/templates/web/nginx/default.stpl b/install/ubuntu/16.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/16.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.stpl b/install/ubuntu/16.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.tpl b/install/ubuntu/16.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.10/nginx/nginx.conf b/install/ubuntu/16.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.10/nginx/nginx.conf +++ b/install/ubuntu/16.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; diff --git a/install/ubuntu/16.10/pma/config.inc.php b/install/ubuntu/16.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/16.10/pma/config.inc.php +++ b/install/ubuntu/16.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/16.10/roundcube/vesta.php b/install/ubuntu/16.10/roundcube/vesta.php index 99e1d4bc..b4a2a6b6 100644 --- a/install/ubuntu/16.10/roundcube/vesta.php +++ b/install/ubuntu/16.10/roundcube/vesta.php @@ -6,8 +6,8 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password { + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +69,4 @@ } } +} \ No newline at end of file diff --git a/install/ubuntu/16.10/sudo/admin b/install/ubuntu/16.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.10/sudo/admin +++ b/install/ubuntu/16.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.10/templates/web/apache2/basedir.stpl b/install/ubuntu/16.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/16.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/16.10/templates/web/apache2/hosting.stpl b/install/ubuntu/16.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/16.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.10/templates/web/nginx/caching.stpl b/install/ubuntu/16.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/16.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.10/templates/web/nginx/default.stpl b/install/ubuntu/16.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/16.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.stpl b/install/ubuntu/16.10/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.tpl b/install/ubuntu/16.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..9d984000 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,69 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + try_files $uri @rewrite; + expires max; + log_not_found off; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..0ae7568b 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,69 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..0d7930fa 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,68 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$) { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..6b41f319 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,69 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..6fd64db6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,70 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { + location ~ \..*/.*\.php$ { return 403; } - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location ~ ^/sites/.*/private/ { + return 403; } - location ~ [^/]\.php(/|$)|^/update.php { + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..452aa9e6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,71 +7,62 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ [^/]\.php(/|$)|^/update.php { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/apache2/apache2.conf b/install/ubuntu/17.04/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/17.04/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/17.04/apache2/status.conf b/install/ubuntu/17.04/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/17.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/17.04/bind/named.conf b/install/ubuntu/17.04/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/17.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/17.04/clamav/clamd.conf b/install/ubuntu/17.04/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/17.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/17.04/deb_signing.key b/install/ubuntu/17.04/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/17.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-master.conf b/install/ubuntu/17.04/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/17.04/dovecot/dovecot.conf b/install/ubuntu/17.04/dovecot/dovecot.conf new file mode 100644 index 00000000..311a3351 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/dovecot.conf @@ -0,0 +1,24 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf + +namespace { + type = private + separator = / + prefix = + inbox = yes + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } +} diff --git a/install/ubuntu/17.04/exim/dnsbl.conf b/install/ubuntu/17.04/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/17.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/17.04/exim/exim4.conf.template b/install/ubuntu/17.04/exim/exim4.conf.template new file mode 100644 index 00000000..fc346486 --- /dev/null +++ b/install/ubuntu/17.04/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/17.04/exim/spam-blocks.conf b/install/ubuntu/17.04/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/17.04/fail2ban/action.d/vesta.conf b/install/ubuntu/17.04/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/17.04/fail2ban/jail.local b/install/ubuntu/17.04/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/17.04/firewall/ports.conf b/install/ubuntu/17.04/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/17.04/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/17.04/firewall/rules.conf b/install/ubuntu/17.04/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/17.04/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/17.04/logrotate/apache2 b/install/ubuntu/17.04/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/17.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/17.04/logrotate/dovecot b/install/ubuntu/17.04/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/17.04/logrotate/nginx b/install/ubuntu/17.04/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/17.04/logrotate/vesta b/install/ubuntu/17.04/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/17.04/mysql/my-large.cnf b/install/ubuntu/17.04/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/mysql/my-medium.cnf b/install/ubuntu/17.04/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/mysql/my-small.cnf b/install/ubuntu/17.04/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/nginx/nginx.conf b/install/ubuntu/17.04/nginx/nginx.conf new file mode 100644 index 00000000..6bc999f9 --- /dev/null +++ b/install/ubuntu/17.04/nginx/nginx.conf @@ -0,0 +1,137 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_vary on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/17.04/nginx/phpmyadmin.inc b/install/ubuntu/17.04/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/17.04/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/17.04/nginx/phppgadmin.inc b/install/ubuntu/17.04/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/17.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.04/nginx/status.conf b/install/ubuntu/17.04/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/17.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/17.04/nginx/webmail.inc b/install/ubuntu/17.04/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/17.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.04/packages/default.pkg b/install/ubuntu/17.04/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/17.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/gainsboro.pkg b/install/ubuntu/17.04/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/17.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/palegreen.pkg b/install/ubuntu/17.04/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/17.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/slategrey.pkg b/install/ubuntu/17.04/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/17.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/pga/config.inc.php b/install/ubuntu/17.04/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/17.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/17.04/pga/phppgadmin.conf b/install/ubuntu/17.04/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/17.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/17.04/php-fpm/www.conf b/install/ubuntu/17.04/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/17.04/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/17.04/pma/apache.conf b/install/ubuntu/17.04/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/17.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/17.04/pma/config.inc.php b/install/ubuntu/17.04/pma/config.inc.php new file mode 100644 index 00000000..36093369 --- /dev/null +++ b/install/ubuntu/17.04/pma/config.inc.php @@ -0,0 +1,152 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/17.04/roundcube/apache.conf b/install/ubuntu/17.04/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/17.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/17.04/roundcube/config.inc.php b/install/ubuntu/17.04/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/17.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/17.04/roundcube/main.inc.php b/install/ubuntu/17.04/roundcube/main.inc.php new file mode 100644 index 00000000..44b19793 --- /dev/null +++ b/install/ubuntu/17.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/17.04/roundcube/vesta.php b/install/ubuntu/17.04/roundcube/vesta.php new file mode 100644 index 00000000..b6646b2b --- /dev/null +++ b/install/ubuntu/17.04/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password +{ + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} \ No newline at end of file diff --git a/install/ubuntu/17.04/sudo/admin b/install/ubuntu/17.04/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/ubuntu/17.04/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.04/templates/dns/child-ns.tpl b/install/ubuntu/17.04/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/dns/default.tpl b/install/ubuntu/17.04/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/dns/gmail.tpl b/install/ubuntu/17.04/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/web/apache2/basedir.stpl b/install/ubuntu/17.04/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/basedir.tpl b/install/ubuntu/17.04/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/default.stpl b/install/ubuntu/17.04/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/default.tpl b/install/ubuntu/17.04/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/hosting.stpl b/install/ubuntu/17.04/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/hosting.tpl b/install/ubuntu/17.04/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/awstats/awstats.tpl b/install/ubuntu/17.04/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/17.04/templates/web/awstats/index.tpl b/install/ubuntu/17.04/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/17.04/templates/web/awstats/nav.tpl b/install/ubuntu/17.04/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.sh b/install/ubuntu/17.04/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.stpl b/install/ubuntu/17.04/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..e149b98b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.tpl b/install/ubuntu/17.04/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/default.stpl b/install/ubuntu/17.04/templates/web/nginx/default.stpl new file mode 100755 index 00000000..0e669b3d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/default.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/default.tpl b/install/ubuntu/17.04/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.sh b/install/ubuntu/17.04/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..1ef8994b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,37 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.tpl b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.stpl b/install/ubuntu/17.04/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..f225becd --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/http2.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.tpl b/install/ubuntu/17.04/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..d85bcce3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..9c24c3ea --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..d7186314 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..4f0b9ec7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,127 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..f85032ba --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..9d984000 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..0ae7568b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..0d7930fa --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..6b41f319 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..6fd64db6 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..452aa9e6 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..704405f3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..477f6f01 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..fdab43aa --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,198 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..f410ab77 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..f15a68c5 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..bc8b53a3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..d6697d7a --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..908b9aeb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..891566b9 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..78c1bb78 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..5ffc9ed5 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..e0aeb524 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..0d933b30 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/17.04/templates/web/php-fpm/default.tpl b/install/ubuntu/17.04/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl b/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl b/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/403.html b/install/ubuntu/17.04/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/404.html b/install/ubuntu/17.04/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_html/index.html b/install/ubuntu/17.04/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.04/templates/web/suspend/.htaccess b/install/ubuntu/17.04/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/17.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/17.04/templates/web/suspend/index.html b/install/ubuntu/17.04/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/17.04/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+
+ Please contact the technical support department. +
+ + diff --git a/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/17.04/vsftpd/vsftpd.conf b/install/ubuntu/17.04/vsftpd/vsftpd.conf new file mode 100644 index 00000000..034b016d --- /dev/null +++ b/install/ubuntu/17.04/vsftpd/vsftpd.conf @@ -0,0 +1,27 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES diff --git a/install/ubuntu/17.10/apache2/apache2.conf b/install/ubuntu/17.10/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/17.10/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/17.10/apache2/status.conf b/install/ubuntu/17.10/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/17.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/17.10/bind/named.conf b/install/ubuntu/17.10/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/17.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/17.10/clamav/clamd.conf b/install/ubuntu/17.10/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/17.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/17.10/deb_signing.key b/install/ubuntu/17.10/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/17.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-master.conf b/install/ubuntu/17.10/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/17.10/dovecot/dovecot.conf b/install/ubuntu/17.10/dovecot/dovecot.conf new file mode 100644 index 00000000..311a3351 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/dovecot.conf @@ -0,0 +1,24 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf + +namespace { + type = private + separator = / + prefix = + inbox = yes + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } +} diff --git a/install/ubuntu/17.10/exim/dnsbl.conf b/install/ubuntu/17.10/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/17.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/17.10/exim/exim4.conf.template b/install/ubuntu/17.10/exim/exim4.conf.template new file mode 100644 index 00000000..fc346486 --- /dev/null +++ b/install/ubuntu/17.10/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/17.10/exim/spam-blocks.conf b/install/ubuntu/17.10/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/17.10/fail2ban/action.d/vesta.conf b/install/ubuntu/17.10/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/17.10/fail2ban/jail.local b/install/ubuntu/17.10/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/17.10/firewall/ports.conf b/install/ubuntu/17.10/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/17.10/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/17.10/firewall/rules.conf b/install/ubuntu/17.10/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/17.10/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/17.10/logrotate/apache2 b/install/ubuntu/17.10/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/17.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/17.10/logrotate/dovecot b/install/ubuntu/17.10/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/17.10/logrotate/nginx b/install/ubuntu/17.10/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/17.10/logrotate/vesta b/install/ubuntu/17.10/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/17.10/mysql/my-large.cnf b/install/ubuntu/17.10/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/mysql/my-medium.cnf b/install/ubuntu/17.10/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/mysql/my-small.cnf b/install/ubuntu/17.10/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/nginx/nginx.conf b/install/ubuntu/17.10/nginx/nginx.conf new file mode 100644 index 00000000..6bc999f9 --- /dev/null +++ b/install/ubuntu/17.10/nginx/nginx.conf @@ -0,0 +1,137 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_vary on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/17.10/nginx/phpmyadmin.inc b/install/ubuntu/17.10/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/17.10/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/17.10/nginx/phppgadmin.inc b/install/ubuntu/17.10/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/17.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.10/nginx/status.conf b/install/ubuntu/17.10/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/17.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/17.10/nginx/webmail.inc b/install/ubuntu/17.10/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/17.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.10/packages/default.pkg b/install/ubuntu/17.10/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/17.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/gainsboro.pkg b/install/ubuntu/17.10/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/17.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/palegreen.pkg b/install/ubuntu/17.10/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/17.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/slategrey.pkg b/install/ubuntu/17.10/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/17.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/pga/config.inc.php b/install/ubuntu/17.10/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/17.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/17.10/pga/phppgadmin.conf b/install/ubuntu/17.10/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/17.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/17.10/php-fpm/www.conf b/install/ubuntu/17.10/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/17.10/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/17.10/pma/apache.conf b/install/ubuntu/17.10/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/17.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/17.10/pma/config.inc.php b/install/ubuntu/17.10/pma/config.inc.php new file mode 100644 index 00000000..36093369 --- /dev/null +++ b/install/ubuntu/17.10/pma/config.inc.php @@ -0,0 +1,152 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/17.10/roundcube/apache.conf b/install/ubuntu/17.10/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/17.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/17.10/roundcube/config.inc.php b/install/ubuntu/17.10/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/17.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/17.10/roundcube/main.inc.php b/install/ubuntu/17.10/roundcube/main.inc.php new file mode 100644 index 00000000..44b19793 --- /dev/null +++ b/install/ubuntu/17.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/17.10/roundcube/vesta.php b/install/ubuntu/17.10/roundcube/vesta.php new file mode 100644 index 00000000..c271004d --- /dev/null +++ b/install/ubuntu/17.10/roundcube/vesta.php @@ -0,0 +1,72 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/ubuntu/17.10/sudo/admin b/install/ubuntu/17.10/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/ubuntu/17.10/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.10/templates/dns/child-ns.tpl b/install/ubuntu/17.10/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/dns/default.tpl b/install/ubuntu/17.10/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/dns/gmail.tpl b/install/ubuntu/17.10/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/web/apache2/basedir.stpl b/install/ubuntu/17.10/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/basedir.tpl b/install/ubuntu/17.10/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/default.stpl b/install/ubuntu/17.10/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/default.tpl b/install/ubuntu/17.10/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/hosting.stpl b/install/ubuntu/17.10/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/hosting.tpl b/install/ubuntu/17.10/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/awstats/awstats.tpl b/install/ubuntu/17.10/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/17.10/templates/web/awstats/index.tpl b/install/ubuntu/17.10/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/17.10/templates/web/awstats/nav.tpl b/install/ubuntu/17.10/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.sh b/install/ubuntu/17.10/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.stpl b/install/ubuntu/17.10/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..e149b98b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.tpl b/install/ubuntu/17.10/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/default.stpl b/install/ubuntu/17.10/templates/web/nginx/default.stpl new file mode 100755 index 00000000..0e669b3d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/default.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/default.tpl b/install/ubuntu/17.10/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.sh b/install/ubuntu/17.10/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..1ef8994b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,37 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.tpl b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.stpl b/install/ubuntu/17.10/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..f225becd --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/http2.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.tpl b/install/ubuntu/17.10/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..d85bcce3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..9c24c3ea --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..d7186314 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..4f0b9ec7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,127 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..f85032ba --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..9d984000 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..0ae7568b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..0d7930fa --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..6b41f319 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..6fd64db6 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..452aa9e6 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..704405f3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..477f6f01 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..fdab43aa --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,198 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..f410ab77 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..f15a68c5 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..bc8b53a3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..d6697d7a --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..908b9aeb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..891566b9 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..78c1bb78 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..5ffc9ed5 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..e0aeb524 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..0d933b30 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/17.10/templates/web/php-fpm/default.tpl b/install/ubuntu/17.10/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl b/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl b/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/403.html b/install/ubuntu/17.10/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/404.html b/install/ubuntu/17.10/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_html/index.html b/install/ubuntu/17.10/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.10/templates/web/suspend/.htaccess b/install/ubuntu/17.10/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/17.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/17.10/templates/web/suspend/index.html b/install/ubuntu/17.10/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/17.10/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+
+ Please contact the technical support department. +
+ + diff --git a/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/17.10/vsftpd/vsftpd.conf b/install/ubuntu/17.10/vsftpd/vsftpd.conf new file mode 100644 index 00000000..034b016d --- /dev/null +++ b/install/ubuntu/17.10/vsftpd/vsftpd.conf @@ -0,0 +1,27 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES diff --git a/install/ubuntu/18.04/apache2/apache2.conf b/install/ubuntu/18.04/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/18.04/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/18.04/apache2/status.conf b/install/ubuntu/18.04/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/18.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/18.04/bind/named.conf b/install/ubuntu/18.04/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/18.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/18.04/clamav/clamd.conf b/install/ubuntu/18.04/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/18.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/18.04/deb_signing.key b/install/ubuntu/18.04/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/18.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..7a20878a --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,9 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv +namespace inbox { + inbox = yes +} +first_valid_uid = 1000 +mbox_write_locks = fcntl diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-master.conf b/install/ubuntu/18.04/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/18.04/dovecot/dovecot.conf b/install/ubuntu/18.04/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/18.04/exim/dnsbl.conf b/install/ubuntu/18.04/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/18.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/18.04/exim/exim4.conf.template b/install/ubuntu/18.04/exim/exim4.conf.template new file mode 100644 index 00000000..c904441f --- /dev/null +++ b/install/ubuntu/18.04/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/18.04/exim/spam-blocks.conf b/install/ubuntu/18.04/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/18.04/fail2ban/action.d/vesta.conf b/install/ubuntu/18.04/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/18.04/fail2ban/jail.local b/install/ubuntu/18.04/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/18.04/firewall/ports.conf b/install/ubuntu/18.04/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/18.04/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/18.04/firewall/rules.conf b/install/ubuntu/18.04/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/18.04/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/18.04/logrotate/apache2 b/install/ubuntu/18.04/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/18.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/18.04/logrotate/dovecot b/install/ubuntu/18.04/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/18.04/logrotate/nginx b/install/ubuntu/18.04/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/18.04/logrotate/vesta b/install/ubuntu/18.04/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/18.04/mysql/my-large.cnf b/install/ubuntu/18.04/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/mysql/my-medium.cnf b/install/ubuntu/18.04/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/mysql/my-small.cnf b/install/ubuntu/18.04/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf new file mode 100644 index 00000000..790aee49 --- /dev/null +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -0,0 +1,138 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 60s; + client_body_timeout 60s; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 60s; + keepalive_timeout 30s; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_static on; + gzip_vary on; + gzip_comp_level 6; + gzip_min_length 1024; + gzip_buffers 16 8k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_buffers 32 4k; + proxy_connect_timeout 30s; + proxy_send_timeout 90s; + proxy_read_timeout 90s; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/18.04/nginx/phpmyadmin.inc b/install/ubuntu/18.04/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/18.04/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/18.04/nginx/phppgadmin.inc b/install/ubuntu/18.04/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/18.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.04/nginx/status.conf b/install/ubuntu/18.04/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/18.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/18.04/nginx/webmail.inc b/install/ubuntu/18.04/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/18.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.04/packages/default.pkg b/install/ubuntu/18.04/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/18.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/gainsboro.pkg b/install/ubuntu/18.04/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/18.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/palegreen.pkg b/install/ubuntu/18.04/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/18.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/slategrey.pkg b/install/ubuntu/18.04/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/18.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/pga/config.inc.php b/install/ubuntu/18.04/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/18.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/18.04/pga/phppgadmin.conf b/install/ubuntu/18.04/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/18.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/18.04/php-fpm/www.conf b/install/ubuntu/18.04/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/18.04/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/18.04/pma/apache.conf b/install/ubuntu/18.04/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/18.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/18.04/pma/config.inc.php b/install/ubuntu/18.04/pma/config.inc.php new file mode 100644 index 00000000..36093369 --- /dev/null +++ b/install/ubuntu/18.04/pma/config.inc.php @@ -0,0 +1,152 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/18.04/roundcube/apache.conf b/install/ubuntu/18.04/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/18.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/18.04/roundcube/config.inc.php b/install/ubuntu/18.04/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/18.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/18.04/roundcube/main.inc.php b/install/ubuntu/18.04/roundcube/main.inc.php new file mode 100644 index 00000000..32e0d473 --- /dev/null +++ b/install/ubuntu/18.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcube/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail'; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/18.04/roundcube/vesta.php b/install/ubuntu/18.04/roundcube/vesta.php new file mode 100644 index 00000000..b4a2a6b6 --- /dev/null +++ b/install/ubuntu/18.04/roundcube/vesta.php @@ -0,0 +1,72 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} \ No newline at end of file diff --git a/install/ubuntu/18.04/sudo/admin b/install/ubuntu/18.04/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/ubuntu/18.04/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.04/templates/dns/child-ns.tpl b/install/ubuntu/18.04/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/dns/default.tpl b/install/ubuntu/18.04/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/dns/gmail.tpl b/install/ubuntu/18.04/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/web/apache2/basedir.stpl b/install/ubuntu/18.04/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/basedir.tpl b/install/ubuntu/18.04/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/default.stpl b/install/ubuntu/18.04/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/default.tpl b/install/ubuntu/18.04/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/hosting.stpl b/install/ubuntu/18.04/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/hosting.tpl b/install/ubuntu/18.04/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/awstats/awstats.tpl b/install/ubuntu/18.04/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/18.04/templates/web/awstats/index.tpl b/install/ubuntu/18.04/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/18.04/templates/web/awstats/nav.tpl b/install/ubuntu/18.04/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.sh b/install/ubuntu/18.04/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.stpl b/install/ubuntu/18.04/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..e149b98b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.tpl b/install/ubuntu/18.04/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/default.stpl b/install/ubuntu/18.04/templates/web/nginx/default.stpl new file mode 100755 index 00000000..0e669b3d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/default.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/default.tpl b/install/ubuntu/18.04/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.sh b/install/ubuntu/18.04/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..1ef8994b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,37 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.tpl b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.stpl b/install/ubuntu/18.04/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..f225becd --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/http2.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.tpl b/install/ubuntu/18.04/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..003e9180 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..51f1f408 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..e8dd8bf6 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..96495ee8 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..c9387bfb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6b20ba9d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..0ae7568b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..041ebba0 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..6b41f319 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..231d9441 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..452aa9e6 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..886b586e --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..8e6e8774 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..5d05ea72 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..23ce8eb8 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..10629c65 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..7b3aff96 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..223eb97a --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..5b6e55e8 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..b43fdc75 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..0a4a412f --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..c9f91854 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..39cce361 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..264ca01a --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/18.04/templates/web/php-fpm/default.tpl b/install/ubuntu/18.04/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl b/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl b/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/403.html b/install/ubuntu/18.04/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/404.html b/install/ubuntu/18.04/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_html/index.html b/install/ubuntu/18.04/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.04/templates/web/suspend/.htaccess b/install/ubuntu/18.04/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/18.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/18.04/templates/web/suspend/index.html b/install/ubuntu/18.04/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/18.04/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+
+ Please contact the technical support department. +
+ + diff --git a/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/18.04/vsftpd/vsftpd.conf b/install/ubuntu/18.04/vsftpd/vsftpd.conf new file mode 100644 index 00000000..75e0104f --- /dev/null +++ b/install/ubuntu/18.04/vsftpd/vsftpd.conf @@ -0,0 +1,40 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_promiscuous=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key diff --git a/install/ubuntu/18.10/apache2/apache2.conf b/install/ubuntu/18.10/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/18.10/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/18.10/apache2/status.conf b/install/ubuntu/18.10/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/18.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/18.10/bind/named.conf b/install/ubuntu/18.10/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/18.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/18.10/clamav/clamd.conf b/install/ubuntu/18.10/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/18.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/18.10/deb_signing.key b/install/ubuntu/18.10/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/18.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..7a20878a --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,9 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv +namespace inbox { + inbox = yes +} +first_valid_uid = 1000 +mbox_write_locks = fcntl diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-master.conf b/install/ubuntu/18.10/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/18.10/dovecot/dovecot.conf b/install/ubuntu/18.10/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/18.10/exim/dnsbl.conf b/install/ubuntu/18.10/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/18.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/18.10/exim/exim4.conf.template b/install/ubuntu/18.10/exim/exim4.conf.template new file mode 100644 index 00000000..c904441f --- /dev/null +++ b/install/ubuntu/18.10/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/18.10/exim/spam-blocks.conf b/install/ubuntu/18.10/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/18.10/fail2ban/action.d/vesta.conf b/install/ubuntu/18.10/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/18.10/fail2ban/jail.local b/install/ubuntu/18.10/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/18.10/firewall/ports.conf b/install/ubuntu/18.10/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/18.10/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/18.10/firewall/rules.conf b/install/ubuntu/18.10/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/18.10/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/18.10/logrotate/apache2 b/install/ubuntu/18.10/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/18.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/18.10/logrotate/dovecot b/install/ubuntu/18.10/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/18.10/logrotate/nginx b/install/ubuntu/18.10/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/18.10/logrotate/vesta b/install/ubuntu/18.10/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/18.10/mysql/my-large.cnf b/install/ubuntu/18.10/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/mysql/my-medium.cnf b/install/ubuntu/18.10/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/mysql/my-small.cnf b/install/ubuntu/18.10/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/nginx/nginx.conf b/install/ubuntu/18.10/nginx/nginx.conf new file mode 100644 index 00000000..790aee49 --- /dev/null +++ b/install/ubuntu/18.10/nginx/nginx.conf @@ -0,0 +1,138 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 60s; + client_body_timeout 60s; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 60s; + keepalive_timeout 30s; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_static on; + gzip_vary on; + gzip_comp_level 6; + gzip_min_length 1024; + gzip_buffers 16 8k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_buffers 32 4k; + proxy_connect_timeout 30s; + proxy_send_timeout 90s; + proxy_read_timeout 90s; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/18.10/nginx/phpmyadmin.inc b/install/ubuntu/18.10/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/18.10/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/18.10/nginx/phppgadmin.inc b/install/ubuntu/18.10/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/18.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.10/nginx/status.conf b/install/ubuntu/18.10/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/18.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/18.10/nginx/webmail.inc b/install/ubuntu/18.10/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/18.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.10/packages/default.pkg b/install/ubuntu/18.10/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/18.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/gainsboro.pkg b/install/ubuntu/18.10/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/18.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/palegreen.pkg b/install/ubuntu/18.10/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/18.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/slategrey.pkg b/install/ubuntu/18.10/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/18.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/pga/config.inc.php b/install/ubuntu/18.10/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/18.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/18.10/pga/phppgadmin.conf b/install/ubuntu/18.10/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/18.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/18.10/php-fpm/www.conf b/install/ubuntu/18.10/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/18.10/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/18.10/pma/apache.conf b/install/ubuntu/18.10/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/18.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/18.10/pma/config.inc.php b/install/ubuntu/18.10/pma/config.inc.php new file mode 100644 index 00000000..a643a065 --- /dev/null +++ b/install/ubuntu/18.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/18.10/roundcube/apache.conf b/install/ubuntu/18.10/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/18.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/18.10/roundcube/config.inc.php b/install/ubuntu/18.10/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/18.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/18.10/roundcube/main.inc.php b/install/ubuntu/18.10/roundcube/main.inc.php new file mode 100644 index 00000000..32e0d473 --- /dev/null +++ b/install/ubuntu/18.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcube/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail'; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/18.10/roundcube/vesta.php b/install/ubuntu/18.10/roundcube/vesta.php new file mode 100644 index 00000000..b4a2a6b6 --- /dev/null +++ b/install/ubuntu/18.10/roundcube/vesta.php @@ -0,0 +1,72 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} \ No newline at end of file diff --git a/install/ubuntu/18.10/sudo/admin b/install/ubuntu/18.10/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/ubuntu/18.10/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.10/templates/dns/child-ns.tpl b/install/ubuntu/18.10/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/dns/default.tpl b/install/ubuntu/18.10/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/dns/gmail.tpl b/install/ubuntu/18.10/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/web/apache2/basedir.stpl b/install/ubuntu/18.10/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/basedir.tpl b/install/ubuntu/18.10/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/default.stpl b/install/ubuntu/18.10/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/default.tpl b/install/ubuntu/18.10/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/hosting.stpl b/install/ubuntu/18.10/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/hosting.tpl b/install/ubuntu/18.10/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/awstats/awstats.tpl b/install/ubuntu/18.10/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/18.10/templates/web/awstats/index.tpl b/install/ubuntu/18.10/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/18.10/templates/web/awstats/nav.tpl b/install/ubuntu/18.10/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.sh b/install/ubuntu/18.10/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.stpl b/install/ubuntu/18.10/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..e149b98b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.tpl b/install/ubuntu/18.10/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/default.stpl b/install/ubuntu/18.10/templates/web/nginx/default.stpl new file mode 100755 index 00000000..0e669b3d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/default.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/default.tpl b/install/ubuntu/18.10/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.sh b/install/ubuntu/18.10/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.stpl b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..1ef8994b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,37 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.tpl b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.stpl b/install/ubuntu/18.10/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..f225becd --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/http2.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.tpl b/install/ubuntu/18.10/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..003e9180 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..51f1f408 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..e8dd8bf6 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..96495ee8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..c9387bfb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6b20ba9d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..0ae7568b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..041ebba0 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..6b41f319 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..231d9441 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..452aa9e6 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..886b586e --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..8e6e8774 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..5d05ea72 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..23ce8eb8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..10629c65 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..7b3aff96 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..223eb97a --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..5b6e55e8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..b43fdc75 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..0a4a412f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..c9f91854 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..39cce361 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..264ca01a --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/18.10/templates/web/php-fpm/default.tpl b/install/ubuntu/18.10/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl b/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl b/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/403.html b/install/ubuntu/18.10/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/404.html b/install/ubuntu/18.10/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_html/index.html b/install/ubuntu/18.10/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.10/templates/web/suspend/.htaccess b/install/ubuntu/18.10/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/18.10/templates/web/suspend/index.html b/install/ubuntu/18.10/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+
+ Please contact the technical support department. +
+ + diff --git a/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/18.10/vsftpd/vsftpd.conf b/install/ubuntu/18.10/vsftpd/vsftpd.conf new file mode 100644 index 00000000..75e0104f --- /dev/null +++ b/install/ubuntu/18.10/vsftpd/vsftpd.conf @@ -0,0 +1,40 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_promiscuous=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh new file mode 100644 index 00000000..2bae6418 --- /dev/null +++ b/install/vst-install-amazon.sh @@ -0,0 +1,1379 @@ +#!/bin/bash + +# Vesta Amazon installer v.05 + +#----------------------------------------------------------# +# Variables&Functions # +#----------------------------------------------------------# +export PATH=$PATH:/sbin +RHOST='r.vestacp.com' +CHOST='c.vestacp.com' +REPO='cmmnt' +VERSION='rhel' +VESTA='/usr/local/vesta' +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +os='rhel' +release='6' +codename="${os}_$release" +vestacp="$VESTA/install/$VERSION/$release" + +# Defining software pack for all distros +software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded + php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt + php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql + awstats webalizer vsftpd proftpd bind bind-utils bind-libs exim dovecot + clamd spamassassin mysql mysql-server phpMyAdmin postgresql + postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients + ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois + mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban + which vesta vesta-nginx vesta-php vim-common expect vesta-ioncube + vesta-softaculous" + +# Defining help function +help() { + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -r, --remi Install Remi repo [yes|no] default: yes + -o, --softaculous Install Softaculous [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" + exit 1 +} + +# Defining password-gen function +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + LENGTH=10 + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +# Defining 32 char blowfish_secret +blowfish_secret=`openssl rand -base64 32`; + +# Defining return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} + +# Defining function to set default language value +set_default_lang() { + if [ -z "$lang" ]; then + eval lang=$1 + fi + lang_list=" + ar cz el fa hu ja no pt se ua + bs da en fi id ka pl ro tr vi + cn de es fr it nl pt-BR ru tw + bg ko sr th ur" + if !(echo $lang_list |grep -w $lang 1>&2>/dev/null); then + eval lang=$1 + fi +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +# Translating argument to --gnu-long-options +for arg; do + delim="" + case "$arg" in + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --remi) args="${args}-r " ;; + --softaculous) args="${args}-o " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; + --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; + esac +done +eval set -- "$args" + +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do + case $Option in + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + r) remi=$OPTARG ;; # Remi repo + o) softaculous=$OPTARG ;; # Softaculous plugin + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) + esac +done + +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' +else + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' +fi +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'remi' 'yes' +set_default_value 'softaculous' 'yes' +set_default_value 'quota' 'no' +set_default_value 'interactive' 'yes' +set_default_lang 'en' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' +fi +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' +fi + +# Checking root permissions +if [ "x$(id -u)" != 'x0' ]; then + check_result 1 "Script can be run executed only by root" +fi + +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then + echo 'Please remove admin user account before proceeding.' + echo 'If you want to do it automatically run installer with -f option:' + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" +fi + +# Checking wget +if [ ! -e '/usr/bin/wget' ]; then + yum -y install wget + check_result $? "Can't install wget" +fi + +# Checking repository availability +wget -q "c.vestacp.com/GPG.txt" -O /dev/null +check_result $? "No access to Vesta repository" + +# Checking installed packages +tmpfile=$(mktemp -p /tmp) +rpm -qa > $tmpfile +for pkg in exim mysql-server httpd nginx vesta; do + if [ ! -z "$(grep $pkg $tmpfile)" ]; then + conflicts="$pkg $conflicts" + fi +done +rm -f $tmpfile +if [ ! -z "$conflicts" ] && [ -z "$force" ]; then + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + echo 'Following packages are already installed:' + echo "$conflicts" + echo + echo 'It is highly recommended to remove them before proceeding.' + echo 'If you want to force installation run this script with -f option:' + echo "Example: bash $0 --force" + echo + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + check_result 1 "Control Panel should be installed on clean server." +fi + + +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ASCII logo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'The following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' +fi + +# Mail stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim Mail Server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'ClamAV ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'SpamAssassin' + fi + fi + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi + +# Database stack +if [ "$mysql" = 'yes' ]; then + if [ $release -ge 7 ]; then + echo ' - MariaDB Database Server' + else + echo ' - MySQL Database Server' + fi +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Softaculous +if [ "$softaculous" = 'yes' ]; then + echo ' - Softaculous Plugin' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi + + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi + + # Asking to set FQDN hostname + if [ -z "$servername" ]; then + read -p "Please enter FQDN hostname [$(hostname)]: " servername + fi +fi + +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(gen_pass) +fi + +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) +fi + +# Set FQDN if it wasn't set +mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' +mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' +if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then + if [ ! -z "$servername" ]; then + servername="$servername.example.com" + else + servername="example.com" + fi + echo "127.0.0.1 $servername" >> /etc/hosts +fi + +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab +fi + + +#----------------------------------------------------------# +# Install repositories # +#----------------------------------------------------------# + +# Updating system +yum -y update +check_result $? 'yum update failed' + +# Enabling EPEL repository +sed "1,10s/enabled=0/enabled=1/" -i /etc/yum.repos.d/epel.repo +yum -y update +check_result $? "Can't install EPEL repository" + +# Installing Nginx repository +nrepo="/etc/yum.repos.d/nginx.repo" +echo "[nginx]" > $nrepo +echo "name=nginx repo" >> $nrepo +echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo +echo "gpgcheck=0" >> $nrepo +echo "enabled=1" >> $nrepo + +# Installing Vesta repository +vrepo='/etc/yum.repos.d/vesta.repo' +echo "[vesta]" > $vrepo +echo "name=Vesta - $REPO" >> $vrepo +echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo +echo "enabled=1" >> $vrepo +echo "gpgcheck=1" >> $vrepo +echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo +wget c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA + + +#----------------------------------------------------------# +# Backup # +#----------------------------------------------------------# + +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ + spamassassin mysql postgresql mongodb vesta + +# Backup Nginx configuration +service nginx stop > /dev/null 2>&1 +cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 + +# Backup Apache configuration +service httpd stop > /dev/null 2>&1 +cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 + +# Backup PHP-FPM configuration +service php-fpm stop >/dev/null 2>&1 +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 +cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 +mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 + +# Backup Bind configuration +yum remove bind-chroot > /dev/null 2>&1 +service named stop > /dev/null 2>&1 +cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 + +# Backup Vsftpd configuration +service vsftpd stop > /dev/null 2>&1 +cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 + +# Backup ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backup Exim configuration +service exim stop > /dev/null 2>&1 +cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 + +# Backup ClamAV configuration +service clamd stop > /dev/null 2>&1 +cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 +cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 + +# Backup SpamAssassin configuration +service spamassassin stop > /dev/null 2>&1 +cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 + +# Backup Dovecot configuration +service dovecot stop > /dev/null 2>&1 +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 + +# Backup MySQL/MariaDB configuration and data +service mysql stop > /dev/null 2>&1 +service mysqld stop > /dev/null 2>&1 +service mariadb stop > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 +cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 +cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 +mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 + +# Backup MySQL/MariaDB configuration and data +service postgresql stop > /dev/null 2>&1 +mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 + +# Backup Vesta +service vesta stop > /dev/null 2>&1 +mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 +mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Excludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software=$(echo "$software" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software=$(echo "$software" | sed -e "s/httpd//") + software=$(echo "$software" | sed -e "s/mod_ssl//") + software=$(echo "$software" | sed -e "s/mod_fcgid//") + software=$(echo "$software" | sed -e "s/mod_ruid2//") +fi +if [ "$phpfpm" = 'no' ]; then + software=$(echo "$software" | sed -e "s/php-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/proftpd//") +fi +if [ "$named" = 'no' ]; then + software=$(echo "$software" | sed -e "s/bind //") +fi +if [ "$exim" = 'no' ]; then + software=$(echo "$software" | sed -e "s/exim//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") + software=$(echo "$software" | sed -e "s/spamassassin//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/roundcubemail//") +fi +if [ "$clamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") +fi +if [ "$spamd" = 'no' ]; then + software=$(echo "$software" | sed -e 's/spamassassin//') +fi +if [ "$dovecot" = 'no' ]; then + software=$(echo "$software" | sed -e "s/dovecot//") +fi +if [ "$mysql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/mysql //') + software=$(echo "$software" | sed -e 's/mysql-server//') + software=$(echo "$software" | sed -e 's/mariadb //') + software=$(echo "$software" | sed -e 's/mariadb-server//') + software=$(echo "$software" | sed -e 's/php-mysql//') + software=$(echo "$software" | sed -e 's/phpMyAdmin//') + software=$(echo "$software" | sed -e 's/roundcubemail//') +fi +if [ "$postgresql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/postgresql //') + software=$(echo "$software" | sed -e 's/postgresql-server//') + software=$(echo "$software" | sed -e 's/postgresql-contrib//') + software=$(echo "$software" | sed -e 's/php-pgsql//') + software=$(echo "$software" | sed -e 's/phpPgAdmin//') +fi +if [ "$softaculous" = 'no' ]; then + software=$(echo "$software" | sed -e 's/vesta-softaculous//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + + +#----------------------------------------------------------# +# Install packages # +#----------------------------------------------------------# + +# Installing rpm packages +yum -y install $software +check_result $? "yum install failed" + +# Installing roundcube +if [ "$exim" != 'no' ]; then + yum -y install --exclude=php-pear-Auth-SASL-0:1.0.4-1.2.amzn1.noarch \ + --exclude=php5\* --exclude=httpd24\* roundcubemail + check_result $? "yum install failed" +fi + + +#----------------------------------------------------------# +# Configure system # +#----------------------------------------------------------# + +# Restarting rsyslog +service rsyslog restart > /dev/null 2>&1 + +# Checking ipv6 on loopback interface +check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') +check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) +if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then + ip addr add ::2/128 scope global dev lo + echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local + echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local + chmod a+x /etc/rc.local +fi + +# Disabling SELinux +if [ -e '/etc/sysconfig/selinux' ]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 2>/dev/null +fi + +# Disabling iptables +service iptables stop + +# Configuring NTP synchronization +echo '#!/bin/sh' > /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +chmod 775 /etc/cron.daily/ntpdate +ntpdate -s pool.ntp.org + +# Disabling webalizer routine +rm -f /etc/cron.daily/00webalizer + +# Adding backup user +adduser backup 2>/dev/null +ln -sf /home/backup /backup +chmod a+x /backup + +# Set directory color +echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile + +# Changing default systemd interval +if [ "$release" -eq '7' ]; then + # Hi Lennart + echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf + echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf + systemctl daemon-reexec +fi + + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# Installing sudo configuration +mkdir -p /etc/sudoers.d +cp -f $vestacp/sudo/admin /etc/sudoers.d/ +chmod 440 /etc/sudoers.d/admin + +# Configuring system env +echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile + +# Configuring logrotate for vesta logs +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ + +# Building directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ + $VESTA/data/sessions +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log +chmod -R 750 $VESTA/data/queue +chmod 660 $VESTA/log/* +rm -f /var/log/vesta +ln -s $VESTA/log /var/log/vesta +chmod 770 $VESTA/data/sessions + +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# Web stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf +fi +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf +fi + +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi +fi + +# Cron daemon +echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf +fi + +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf +fi + +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ + +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ + +# Copying index.html to default documentroot +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/html/ +sed -i 's/%domain%/It worked!/g' /var/www/html/index.html + +# Installing firewall rules +chkconfig firewalld off >/dev/null 2>&1 +cp -rf $vestacp/firewall $VESTA/data/ + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null + +# Generating SSL certificate +$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ + 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + +# Parsing certificate file +crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) +key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) +key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) + +# Adding SSL certificate +cd $VESTA/ssl +sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt +sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* +rm /tmp/vst.pem + + +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# + +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/nginx.service.d + cd /etc/systemd/system/nginx.service.d + echo "[Service]" > limits.conf + echo "LimitNOFILE=500000" >> limits.conf + fi + chkconfig nginx on + service nginx start + check_result $? "nginx start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 3 && service nginx restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + cp -f $vestacp/httpd/httpd.conf /etc/httpd/conf/ + cp -f $vestacp/httpd/status.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ + cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ + if [ $release -lt 7 ]; then + cd /etc/httpd/conf.d + echo "MEFaccept 127.0.0.1" >> mod_extract_forwarded.conf + echo > proxy_ajp.conf + fi + if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then + cd /etc/httpd/conf.modules.d + sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf + fi + echo > /etc/httpd/conf.d/vesta.conf + cd /var/log/httpd + touch access_log error_log suexec.log + chmod 640 access_log error_log suexec.log + chmod -f 777 /var/lib/php/session + chmod a+x /var/log/httpd + mkdir -p /var/log/httpd/domains + chmod 751 /var/log/httpd/domains + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/httpd.service.d + cd /etc/systemd/system/httpd.service.d + echo "[Service]" > limits.conf + echo "LimitNOFILE=500000" >> limits.conf + fi + chkconfig httpd on + service httpd start + check_result $? "httpd start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 2 && service httpd restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php-fpm.d/ + chkconfig php-fpm on + service php-fpm start + check_result $? "php-fpm start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -e '/etc/sysconfig/clock' ]; then + source /etc/sysconfig/clock +fi +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +for pconf in $(find /etc/php* -name php.ini); do + sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf +done + + +#----------------------------------------------------------# +# Configure Vsftpd # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + cp -f $vestacp/vsftpd/vsftpd.conf /etc/vsftpd/ + chkconfig vsftpd on + service vsftpd start + check_result $? "vsftpd start failed" + + # To be deleted after release 0.9.8-18 + echo "/sbin/nologin" >> /etc/shells +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + cp -f $vestacp/proftpd/proftpd.conf /etc/ + chkconfig proftpd on + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL/MariaDB # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi + + mkdir -p /var/lib/mysql + chown mysql:mysql /var/lib/mysql + mkdir -p /etc/my.cnf.d + + if [ $release -lt 7 ]; then + service='mysqld' + else + service='mariadb' + fi + + cp -f $vestacp/$service/$mycnf /etc/my.cnf + chkconfig $service on + service $service start + if [ "$?" -ne 0 ]; then + if [ -e "/proc/user_beancounters" ]; then + # Fix for aio on OpenVZ + sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf + fi + service $service start + check_result $? "$service start failed" + fi + + # Securing MySQL installation + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php + sed -i "s#%blowfish_secret#$blowfish_secret#g" /etc/phpMyAdmin/config.inc.php +fi + + +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) + if [ $release -eq 5 ]; then + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" + service postgresql stop + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ + service postgresql start + else + service postgresql initdb + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" + fi + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phpPgAdmin.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phpPgAdmin/ +fi + + +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + cp -f $vestacp/named/named.conf /etc/ + chown root:named /etc/named.conf + chmod 640 /etc/named.conf + chkconfig named on + service named start + check_result $? "named start failed" +fi + + +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a exim mail + cp -f $vestacp/exim/exim.conf /etc/exim/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim/ + touch /etc/exim/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf + fi + + chmod 640 /etc/exim/exim.conf + rm -rf /etc/exim/domains + mkdir -p /etc/exim/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta + chkconfig sendmail off 2>/dev/null + service sendmail stop 2>/dev/null + chkconfig postfix off 2>/dev/null + service postfix stop 2>/dev/null + + chkconfig exim on + service exim start + check_result $? "exim start failed" +fi + + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ + chown -R root:root /etc/dovecot* + chkconfig dovecot on + service dovecot start + check_result $? "dovecot start failed" +fi + + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then + useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null + gpasswd -a clam exim + gpasswd -a clam mail + cp -f $vestacp/clamav/clamd.conf /etc/ + cp -f $vestacp/clamav/freshclam.conf /etc/ + mkdir -p /var/log/clamav /var/run/clamav + chown clam:clam /var/log/clamav /var/run/clamav + chown -R clam:clam /var/lib/clamav + if [ "$release" -ge '7' ]; then + cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ + systemctl --system daemon-reload + fi + /usr/bin/freshclam + if [ "$release" -ge '7' ]; then + sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service + systemctl daemon-reload + fi + chkconfig clamd on + service clamd start + #check_result $? "clamd start failed" +fi + + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then + chkconfig spamassassin on + service spamassassin start + check_result $? "spamassassin start failed" + if [ "$release" -ge '7' ]; then + groupadd -g 1001 spamd + useradd -u 1001 -g spamd -s /sbin/nologin -d \ + /var/lib/spamassassin spamd + mkdir /var/lib/spamassassin + chown spamd:spamd /var/lib/spamassassin + fi +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/roundcube/roundcubemail.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/roundcube/main.inc.php /etc/roundcubemail/config.inc.php + cd /usr/share/roundcubemail/plugins/password + cp -f $vestacp/roundcube/vesta.php drivers/vesta.php + cp -f $vestacp/roundcube/config.inc.php config.inc.php + sed -i "s/localhost/$servername/g" config.inc.php + chmod a+r /etc/roundcubemail/* + chmod -f 777 /var/log/roundcubemail + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO + roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php + chmod 640 /etc/roundcubemail/config.inc.php + chown root:apache /etc/roundcubemail/config.inc.php + if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then + mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql + else + mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql + fi +fi + + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then + cp -rf $vestacp/fail2ban /etc/ + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$vsftpd" = 'yes' ]; then + #Create vsftpd Log File + if [ ! -f "/var/log/vsftpd.log" ]; then + touch /var/log/vsftpd.log + fi + fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local + fi + chkconfig fail2ban on + mkdir -p /var/run/fail2ban + if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then + exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' + sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ + /usr/lib/systemd/system/fail2ban.service + systemctl daemon-reload + fi + service fail2ban start + check_result $? "fail2ban start failed" +fi + + +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# + +# Deleting old admin user +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then + chattr -i /home/admin/conf > /dev/null 2>&1 + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 +fi +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then + groupdel admin > /dev/null 2>&1 +fi + +# Adding Vesta admin account +$VESTA/bin/v-add-user admin $vpass $email default System Administrator +check_result $? "can't create admin user" +$VESTA/bin/v-change-user-shell admin bash +$VESTA/bin/v-change-user-language admin $lang + +# Configuring system IPs +$VESTA/bin/v-update-sys-ip + +# Get main IP +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) + +# Configuring firewall +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi + +# Get public IP +pub_ip=$(curl -s vestacp.com/what-is-my-ip/) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip + ip=$pub_ip +fi + +# Configuring MySQL host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $mpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi + +# Configuring PostgreSQL host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi + +# Adding default domain +$VESTA/bin/v-add-domain admin $servername + +# Adding cron jobs +command="sudo $VESTA/bin/v-update-sys-queue disk" +$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue traffic" +$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue webstats" +$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue backup" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-backup-users" +$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-user-stats" +$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-rrd" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service crond restart + +# Building RRD images +$VESTA/bin/v-update-sys-rrd + +# Enabling file system quota +if [ "$quota" = 'yes' ]; then + $VESTA/bin/v-add-sys-quota +fi + +# Enabling Softaculous plugin +if [ "$softaculous" = 'yes' ]; then + $VESTA/bin/v-add-vesta-softaculous +fi + +# Starting Vesta service +chkconfig vesta on +service vesta start +check_result $? "vesta start failed" +chown admin:admin $VESTA/data/sessions + +# Adding notifications +$VESTA/upd/add_notifications.sh + +# Adding cronjob for autoupdates +$VESTA/bin/v-add-cron-vesta-autoupdate + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Comparing hostname and IP +host_ip=$(host $servername |head -n 1 |awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" +fi + +# Sending notification to admin email +echo -e "Congratulations, you have just successfully installed \ +Vesta Control Panel + + https://$ip:8083 + username: admin + password: $vpass + +We hope that you enjoy your installation of Vesta. Please \ +feel free to contact us anytime if you have any questions. +Thank you. + +-- +Sincerely yours +vestacp.com team +" > $tmpfile + +send_mail="$VESTA/web/inc/mail-wrapper.php" +cat $tmpfile | $send_mail -s "Vesta Control Panel" $email + +# Congrats +echo '=======================================================' +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _|_|_|_| _|_|_| _| _| _| ' +echo +echo +cat $tmpfile +rm -f $tmpfile + +# EOF diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4b5d293d..ad9599e3 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -16,7 +16,7 @@ arch=$(uname -i) os='debian' release=$(cat /etc/debian_version|grep -o [0-9]|head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" if [ "$release" -eq 9 ]; then software="nginx apache2 apache2-utils apache2-suexec-custom @@ -29,7 +29,7 @@ if [ "$release" -eq 9 ]; then flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common vesta-ioncube vesta-softaculous net-tools" + unrar-free vim-common vesta-ioncube vesta-softaculous net-tools unzip" elif [ "$release" -eq 8 ]; then software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 @@ -42,7 +42,7 @@ elif [ "$release" -eq 8 ]; then flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common vesta-ioncube vesta-softaculous net-tools" + unrar-free vim-common vesta-ioncube vesta-softaculous net-tools unzip" else software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 @@ -55,7 +55,7 @@ else flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect unrar-free - vim-common vesta-ioncube vesta-softaculous net-tools" + vim-common vesta-ioncube vesta-softaculous net-tools unzip" fi # Defining help function @@ -260,7 +260,7 @@ if [ "x$(id -u)" != 'x0' ]; then fi # Checking admin user account -if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" @@ -274,7 +274,7 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/deb_signing.key" -O /dev/null +wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" # Check installed packages @@ -478,6 +478,17 @@ echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list wget $CHOST/deb_signing.key -O deb_signing.key apt-key add deb_signing.key +# Installing jessie backports +if [ "$release" -eq 8 ]; then + if [ ! -e /etc/apt/apt.conf ]; then + echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf + fi + if [ ! -e /etc/apt/sources.list.d/backports.list ]; then + echo "deb http://archive.debian.org/debian jessie-backports main" >\ + /etc/apt/sources.list.d/backports.list + fi +fi + #----------------------------------------------------------# # Backup # @@ -682,9 +693,9 @@ chmod 755 /usr/bin/rssh # Configure VESTA # #----------------------------------------------------------# -# Downloading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -695,8 +706,8 @@ echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile -# Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +# Configuring logrotate for Vesta logs +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ @@ -711,7 +722,6 @@ chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta -chown admin:admin $VESTA/data/sessions chmod 770 $VESTA/data/sessions # Generating vesta configuration @@ -808,25 +818,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Downloading firewall rules -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -855,12 +858,12 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults @@ -874,9 +877,9 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf - wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf - wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + cp -f $vestacp/apache2/apache2.conf /etc/apache2/ + cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ + cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl @@ -909,12 +912,12 @@ fi if [ "$phpfpm" = 'yes' ]; then if [ "$release" -eq 9 ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php/7.0/fpm/pool.d/www.conf + cp -f $vestacp/php-fpm/www.conf /etc/php/7.0/fpm/pool.d/www.conf update-rc.d php7.0-fpm defaults service php7.0-fpm start check_result $? "php-fpm start failed" else - wget $vestacp/php5-fpm/www.conf -O /etc/php5/fpm/pool.d/www.conf + cp -f $vestacp/php5-fpm/www.conf /etc/php5/fpm/pool.d/www.conf update-rc.d php5-fpm defaults service php5-fpm start check_result $? "php-fpm start failed" @@ -941,7 +944,7 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/ update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" @@ -957,7 +960,7 @@ fi if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" @@ -978,15 +981,16 @@ if [ "$mysql" = 'yes' ]; then fi # MySQL configuration - wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf mysql_install_db update-rc.d mysql defaults service mysql start check_result $? "mysql start failed" # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -996,10 +1000,10 @@ if [ "$mysql" = 'yes' ]; then # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ chmod 777 /var/lib/phpmyadmin/tmp fi @@ -1008,16 +1012,16 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + ppass=$(gen_pass) + cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phppgadmin.conf \ - -O /etc/apache2/conf.d/phppgadmin.conf + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1026,7 +1030,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/bind/named.conf -O /etc/bind/named.conf + cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf @@ -1047,9 +1051,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail - wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template - wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1082,13 +1086,12 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + if [ "$release" -eq 9 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" @@ -1102,7 +1105,7 @@ fi if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim - wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf + cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults if [ ! -d "/var/run/clamav" ]; then @@ -1143,19 +1146,18 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php - wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ chmod 640 /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/config.inc.php chown root:www-data /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/config.inc.php - wget $vestacp/roundcube/vesta.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O \ - /etc/roundcube/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* @@ -1206,10 +1208,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1220,6 +1219,15 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi + if [ "$vsftpd" = 'yes' ]; then + #Create vsftpd Log File + if [ ! -f "/var/log/vsftpd.log" ]; then + touch /var/log/vsftpd.log + fi + fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local + fi update-rc.d fail2ban defaults service fail2ban start check_result $? "fail2ban start failed" @@ -1238,7 +1246,7 @@ if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi @@ -1298,13 +1306,13 @@ fi # Configuring mysql host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring pgsql host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi @@ -1359,9 +1367,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and ip host_ip=$(host $servername| head -n 1 | awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 1ba55cdf..4ea5154c 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -16,30 +16,27 @@ arch=$(uname -i) os=$(cut -f 1 -d ' ' /etc/redhat-release) release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) codename="${os}_$release" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" -eq 7 ]; then - software="nginx httpd mod_ssl mod_ruid2 mod_fcgid php php-common php-cli - php-bcmath php-gd php-imap php-mbstring php-mcrypt php-mysql php-pdo - php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql awstats webalizer - vsftpd proftpd bind bind-utils bind-libs exim dovecot clamav-server - clamav-update spamassassin roundcubemail mariadb mariadb-server phpMyAdmin - postgresql postgresql-server postgresql-contrib phpPgAdmin e2fsprogs - openssh-clients ImageMagick curl mc screen ftp zip unzip flex sqlite pcre - sudo bc jwhois mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype - fail2ban rsyslog iptables-services which vesta vesta-nginx vesta-php - vim-common expect vesta-ioncube vesta-softaculous" -else - software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded - php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt - php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql - awstats webalizer vsftpd proftpd bind bind-utils bind-libs exim dovecot - clamd spamassassin roundcubemail mysql mysql-server phpMyAdmin postgresql - postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients - ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois - mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban - which vesta vesta-nginx vesta-php vim-common expect vesta-ioncube - vesta-softaculous" +# Defining software pack for all distros +software="nginx awstats bc bind bind-libs bind-utils clamav-server clamav-update + curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd + ImageMagick iptables-services jwhois lsof mailx mariadb mariadb-server mc + mod_fcgid mod_ruid2 mod_ssl net-tools ntp openssh-clients pcre php + php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring + php-mcrypt phpMyAdmin php-mysql php-pdo phpPgAdmin php-pgsql php-soap + php-tidy php-xml php-xmlrpc postgresql postgresql-contrib + postgresql-server proftpd roundcubemail rrdtool rsyslog screen + spamassassin sqlite sudo tar telnet unzip vesta vesta-ioncube vesta-nginx + vesta-php vesta-softaculous vim-common vsftpd webalizer which zip" + +# Fix for old releases +if [ "$release" -lt 7 ]; then + software=$(echo "$software" |sed -e "s/mariadb/mysql/g") + software=$(echo "$software" |sed -e "s/clamav-server/clamd/") + software=$(echo "$software" |sed -e "s/clamav-update//") + software=$(echo "$software" |sed -e "s/iptables-services//") + software="$software mod_extract_forwarded" fi # Defining help function @@ -105,7 +102,7 @@ set_default_value() { fi } -# Define function to set default language value +# Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 @@ -125,9 +122,6 @@ set_default_lang() { # Verifications # #----------------------------------------------------------# -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - # Translating argument to --gnu-long-options for arg; do delim="" @@ -239,7 +233,6 @@ if [ "$iptables" = 'no' ]; then fail2ban='no' fi - # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then check_result 1 "Script can be run executed only by root" @@ -260,16 +253,18 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/GPG.txt" -O /dev/null +wget -q "c.vestacp.com/GPG.txt" -O /dev/null check_result $? "No access to Vesta repository" # Checking installed packages +tmpfile=$(mktemp -p /tmp) rpm -qa > $tmpfile for pkg in exim mysql-server httpd nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done +rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo @@ -290,7 +285,7 @@ fi # Brief Info # #----------------------------------------------------------# -# Printing nice ascii as logo +# Printing nice ASCII logo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' @@ -302,7 +297,7 @@ echo echo ' Vesta Control Panel' echo -e "\n\n" -echo 'Following software will be installed on your system:' +echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then @@ -323,16 +318,16 @@ if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi -# Mail Stack +# Mail stack if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' + echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' + echo -n 'ClamAV ' fi if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' + echo -n 'SpamAssassin' fi fi echo @@ -341,9 +336,9 @@ if [ "$exim" = 'yes' ]; then fi fi -# DB stack +# Database stack if [ "$mysql" = 'yes' ]; then - if [ $release = 7 ]; then + if [ $release -ge 7 ]; then echo ' - MariaDB Database Server' else echo ' - MySQL Database Server' @@ -393,7 +388,7 @@ if [ "$interactive" = 'yes' ]; then # Asking to set FQDN hostname if [ -z "$servername" ]; then - read -p "Please enter FQDN hostname [$(hostname)]: " servername + read -p "Please enter FQDN hostname [$(hostname -f)]: " servername fi fi @@ -448,10 +443,10 @@ fi #----------------------------------------------------------# -# Install repositories # +# Install repository # #----------------------------------------------------------# -# Updating system packages +# Updating system yum -y update check_result $? 'yum update failed' @@ -460,8 +455,8 @@ yum install epel-release -y check_result $? "Can't install EPEL repository" # Installing Remi repository -if [ "$remi" = 'yes' ]; then - rpm -Uvh --force $vestacp/remi-release.rpm +if [ "$remi" = 'yes' ] && [ ! -e "/etc/yum.repos.d/remi.repo" ]; then + rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-$release.rpm check_result $? "Can't install REMI repository" sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/remi.repo fi @@ -482,7 +477,7 @@ echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo echo "enabled=1" >> $vrepo echo "gpgcheck=1" >> $vrepo echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo -wget $vestacp/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA +wget c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA #----------------------------------------------------------# @@ -495,53 +490,53 @@ cd $vst_backups mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ spamassassin mysql postgresql mongodb vesta -# Backing up Nginx configuration +# Backup Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 -# Backing up Apache configuration +# Backup Apache configuration service httpd stop > /dev/null 2>&1 cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 -# Backing up PHP configuration +# Backup PHP-FPM configuration service php-fpm stop >/dev/null 2>&1 cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 -# Backing up Bind configuration +# Backup Bind configuration yum remove bind-chroot > /dev/null 2>&1 service named stop > /dev/null 2>&1 cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 -# Backing up Vsftpd configuration +# Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 -# Backing up ProFTPD configuration +# Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 -# Backing up Exim configuration +# Backup Exim configuration service exim stop > /dev/null 2>&1 cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 -# Backing up ClamAV configuration +# Backup ClamAV configuration service clamd stop > /dev/null 2>&1 cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 -# Backing up SpamAssassin configuration +# Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 -# Backing up Dovecot configuration +# Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 service mysqld stop > /dev/null 2>&1 service mariadb stop > /dev/null 2>&1 @@ -550,18 +545,18 @@ cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service postgresql stop > /dev/null 2>&1 mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 -# Backing up Vesta configuration and data +# Backup Vesta service vesta stop > /dev/null 2>&1 mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 #----------------------------------------------------------# -# Package Exludes # +# Package Excludes # #----------------------------------------------------------# # Excluding packages @@ -636,13 +631,16 @@ fi #----------------------------------------------------------# # Installing rpm packages -if [ "$remi" = 'yes' ]; then - yum -y --disablerepo=* \ - --enablerepo="*base,*updates,nginx,epel,vesta,remi*" \ - install $software -else - yum -y --disablerepo=* --enablerepo="*base,*updates,nginx,epel,vesta" \ - install $software +yum install -y $software +if [ $? -ne 0 ]; then + if [ "$remi" = 'yes' ]; then + yum -y --disablerepo=* \ + --enablerepo="*base,*updates,nginx,epel,vesta,remi*" \ + install $software + else + yum -y --disablerepo=* --enablerepo="*base,*updates,nginx,epel,vesta" \ + install $software + fi fi check_result $? "yum install failed" @@ -671,8 +669,10 @@ if [ -e '/etc/sysconfig/selinux' ]; then setenforce 0 2>/dev/null fi -# Disable iptables +# Disabling iptables service iptables stop +service firewalld stop >/dev/null 2>&1 + # Configuring NTP synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate @@ -688,9 +688,13 @@ adduser backup 2>/dev/null ln -sf /home/backup /backup chmod a+x /backup -# Chaning default directory color +# Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile +# Register /sbin/nologin and /usr/sbin/nologin +echo "/sbin/nologin" >> /etc/shells +echo "/usr/sbin/nologin" >> /etc/shells + # Changing default systemd interval if [ "$release" -eq '7' ]; then # Hi Lennart @@ -704,9 +708,9 @@ fi # Configure VESTA # #----------------------------------------------------------# -# Downlading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -718,9 +722,9 @@ echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ -# Buidling directory tree and creating some blank files for vesta +# Building directory tree and creating some blank files for Vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions @@ -734,14 +738,13 @@ chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta chmod 770 $VESTA/data/sessions -chown admin:admin $VESTA/data/sessions -# Generating vesta configuration +# Generating Vesta configuration rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf -# WEB stack +# Web stack if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf @@ -799,7 +802,7 @@ if [ "$exim" = 'yes' ]; then fi fi -# CRON daemon +# Cron daemon echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf # Firewall stack @@ -824,26 +827,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/html/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/html/ sed -i 's/%domain%/It worked!/g' /var/www/html/index.html -# Downloading firewall rules -chkconfig firewalld off >/dev/null 2>&1 -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -872,16 +867,16 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/nginx.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/nginx.service.d cd /etc/systemd/system/nginx.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -891,7 +886,7 @@ if [ "$nginx" = 'yes' ]; then check_result $? "nginx start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 3 && service nginx restart" >> /etc/rc.local fi @@ -903,29 +898,30 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - cd /etc/httpd - wget $vestacp/httpd/httpd.conf -O conf/httpd.conf - wget $vestacp/httpd/status.conf -O conf.d/status.conf - wget $vestacp/httpd/ssl.conf -O conf.d/ssl.conf - wget $vestacp/httpd/ruid2.conf -O conf.d/ruid2.conf - wget $vestacp/logrotate/httpd -O /etc/logrotate.d/httpd - if [ $release -ne 7 ]; then - echo "MEFaccept 127.0.0.1" >> conf.d/mod_extract_forwarded.conf - echo > conf.d/proxy_ajp.conf + cp -f $vestacp/httpd/httpd.conf /etc/httpd/conf/ + cp -f $vestacp/httpd/status.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ + cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ + if [ $release -lt 7 ]; then + cd /etc/httpd/conf.d + echo "MEFaccept 127.0.0.1" >> mod_extract_forwarded.conf + echo > proxy_ajp.conf fi - if [ -e "conf.modules.d/00-dav.conf" ]; then - sed -i "s/^/#/" conf.modules.d/00-dav.conf conf.modules.d/00-lua.conf - sed -i "s/^/#/" conf.modules.d/00-proxy.conf + if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then + cd /etc/httpd/conf.modules.d + sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf fi - echo > conf.d/vesta.conf - touch logs/access_log logs/error_log logs/error_log logs/suexec.log - chmod 640 logs/access_log logs/error_log logs/error_log logs/suexec.log + echo > /etc/httpd/conf.d/vesta.conf + cd /var/log/httpd + touch access_log error_log suexec.log + chmod 640 access_log error_log suexec.log chmod -f 777 /var/lib/php/session chmod a+x /var/log/httpd mkdir -p /var/log/httpd/domains chmod 751 /var/log/httpd/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/httpd.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/httpd.service.d cd /etc/systemd/system/httpd.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -935,7 +931,7 @@ if [ "$apache" = 'yes' ]; then check_result $? "httpd start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 2 && service httpd restart" >> /etc/rc.local fi @@ -947,7 +943,7 @@ fi #----------------------------------------------------------# if [ "$phpfpm" = 'yes' ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php-fpm.d/www.conf + cp -f $vestacp/php-fpm/www.conf /etc/php-fpm.d/ chkconfig php-fpm on service php-fpm start check_result $? "php-fpm start failed" @@ -966,23 +962,20 @@ if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done #----------------------------------------------------------# -# Configure VSFTPD # +# Configure Vsftpd # #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/vsftpd/ chkconfig vsftpd on service vsftpd start check_result $? "vsftpd start failed" - - # To be deleted after release 0.9.8-18 - echo "/sbin/nologin" >> /etc/shells fi @@ -991,7 +984,7 @@ fi #----------------------------------------------------------# if [ "$proftpd" = 'yes' ]; then - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/ chkconfig proftpd on service proftpd start check_result $? "proftpd start failed" @@ -1016,13 +1009,13 @@ if [ "$mysql" = 'yes' ]; then chown mysql:mysql /var/lib/mysql mkdir -p /etc/my.cnf.d - if [ $release -ne 7 ]; then + if [ $release -lt 7 ]; then service='mysqld' else service='mariadb' fi - wget $vestacp/$service/$mycnf -O /etc/my.cnf + cp -f $vestacp/$service/$mycnf /etc/my.cnf chkconfig $service on service $service start if [ "$?" -ne 0 ]; then @@ -1035,8 +1028,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1046,10 +1040,17 @@ if [ "$mysql" = 'yes' ]; then # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/phpMyAdmin.conf -O /etc/httpd/conf.d/phpMyAdmin.conf + cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi - wget $vestacp/pma/config.inc.conf -O /etc/phpMyAdmin/config.inc.php - sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php + mysql < /usr/share/phpMyAdmin/sql/create_tables.sql + p=$(gen_pass) + mysql -e "GRANT ALL ON phpmyadmin.* + TO phpmyadmin@localhost IDENTIFIED BY '$p'" + cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php + sed -i "s/%blowfish_secret%/$(gen_pass 32)/g" /etc/phpMyAdmin/config.inc.php + sed -i "s/%phpmyadmin_pass%/$p/g" /etc/phpMyAdmin/config.inc.php + chmod 777 /var/lib/phpMyAdmin/temp + chmod 777 /var/lib/phpMyAdmin/save fi @@ -1058,23 +1059,24 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - if [ $release = 5 ]; then + ppass=$(gen_pass) + if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start else service postgresql initdb - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phpPgAdmin.conf -O /etc/httpd/conf.d/phpPgAdmin.conf + cp -f $vestacp/pga/phpPgAdmin.conf /etc/httpd/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phpPgAdmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phpPgAdmin/ fi @@ -1083,7 +1085,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/named/named.conf -O /etc/named.conf + cp -f $vestacp/named/named.conf /etc/ chown root:named /etc/named.conf chmod 640 /etc/named.conf chkconfig named on @@ -1098,9 +1100,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a exim mail - wget $vestacp/exim/exim.conf -O /etc/exim/exim.conf - wget $vestacp/exim/dnsbl.conf -O /etc/exim/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim/spam-blocks.conf + cp -f $vestacp/exim/exim.conf /etc/exim/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim/ touch /etc/exim/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1133,13 +1135,12 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + if [ "$release" -eq 7 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi chkconfig dovecot on service dovecot start check_result $? "dovecot start failed" @@ -1154,19 +1155,17 @@ if [ "$clamd" = 'yes' ]; then useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null gpasswd -a clam exim gpasswd -a clam mail - wget $vestacp/clamav/clamd.conf -O /etc/clamd.conf - wget $vestacp/clamav/freshclam.conf -O /etc/freshclam.conf - mkdir -p /var/log/clamav - mkdir -p /var/run/clamav + cp -f $vestacp/clamav/clamd.conf /etc/ + cp -f $vestacp/clamav/freshclam.conf /etc/ + mkdir -p /var/log/clamav /var/run/clamav chown clam:clam /var/log/clamav /var/run/clamav chown -R clam:clam /var/lib/clamav - if [ "$release" -eq '7' ]; then - wget $vestacp/clamav/clamd.service -O \ - /usr/lib/systemd/system/clamd.service + if [ "$release" -ge '7' ]; then + cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ systemctl --system daemon-reload fi /usr/bin/freshclam - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service systemctl daemon-reload fi @@ -1184,7 +1183,7 @@ if [ "$spamd" = 'yes' ]; then chkconfig spamassassin on service spamassassin start check_result $? "spamassassin start failed" - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then groupadd -g 1001 spamd useradd -u 1001 -g spamd -s /sbin/nologin -d \ /var/lib/spamassassin spamd @@ -1200,15 +1199,13 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/roundcubemail.conf \ - -O /etc/httpd/conf.d/roundcubemail.conf + cp -f $vestacp/roundcube/roundcubemail.conf /etc/httpd/conf.d/ fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcubemail/config.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcubemail/config.inc.php cd /usr/share/roundcubemail/plugins/password - wget $vestacp/roundcube/vesta.php -O drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O config.inc.php - sed -i "s/localhost/$servername/g" \ - /usr/share/roundcubemail/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php drivers/vesta.php + cp -f $vestacp/roundcube/config.inc.php config.inc.php + sed -i "s/localhost/$servername/g" config.inc.php chmod a+r /etc/roundcubemail/* chmod -f 777 /var/log/roundcubemail r="$(gen_pass)" @@ -1231,10 +1228,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1253,9 +1247,9 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local - fi + fi chkconfig fail2ban on - /bin/mkdir -p /var/run/fail2ban + mkdir -p /var/run/fail2ban if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ @@ -1283,46 +1277,48 @@ if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Adding vesta account +# Adding Vesta admin account $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang -# Configuring system ips +# Configuring system IPs $VESTA/bin/v-update-sys-ip -# Get main ip +# Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Firewall configuration +# Configuring firewall if [ "$iptables" = 'yes' ]; then + chkconfig firewalld off >/dev/null 2>&1 $VESTA/bin/v-update-firewall fi -# Get public ip +# Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi -# Configuring mysql host +# Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi -# Configuring pgsql host +# Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" +# Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" @@ -1339,7 +1335,7 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service crond restart -# Building initial rrd images +# Building RRD images $VESTA/bin/v-update-sys-rrd # Enabling file system quota @@ -1347,12 +1343,12 @@ if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Enabling softaculous plugin +# Enabling Softaculous plugin if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi -# Starting vesta service +# Starting Vesta service chkconfig vesta on service vesta start check_result $? "vesta start failed" @@ -1369,11 +1365,8 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - -# Comparing hostname and ip -host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +# Comparing hostname and IP +host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 223f9d11..653f7fc1 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -16,47 +16,26 @@ arch=$(uname -i) os='ubuntu' release="$(lsb_release -s -r)" codename="$(lsb_release -s -c)" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" = '16.04' ]; then - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php php php-common php-cgi - php-mysql php-curl php-fpm php-pgsql awstats webalizer vsftpd - proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon - spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpmyadmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous apparmor-utils" -elif [ "$release" = '16.10' ]; then - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php7.0 php7.0 php7.0-common - php7.0-cgi php7.0-mysql php7.0-curl php7.0-fpm php7.0-pgsql awstats - webalizer vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy - clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpmyadmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous apparmor-utils" -else - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi - php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd - proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon - spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous" +# Defining software pack for all distros +software="nginx apache2 apache2.2-common apache2-suexec-custom apache2-utils + apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon + cron curl dnsutils dovecot-imapd dovecot-pop3d e2fslibs e2fsprogs exim4 + exim4-daemon-heavy expect fail2ban flex ftp git idn imagemagick + libapache2-mod-fcgid libapache2-mod-php libapache2-mod-rpaf + libapache2-mod-ruid2 lsof mc mysql-client mysql-common mysql-server + ntpdate php-cgi php-common php-curl php-fpm phpmyadmin php-mysql + phppgadmin php-pgsql postgresql postgresql-contrib proftpd-basic quota + roundcube-core roundcube-mysql roundcube-plugins rrdtool rssh spamassassin + sudo vesta vesta-ioncube vesta-nginx vesta-php vesta-softaculous + vim-common vsftpd webalizer whois zip net-tools" + +# Fix for old releases +if [[ ${release:0:2} -lt 16 ]]; then + software=$(echo "$software" |sed -e "s/php /php5 /g") + software=$(echo "$software" |sed -e "s/vesta-php5 /vesta-php /g") + software=$(echo "$software" |sed -e "s/php-/php5-/g") fi # Defining help function @@ -103,7 +82,7 @@ gen_pass() { echo "$PASS" } -# Defning return code check function +# Defining return code check function check_result() { if [ $1 -ne 0 ]; then echo "Error: $2" @@ -122,7 +101,7 @@ set_default_value() { fi } -# Define function to set default language value +# Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 @@ -257,11 +236,11 @@ fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then - check_error 1 "Script can be run executed only by root" + check_result 1 "Script can be run executed only by root" fi # Checking admin user account -if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" @@ -275,10 +254,10 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/deb_signing.key" -O /dev/null +wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" -# Check installed packages +# Checking installed packages tmpfile=$(mktemp -p /tmp) dpkg --get-selections > $tmpfile for pkg in exim4 mysql-server apache2 nginx vesta; do @@ -319,7 +298,7 @@ echo echo ' Vesta Control Panel' echo -e "\n\n" -echo 'Following software will be installed on your system:' +echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then @@ -340,16 +319,16 @@ if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi -# Mail Stack +# Mail stack if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' + echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' + echo -n 'ClamAV' fi if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' + echo -n 'SpamAssassin' fi fi echo @@ -358,7 +337,7 @@ if [ "$exim" = 'yes' ]; then fi fi -# DB stack +# Database stack if [ "$mysql" = 'yes' ]; then echo ' - MySQL Database Server' fi @@ -468,6 +447,13 @@ fi apt-get -y upgrade check_result $? 'apt-get upgrade failed' +# Checking universe repository +if [[ ${release:0:2} -gt 16 ]]; then + if [ -z "$(grep universe /etc/apt/sources.list)" ]; then + add-apt-repository -y universe + fi +fi + # Installing nginx repo apt=/etc/apt/sources.list.d echo "deb http://nginx.org/packages/mainline/ubuntu/ $codename nginx" \ @@ -491,52 +477,53 @@ cd $vst_backups mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd mkdir spamassassin mysql postgresql mongodb vesta -# Backing up nginx configuration +# Backup nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 -# Backing up Apache configuration +# Backup Apache configuration service apache2 stop > /dev/null 2>&1 cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1 rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 -# Backing up PHP configuration +# Backup PHP-FPM configuration service php7.0-fpm stop > /dev/null 2>&1 service php5-fpm stop > /dev/null 2>&1 +service php-fpm stop > /dev/null 2>&1 cp -r /etc/php7.0/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php5/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php/* $vst_backups/php/ > /dev/null 2>&1 -# Backing up Bind configuration +# Backup Bind configuration service bind9 stop > /dev/null 2>&1 cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 -# Backing up Vsftpd configuration +# Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 -# Backing up ProFTPD configuration +# Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd > /dev/null 2>&1 -# Backing up Exim configuration +# Backup Exim configuration service exim4 stop > /dev/null 2>&1 cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1 -# Backing up ClamAV configuration +# Backup ClamAV configuration service clamav-daemon stop > /dev/null 2>&1 cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1 -# Backing up SpamAssassin configuration +# Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1 -# Backing up Dovecot configuration +# Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 killall -9 mysqld > /dev/null 2>&1 mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1 @@ -548,7 +535,6 @@ if [ "$release" = '16.04' ] && [ -e '/etc/init.d/mysql' ]; then mysqld --initialize-insecure fi - # Backup Vesta service vesta stop > /dev/null 2>&1 cp -r $VESTA/* $vst_backups/vesta > /dev/null 2>&1 @@ -644,18 +630,18 @@ fi # Install packages # #----------------------------------------------------------# -# Update system packages +# Updating system apt-get update -# Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz -echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d +# Disabling daemon autostart on apt-get install +echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d chmod a+x /usr/sbin/policy-rc.d -# Install apt packages +# Installing apt packages apt-get -y install $software check_result $? "apt-get install failed" -# Restore policy +# Restoring autostart policy rm -f /usr/sbin/policy-rc.d @@ -663,26 +649,28 @@ rm -f /usr/sbin/policy-rc.d # Configure system # #----------------------------------------------------------# -# Enable SSH password auth +# Enabling SSH password auth sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart -# Disable awstats cron +# Disabling AWStats cron rm -f /etc/cron.d/awstats # Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile -# Register /usr/sbin/nologin -echo "/usr/sbin/nologin" >> /etc/shells +# Registering /usr/sbin/nologin +if [ -z "$(grep nologin /etc/shells)" ]; then + echo "/usr/sbin/nologin" >> /etc/shells +fi -# NTP Synchronization +# Configuring NTP echo '#!/bin/sh' > /etc/cron.daily/ntpdate -echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s ntp.ubuntu.com" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate -ntpdate -s pool.ntp.org +ntpdate -s ntp.ubuntu.com -# Setup rssh +# Adding rssh if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then echo /usr/bin/rssh >> /etc/shells fi @@ -696,10 +684,9 @@ chmod 755 /usr/bin/rssh # Configure Vesta # #----------------------------------------------------------# - -# Downlading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -711,7 +698,7 @@ echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for Vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for Vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ @@ -726,7 +713,6 @@ chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta -chown admin:admin $VESTA/data/sessions chmod 770 $VESTA/data/sessions # Generating Vesta configuration @@ -817,25 +803,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Downloading firewall rules -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -857,6 +836,11 @@ chown root:mail $VESTA/ssl/* chmod 660 $VESTA/ssl/* rm /tmp/vst.pem +# Adding nologin as a valid system shell +if [ -z "$(grep nologin /etc/shells)" ]; then + echo "/usr/sbin/nologin" >> /etc/shells +fi + #----------------------------------------------------------# # Configure Nginx # @@ -864,12 +848,12 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults @@ -883,9 +867,9 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf - wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf - wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + cp -f $vestacp/apache2/apache2.conf /etc/apache2/ + cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ + cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl @@ -917,7 +901,7 @@ fi if [ "$phpfpm" = 'yes' ]; then pool=$(find /etc/php* -type d \( -name "pool.d" -o -name "*fpm.d" \)) - wget $vestacp/php-fpm/www.conf -O $pool/www.conf + cp -f $vestacp/php-fpm/www.conf $pool/ php_fpm=$(ls /etc/init.d/php*-fpm* |cut -f 4 -d /) ln -s /etc/init.d/$php_fpm /etc/init.d/php-fpm > /dev/null 2>&1 update-rc.d $php_fpm defaults @@ -935,7 +919,7 @@ if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done @@ -945,13 +929,17 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/ + touch /var/log/vsftpd.log + chown root:adm /var/log/vsftpd.log + chmod 640 /var/log/vsftpd.log + touch /var/log/xferlog + chown root:adm /var/log/xferlog + chmod 640 /var/log/xferlog update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" - # To be deleted after release 0.9.8-18 - echo "/sbin/nologin" >> /etc/shells fi @@ -961,7 +949,7 @@ fi if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" @@ -982,48 +970,62 @@ if [ "$mysql" = 'yes' ]; then fi # Configuring MySQL/MariaDB - wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf if [ "$release" != '16.04' ]; then mysql_install_db fi + if [ "$release" == '18.04' ]; then + mkdir /var/lib/mysql + chown mysql:mysql /var/lib/mysql + mysqld --initialize-insecure + fi update-rc.d mysql defaults service mysql start check_result $? "mysql start failed" # Securing MySQL/MariaDB installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "DELETE FROM mysql.user WHERE user='' OR password='';" mysql -e "FLUSH PRIVILEGES" # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + if [[ ${release:0:2} -ge 18 ]]; then + mysql < /usr/share/phpmyadmin/sql/create_tables.sql + p=$(grep dbpass /etc/phpmyadmin/config-db.php |cut -f 2 -d "'") + mysql -e "GRANT ALL ON phpmyadmin.* + TO phpmyadmin@localhost IDENTIFIED BY '$p'" + else + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ + fi chmod 777 /var/lib/phpmyadmin/tmp fi + #----------------------------------------------------------# # Configure PostgreSQL # #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + ppass=$(gen_pass) + cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phppgadmin.conf \ - -O /etc/apache2/conf.d/phppgadmin.conf + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1032,7 +1034,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/bind/named.conf -O /etc/bind/named.conf + cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf @@ -1058,9 +1060,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail - wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template - wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1093,12 +1095,19 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + if [[ ${release:0:2} -ge 18 ]]; then + cp -r /usr/local/vesta/install/debian/9/dovecot /etc/ + if [ -z "$(grep yes /etc/dovecot/conf.d/10-mail.conf)" ]; then + echo "namespace inbox {" >> /etc/dovecot/conf.d/10-mail.conf + echo " inbox = yes" >> /etc/dovecot/conf.d/10-mail.conf + echo "}" >> /etc/dovecot/conf.d/10-mail.conf + echo "first_valid_uid = 1000" >> /etc/dovecot/conf.d/10-mail.conf + echo "mbox_write_locks = fcntl" >> /etc/dovecot/conf.d/10-mail.conf + fi + else + cp -rf $vestacp/dovecot /etc/ + fi + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* update-rc.d dovecot defaults service dovecot start @@ -1113,11 +1122,11 @@ fi if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim - wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf + cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults service clamav-daemon start - check_result $? "clamav-daeom start failed" + check_result $? "clamav-daemon start failed" fi @@ -1143,33 +1152,53 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php - wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php - chmod 640 /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php - wget $vestacp/roundcube/vesta.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O \ - /etc/roundcube/plugins/password/config.inc.php - r="$(gen_pass)" - mysql -e "CREATE DATABASE roundcube" - mysql -e "GRANT ALL ON roundcube.* - TO roundcube@localhost IDENTIFIED BY '$r'" - sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + + if [[ ${release:0:2} -ge 18 ]]; then + r=$(grep dbpass= /etc/roundcube/debian-db.php |cut -f 2 -d "'") + sed -i "s/default_host.*/default_host'] = 'localhost';/" \ + /etc/roundcube/config.inc.php + sed -i "s/^);/'password');/" /etc/roundcube/config.inc.php + else + r="$(gen_pass)" + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ + sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + fi + if [ "$release" = '16.04' ]; then + # TBD: should be fixed in config repo mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php chmod 640 /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/debian-db-roundcube.php fi + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ + + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* + TO roundcube@localhost IDENTIFIED BY '$r'" mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql + + chmod 640 /etc/roundcube/debian-db* + chown root:www-data /etc/roundcube/debian-db* + touch /var/log/roundcube/errors + chmod 640 /var/log/roundcube/errors + chown www-data:adm /var/log/roundcube/errors + php5enmod mcrypt 2>/dev/null phpenmod mcrypt 2>/dev/null - service apache2 restart + if [ "$apache" = 'yes' ]; then + service apache2 restart + fi + if [ "$nginx" = 'yes' ]; then + service nginx restart + fi fi @@ -1178,10 +1207,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1219,7 +1245,7 @@ if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi @@ -1243,25 +1269,25 @@ fi # Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" # Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1310,11 +1336,8 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP -host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +host_ip=$(host $servername| head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi diff --git a/install/vst-install.sh b/install/vst-install.sh index 5589db79..aa9ecbf6 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -8,7 +8,8 @@ # RHEL 5, 6, 7 # CentOS 5, 6, 7 # Debian 7, 8 -# Ubuntu 12.04 - 16.10 +# Ubuntu 12.04 - 18.04 +# Amazon Linux 2017 # # Am I root? @@ -41,14 +42,10 @@ fi case $(head -n1 /etc/issue | cut -f 1 -d ' ') in Debian) type="debian" ;; Ubuntu) type="ubuntu" ;; + Amazon) type="amazon" ;; *) type="rhel" ;; esac -# Fallback to Ubuntu -if [ ! -e "/etc/redhat-release" ]; then - type='ubuntu' -fi - # Check wget if [ -e '/usr/bin/wget' ]; then wget http://vestacp.com/pub/vst-install-$type.sh -O vst-install-$type.sh diff --git a/src/deb/ioncube/control b/src/deb/ioncube/control index 13e08831..e8dcc311 100644 --- a/src/deb/ioncube/control +++ b/src/deb/ioncube/control @@ -1,7 +1,7 @@ Source: vesta-ioncube Package: vesta-ioncube Priority: optional -Version: 0.9.8-19 +Version: 0.9.8-26 Section: admin Maintainer: Serghey Rodin Homepage: https://www.ioncube.com diff --git a/src/deb/nginx/control b/src/deb/nginx/control index ae0e9102..2313022f 100644 --- a/src/deb/nginx/control +++ b/src/deb/nginx/control @@ -1,7 +1,7 @@ Source: vesta-nginx Package: vesta-nginx Priority: optional -Version: 0.9.8-19 +Version: 0.9.8-26 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/php/control b/src/deb/php/control index 0ce789dc..9bcbec41 100644 --- a/src/deb/php/control +++ b/src/deb/php/control @@ -1,7 +1,7 @@ Source: vesta-php Package: vesta-php Priority: optional -Version: 0.9.8-19 +Version: 0.9.8-26 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/softaculous/control b/src/deb/softaculous/control index f92a9545..121cebed 100644 --- a/src/deb/softaculous/control +++ b/src/deb/softaculous/control @@ -1,7 +1,7 @@ Source: vesta-softaculous Package: vesta-softaculous Priority: optional -Version: 0.9.8-19 +Version: 0.9.8-26 Section: admin Maintainer: Serghey Rodin Homepage: https://www.softaculous.com diff --git a/src/deb/vesta/control b/src/deb/vesta/control index 93d944f6..505b2797 100644 --- a/src/deb/vesta/control +++ b/src/deb/vesta/control @@ -1,7 +1,7 @@ Source: vesta Package: vesta Priority: optional -Version: 0.9.8-19 +Version: 0.9.8-26 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 2c539b1d..516df08b 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -20,8 +20,20 @@ if [ -x "/usr/local/vesta/upd/fix_sessions.sh" ]; then /usr/local/vesta/upd/fix_sessions.sh fi -if [ -e /usr/local/vesta/upd/fix_nginx_auth.sh ]; then +if [ -x /usr/local/vesta/upd/fix_nginx_auth.sh ]; then /usr/local/vesta/upd/fix_nginx_auth.sh fi +if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then + /usr/local/vesta/upd/fix_roundcube.sh +fi + +if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh +fi + +if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh +fi + exit 0 diff --git a/src/rpm/conf/nginx.conf b/src/rpm/conf/nginx.conf index f26da2a1..0a427f07 100644 --- a/src/rpm/conf/nginx.conf +++ b/src/rpm/conf/nginx.conf @@ -33,7 +33,7 @@ http { '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; - access_log /dev/null main; + access_log /usr/local/vesta/log/nginx-access.log main; # SSL PCI Compliance diff --git a/src/rpm/conf/php-fpm.conf b/src/rpm/conf/php-fpm.conf index 8a7d0bd5..d9a04795 100755 --- a/src/rpm/conf/php-fpm.conf +++ b/src/rpm/conf/php-fpm.conf @@ -1,468 +1,21 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -; All relative paths in this configuration file are relative to PHP's install -; prefix (/usr/local/vesta/php). This prefix can be dynamicaly changed by using the -; '-p' argument from the command line. - -; Include one or more files. If glob(3) exists, it is used to include a bunch of -; files from a glob(3) pattern. This directive can be used everywhere in the -; file. -; Relative path can also be used. They will be prefixed by: -; - the global prefix if it's been set (-p arguement) -; - /usr/local/vesta/php otherwise -;include=etc/fpm.d/*.conf - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - [global] -; Pid file -; Note: the default prefix is /usr/local/vesta/php/var -; Default Value: none pid = /var/run/vesta-php.pid +daemonize = yes -; Error log file -; If it's set to "syslog", log is sent to syslogd instead of being written -; in a local file. -; Note: the default prefix is /usr/local/vesta/php/var -; Default Value: log/php-fpm.log -;error_log = log/php-fpm.log - -; syslog_facility is used to specify what type of program is logging the -; message. This lets syslogd specify that messages from different facilities -; will be handled differently. -; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) -; Default Value: daemon -;syslog.facility = daemon - -; syslog_ident is prepended to every message. If you have multiple FPM -; instances running on the same server, you can change the default value -; which must suit common needs. -; Default Value: php-fpm -;syslog.ident = php-fpm - -; Log level -; Possible Values: alert, error, warning, notice, debug -; Default Value: notice -;log_level = notice - -; If this number of child processes exit with SIGSEGV or SIGBUS within the time -; interval set by emergency_restart_interval then FPM will restart. A value -; of '0' means 'Off'. -; Default Value: 0 -;emergency_restart_threshold = 0 - -; Interval of time used by emergency_restart_interval to determine when -; a graceful restart will be initiated. This can be useful to work around -; accidental corruptions in an accelerator's shared memory. -; Available Units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -;emergency_restart_interval = 0 - -; Time limit for child processes to wait for a reaction on signals from master. -; Available units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -;process_control_timeout = 0 - -; The maximum number of processes FPM will fork. This has been design to control -; the global number of processes when using dynamic PM within a lot of pools. -; Use it with caution. -; Note: A value of 0 indicates no limit -; Default Value: 0 -; process.max = 128 - -; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. -; Default Value: yes -;daemonize = yes - -; Set open file descriptor rlimit for the master process. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit for the master process. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Specify the event mechanism FPM will use. The following is available: -; - select (any POSIX os) -; - poll (any POSIX os) -; - epoll (linux >= 2.5.44) -; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) -; - /dev/poll (Solaris >= 7) -; - port (Solaris >= 10) -; Default Value: not set (auto detection) -; events.mechanism = epoll - -;;;;;;;;;;;;;;;;;;;; -; Pool Definitions ; -;;;;;;;;;;;;;;;;;;;; - -; Multiple pools of child processes may be started with different listening -; ports and different management options. The name of the pool will be -; used in logs and stats. There is no limitation on the number of pools which -; FPM can handle. Your system will tell you anyway :) - -; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the -; pool name ('www' here) [www] - -; Per pool prefix -; It only applies on the following directives: -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local/vesta/php) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. user = admin group = admin - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -;listen = 127.0.0.1:9000 listen = /var/run/vesta-php.sock - -; Set listen(2) backlog. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 listen.owner = admin listen.group = admin listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. pm.max_children = 5 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 3 -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: ouput header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp @@ -470,26 +23,6 @@ env[TMPDIR] = /tmp env[TEMP] = /tmp env[VESTA] = $VESTA env[LANG] = en_US.UTF-8 - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local/vesta/php) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument php_flag[display_errors] = off php_admin_value[error_log] = /usr/local/vesta/log/fpm-php.log php_admin_flag[log_errors] = on diff --git a/src/rpm/conf/php.ini b/src/rpm/conf/php.ini index 1d76b783..28dc539a 100644 --- a/src/rpm/conf/php.ini +++ b/src/rpm/conf/php.ini @@ -290,7 +290,7 @@ disable_classes = ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. -expose_php = On +expose_php = Off ;;;;;;;;;;;;;;;;;;; diff --git a/src/rpm/specs/vesta-ioncube.spec b/src/rpm/specs/vesta-ioncube.spec index cf183262..c3ac1187 100644 --- a/src/rpm/specs/vesta-ioncube.spec +++ b/src/rpm/specs/vesta-ioncube.spec @@ -1,6 +1,6 @@ Name: vesta-ioncube Version: 0.9.8 -Release: 19 +Release: 26 Summary: ionCube Loader Group: System Environment/Base License: "Freely redistributable without restriction" diff --git a/src/rpm/specs/vesta-nginx.spec b/src/rpm/specs/vesta-nginx.spec index 4546f506..f3250c9e 100644 --- a/src/rpm/specs/vesta-nginx.spec +++ b/src/rpm/specs/vesta-nginx.spec @@ -1,6 +1,6 @@ Name: vesta-nginx Version: 0.9.8 -Release: 19 +Release: 26 Summary: Vesta Control Panel Group: System Environment/Base License: BSD-like diff --git a/src/rpm/specs/vesta-php.spec b/src/rpm/specs/vesta-php.spec index 289dc50b..4272db6a 100644 --- a/src/rpm/specs/vesta-php.spec +++ b/src/rpm/specs/vesta-php.spec @@ -1,6 +1,6 @@ Name: vesta-php Version: 0.9.8 -Release: 19 +Release: 26 Summary: Vesta Control Panel Group: System Environment/Base License: GPL diff --git a/src/rpm/specs/vesta-softaculous.spec b/src/rpm/specs/vesta-softaculous.spec index f7a315bf..c094ae78 100644 --- a/src/rpm/specs/vesta-softaculous.spec +++ b/src/rpm/specs/vesta-softaculous.spec @@ -1,6 +1,6 @@ Name: vesta-softaculous Version: 0.9.8 -Release: 19 +Release: 26 Summary: Vesta Control Panel Group: System Environment/Base License: Softaculous License @@ -35,5 +35,8 @@ rm -rf %{buildroot} %config(noreplace) %{_vestadir}/conf %changelog +* Tue Nov 27 2018 Serghey Rodin - 0.9.8-24 +- New version 5.1.2 + * Mon Jul 21 2017 Serghey Rodin - 0.9.8-18 - Initial build for Softaculous 4.9.2 diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 1aca2549..904bdc4e 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -1,6 +1,6 @@ Name: vesta Version: 0.9.8 -Release: 19 +Release: 26 Summary: Vesta Control Panel Group: System Environment/Base License: GPL @@ -30,18 +30,30 @@ rm -rf %{buildroot} %post if [ $1 -ge 2 ]; then - if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then + if [ -x /usr/local/vesta/upd/add_sudo.sh ]; then /usr/local/vesta/upd/add_sudo.sh fi - if [ -e /usr/local/vesta/upd/add_notifications.sh ]; then + if [ -x /usr/local/vesta/upd/add_notifications.sh ]; then /usr/local/vesta/upd/add_notifications.sh fi - if [ -e /usr/local/vesta/upd/fix_sessions.sh ]; then + if [ -x /usr/local/vesta/upd/fix_sessions.sh ]; then /usr/local/vesta/upd/fix_sessions.sh fi - if [ -e /usr/local/vesta/upd/fix_nginx_auth.sh ]; then + if [ -x /usr/local/vesta/upd/fix_nginx_auth.sh ]; then /usr/local/vesta/upd/fix_nginx_auth.sh fi + if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then + /usr/local/vesta/upd/fix_roundcube.sh + fi + + if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh + fi + + if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh + fi + fi %files %{_vestadir} @@ -56,6 +68,32 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog +* Sat Sep 29 2019 Serghey Rodin - 0.9.8-26 +- Let's Encrypt HTTP/2 support + +* Thu Aug 15 2019 Serghey Rodin - 0.9.8-25 +- Security bugfixes +- LEv2 idn fix + +* Mon Apr 18 2019 Serghey Rodin - 0.9.8-24 +- Bugfixes +- Security patches +- LEv2 +- Server LE +- i18n updates + +* Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 +- Security fixes + +* Wed Jun 27 2018 Serghey Rodin - 0.9.8-22 +- Security fixes + +* Fri May 11 2018 Serghey Rodin - 0.9.8-21 +- Additional security fixes + +* Sun Apr 08 2018 Serghey Rodin - 0.9.8-20 +- Hardening password checks + * Wed Jan 10 2018 Serghey Rodin - 0.9.8-19 - Fixed backup restore function diff --git a/upd/add_notifications.sh b/upd/add_notifications.sh index 14b8590e..46974585 100755 --- a/upd/add_notifications.sh +++ b/upd/add_notifications.sh @@ -5,5 +5,4 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured File Manager. Plugin is available for purchase." 'filemanager' /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can purchase and enable SFTP Chroot" /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally available" -/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" - +/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-26" "This release adds support for Lets Encrypt HTTP/2. For more information please read release notes" diff --git a/upd/add_sudo.sh b/upd/add_sudo.sh index d65ee9d7..439e3515 100755 --- a/upd/add_sudo.sh +++ b/upd/add_sudo.sh @@ -3,7 +3,7 @@ if [ ! -e '/etc/sudoers.d/admin' ]; then if [ ! -d '/etc/sudoers.d' ]; then - mkidr /etc/sudoers.d + mkdir /etc/sudoers.d chmod 750 /etc/sudoers.d fi echo '# Created by vesta update-trigger' > /etc/sudoers.d/admin diff --git a/upd/fix_dhcprenew.sh b/upd/fix_dhcprenew.sh new file mode 100755 index 00000000..08e76f69 --- /dev/null +++ b/upd/fix_dhcprenew.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +if [ -e "/usr/bin/dhcprenew" ]; then + mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled + + # Notify admin via control panel + rm /usr/local/vesta/data/users/admin/notifications.conf + touch /usr/local/vesta/data/users/admin/notifications.conf + /usr/local/vesta/bin/v-add-user-notification admin \ + "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help." + + # Send email notification + send_mail="/usr/local/vesta/web/inc/mail-wrapper.php" + email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \') + if [ ! -z "$email" ]; then + echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\ + $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email + fi +fi + diff --git a/upd/fix_roundcube.sh b/upd/fix_roundcube.sh new file mode 100755 index 00000000..621ffd2f --- /dev/null +++ b/upd/fix_roundcube.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Locate roundcube directory +if [ -d '/etc/roundcube' ]; then + rc_dir='/etc/roundcube' +fi +if [ -d '/etc/roundcubemail' ]; then + rc_dir='/etc/roundcubemail' +fi + +if [ -z "$rc_dir" ]; then + exit +fi + +# Check for eval +cd $rc_dir +for config in $(grep eval *.php |cut -f1 -d:); do + sed -i '/eval/d' $config +done diff --git a/upd/limit_sudo.sh b/upd/limit_sudo.sh new file mode 100755 index 00000000..4f4ac924 --- /dev/null +++ b/upd/limit_sudo.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -e "/etc/sudoers.d/admin" ]; then + sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \ + /etc/sudoers.d/admin +fi diff --git a/web/add/cron/autoupdate/index.php b/web/add/cron/autoupdate/index.php index 53d50c05..90854d9b 100644 --- a/web/add/cron/autoupdate/index.php +++ b/web/add/cron/autoupdate/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var); $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled'); diff --git a/web/add/cron/reports/index.php b/web/add/cron/reports/index.php index 4b0424e3..197c5760 100644 --- a/web/add/cron/reports/index.php +++ b/web/add/cron/reports/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled'); unset($output); diff --git a/web/add/firewall/banlist/index.php b/web/add/firewall/banlist/index.php index 774421e6..a9f616a2 100644 --- a/web/add/firewall/banlist/index.php +++ b/web/add/firewall/banlist/index.php @@ -15,6 +15,12 @@ if ($_SESSION['user'] != 'admin') { // Check POST request if (!empty($_POST['ok'])) { + // Check token + if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { + header('location: /login/'); + exit(); + } + // Check empty fields if (empty($_POST['v_chain'])) $errors[] = __('banlist'); if (empty($_POST['v_ip'])) $errors[] = __('ip address'); diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 8746ed08..73f56b38 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -57,7 +57,7 @@ if (!empty($_POST['ok'])) { // Add IP if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var); check_return_code($return_var,$output); unset($output); $v_owner = $_POST['v_owner']; @@ -75,12 +75,12 @@ if (!empty($_POST['ok'])) { } // List network interfaces -exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-interfaces json", $output, $return_var); $interfaces = json_decode(implode('', $output), true); unset($output); // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); diff --git a/web/add/web/index.php b/web/add/web/index.php index e6448c91..d77b8f40 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -118,7 +118,7 @@ if (!empty($_POST['ok'])) { // Add web domain if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); + exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var); check_return_code($return_var,$output); unset($output); $domain_added = empty($_SESSION['error_msg']); @@ -126,7 +126,7 @@ if (!empty($_POST['ok'])) { // Add DNS domain if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -136,7 +136,7 @@ if (!empty($_POST['ok'])) { foreach ($aliases_arr as $alias) { if ($alias != "www.".$_POST['v_domain']) { $alias = escapeshellarg($alias); - exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -153,7 +153,7 @@ if (!empty($_POST['ok'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) { $ext = escapeshellarg($ext); - exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -195,7 +195,7 @@ if (!empty($_POST['ok'])) { } $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/api/index.php b/web/api/index.php index 97f08259..80f72b99 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -4,30 +4,66 @@ define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/'); if (isset($_POST['user']) || isset($_POST['hash'])) { // Authentication - $auth_code = 1; if (empty($_POST['hash'])) { - // Check user permission to use API if ($_POST['user'] != 'admin') { - echo 'Error: only admin is allowed to use API'; + echo 'Error: authentication failed'; exit; } - $v_user = escapeshellarg($_POST['user']); - $v_password = tempnam("/tmp","vst"); - $fp = fopen($v_password, "w"); - fwrite($fp, $_POST['password']."\n"); + $password = $_POST['password']; + $v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']); + $output = ''; + exec (VESTA_CMD."v-get-user-salt admin ".$v_ip." json" , $output, $return_var); + $pam = json_decode(implode('', $output), true); + $salt = $pam['admin']['SALT']; + $method = $pam['admin']['METHOD']; + + if ($method == 'md5' ) { + $hash = crypt($password, '$1$'.$salt.'$'); + } + if ($method == 'sha-512' ) { + $hash = crypt($password, '$6$rounds=5000$'.$salt.'$'); + $hash = str_replace('$rounds=5000','',$hash); + } + if ($method == 'des' ) { + $hash = crypt($password, $salt); + } + + // Send hash via tmp file + $v_hash = exec('mktemp -p /tmp'); + $fp = fopen($v_hash, "w"); + fwrite($fp, $hash."\n"); fclose($fp); - $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]); - exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code); - unlink($v_password); + + // Check user hash + exec(VESTA_CMD ."v-check-user-hash admin ".$v_hash." ".$v_ip, $output, $return_var); + unset($output); + + // Remove tmp file + unlink($v_hash); + + // Check API answer + if ( $return_var > 0 ) { + echo 'Error: authentication failed'; + exit; + } } else { $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']); if (file_exists($key) && is_file($key)) { - $auth_code = '0'; + exec(VESTA_CMD ."v-check-api-key ".escapeshellarg($key)." ".$v_ip, $output, $return_var); + unset($output); + + // Check API answer + if ( $return_var > 0 ) { + echo 'Error: authentication failed'; + exit; + } + } else { + $return_var = 1; } } - if ($auth_code != 0 ) { + if ( $return_var > 0 ) { echo 'Error: authentication failed'; exit; } diff --git a/web/delete/cron/autoupdate/index.php b/web/delete/cron/autoupdate/index.php index ad670ef0..a58064c0 100644 --- a/web/delete/cron/autoupdate/index.php +++ b/web/delete/cron/autoupdate/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var); $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled'); diff --git a/web/delete/cron/reports/index.php b/web/delete/cron/reports/index.php index af7df20f..10d422a8 100644 --- a/web/delete/cron/reports/index.php +++ b/web/delete/cron/reports/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled'); unset($output); diff --git a/web/edit/backup/exclusions/index.php b/web/edit/backup/exclusions/index.php index bbbb4b3e..f4b854b0 100644 --- a/web/edit/backup/exclusions/index.php +++ b/web/edit/backup/exclusions/index.php @@ -12,7 +12,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { } // List backup exclustions -exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php index c66ca85c..9f7ffb34 100644 --- a/web/edit/cron/index.php +++ b/web/edit/cron/index.php @@ -20,10 +20,10 @@ if (empty($_GET['job'])) { // List cron job $v_job = escapeshellarg($_GET['job']); -exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." json", $output, $return_var); check_return_code($return_var,$output); -$data = json_decode(implode('', str_replace("\\", "\\\\", $output)), true); +$data = json_decode(implode('', $output), true); unset($output); // Parse cron job diff --git a/web/edit/db/index.php b/web/edit/db/index.php index 21d394f0..232f6322 100644 --- a/web/edit/db/index.php +++ b/web/edit/db/index.php @@ -20,7 +20,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { // List datbase $v_database = escapeshellarg($_GET['database']); -exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-database ".$user." ".$v_database." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -42,6 +42,8 @@ if ( $v_suspended == 'yes' ) { $v_status = 'active'; } +$v_database = escapeshellarg($_GET['database']); + // Check POST request if (!empty($_POST['save'])) { $v_username = $user; diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php index 3c2e1e5c..b8cbc4db 100644 --- a/web/edit/dns/index.php +++ b/web/edit/dns/index.php @@ -52,7 +52,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { $v_domain = escapeshellarg($_GET['domain']); $v_record_id = escapeshellarg($_GET['record_id']); - exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -88,7 +88,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_dns = 'yes'; unset($output); @@ -97,7 +97,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain template if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -106,7 +106,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change SOA record if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) { $v_soa = escapeshellarg($_POST['v_soa']); - exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -115,7 +115,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change expiriation date if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) { $v_exp = escapeshellarg($_POST['v_exp']); - exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -123,7 +123,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain ttl if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) { $v_ttl = escapeshellarg($_POST['v_ttl']); - exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; diff --git a/web/edit/firewall/index.php b/web/edit/firewall/index.php index 18b4be4c..67e039d4 100644 --- a/web/edit/firewall/index.php +++ b/web/edit/firewall/index.php @@ -20,7 +20,7 @@ if (empty($_GET['rule'])) { // List rule $v_rule = escapeshellarg($_GET['rule']); -exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/ip/index.php b/web/edit/ip/index.php index b9eaa581..c7ec6d7a 100644 --- a/web/edit/ip/index.php +++ b/web/edit/ip/index.php @@ -20,7 +20,7 @@ if (empty($_GET['ip'])) { // List ip $v_ip = escapeshellarg($_GET['ip']); -exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-ip ".$v_ip." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -45,7 +45,7 @@ if ( $v_suspended == 'yes' ) { } // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); @@ -55,13 +55,13 @@ if (!empty($_POST['save'])) { // Change Status if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." dedicated", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_dedicated = 'yes'; } if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." shared", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_dedicated); diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php index 6c673118..e4451fc5 100644 --- a/web/edit/mail/index.php +++ b/web/edit/mail/index.php @@ -45,7 +45,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { $v_domain = escapeshellarg($_GET['domain']); $v_account = escapeshellarg($_GET['account']); - exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -70,9 +70,12 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { $v_date = $data[$v_account]['DATE']; $v_time = $data[$v_account]['TIME']; + $v_domain = escapeshellarg($_GET['domain']); + $v_account = escapeshellarg($_GET['account']); + // Parse autoreply if ( $v_autoreply == 'yes' ) { - exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $autoreply_str = json_decode(implode('', $output), true); unset($output); $v_autoreply_message = $autoreply_str[$v_account]['MSG']; @@ -228,7 +231,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($valiases, $aliases); foreach ($result as $alias) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { - exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -254,7 +257,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($vfwd, $fwd); foreach ($result as $forward) { if ((empty($_SESSION['error_msg'])) && (!empty($forward))) { - exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/edit/package/index.php b/web/edit/package/index.php index 763bfdf4..e8d4eddc 100644 --- a/web/edit/package/index.php +++ b/web/edit/package/index.php @@ -22,7 +22,7 @@ if (empty($_GET['package'])) { // List package $v_package = escapeshellarg($_GET['package']); -exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-package ".$v_package." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -203,7 +203,7 @@ if (!empty($_POST['save'])) { fclose($fp); // Save changes - exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var); + exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." yes", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -212,7 +212,7 @@ if (!empty($_POST['save'])) { unset($output); // Propogate new package - exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var); + exec (VESTA_CMD."v-update-user-package ".$v_package." json", $output, $return_var); check_return_code($return_var,$output); unset($output); diff --git a/web/edit/server/index.php b/web/edit/server/index.php index a505e214..0743ab17 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -78,20 +78,43 @@ foreach ($backup_types as $backup_type) { } } +// List ssl web domains +exec (VESTA_CMD."v-search-ssl-certificates json", $output, $return_var); +$v_ssl_domains = json_decode(implode('', $output), true); +//$v_vesta_certificate +unset($output); + // List ssl certificate info exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); -$ssl_str = json_decode(implode('', $output), true); +$v_sys_ssl_str = json_decode(implode('', $output), true); unset($output); -$v_ssl_crt = $ssl_str['VESTA']['CRT']; -$v_ssl_key = $ssl_str['VESTA']['KEY']; -$v_ssl_ca = $ssl_str['VESTA']['CA']; -$v_ssl_subject = $ssl_str['VESTA']['SUBJECT']; -$v_ssl_aliases = $ssl_str['VESTA']['ALIASES']; -$v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE']; -$v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER']; -$v_ssl_signature = $ssl_str['VESTA']['SIGNATURE']; -$v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY']; -$v_ssl_issuer = $ssl_str['VESTA']['ISSUER']; +$v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; +$v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; +$v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; +$v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; +$v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; +$v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; +$v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; +$v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; +$v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; +$v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + +// List mail ssl certificate info +if (!empty($_SESSION['VESTA_CERTIFICATE'])); { + exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var); + $v_mail_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; + $v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; + $v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; + $v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; + $v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; + $v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; + $v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; + $v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; + $v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; + $v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; +} // Check POST request if (!empty($_POST['save'])) { @@ -186,17 +209,58 @@ if (!empty($_POST['save'])) { // Update mysql pasword if (empty($_SESSION['error_msg'])) { if (!empty($_POST['v_mysql_password'])) { - exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-database-host-password mysql localhost root ".escapeshellarg($_POST['v_mysql_password']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; } } + + // Delete Mail Domain SSL certificate + if ((!isset($_POST['v_mail_ssl_domain_checkbox'])) && (!empty($_SESSION['MAIL_CERTIFICATE'])) && (empty($_SESSION['error_msg']))) { + unset($_SESSION['MAIL_CERTIFICATE']); + exec (VESTA_CMD."v-delete-sys-mail-ssl", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Updating Mail Domain SSL certificate + if ((isset($_POST['v_mail_ssl_domain_checkbox'])) && (isset($_POST['v_mail_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + if ((!empty($_POST['v_mail_ssl_domain'])) && ($_POST['v_mail_ssl_domain'] != $_SESSION['MAIL_CERTIFICATE'])) { + $v_mail_ssl_str = explode(":", $_POST['v_mail_ssl_domain']); + $v_mail_ssl_user = escapeshellarg($v_mail_ssl_str[0]); + $v_mail_ssl_domain = escapeshellarg($v_mail_ssl_str[1]); + exec (VESTA_CMD."v-add-sys-mail-ssl ".$v_mail_ssl_user." ".$v_mail_ssl_domain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + unset($v_mail_ssl_str); + + if (empty($_SESSION['error_msg'])) { + $_SESSION['MAIL_CERTIFICATE'] = $_POST['v_mail_ssl_domain']; + + // List SSL certificate info + exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var); + $v_mail_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; + $v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; + $v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; + $v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; + $v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; + $v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; + $v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; + $v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; + $v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; + $v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; + } + } + } + // Update webmail url if (empty($_SESSION['error_msg'])) { if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) { - exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value MAIL_URL ".escapeshellarg($_POST['v_mail_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_mail_adv = 'yes'; @@ -206,7 +270,7 @@ if (!empty($_POST['save'])) { // Update phpMyAdmin url if (empty($_SESSION['error_msg'])) { if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) { - exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL ".escapeshellarg($_POST['v_mysql_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; @@ -216,7 +280,7 @@ if (!empty($_POST['save'])) { // Update phpPgAdmin url if (empty($_SESSION['error_msg'])) { if ($_POST['v_pgsql_url'] != $_SESSION['DB_PGA_URL']) { - exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL ".escapeshellarg($_POST['v_pgsql_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; @@ -275,7 +339,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -292,7 +356,7 @@ if (!empty($_POST['save'])) { // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); unset($output); $v_backup_host = escapeshellarg($_POST['v_backup_host']); @@ -300,7 +364,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -322,7 +386,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -339,7 +403,7 @@ if (!empty($_POST['save'])) { // Delete remote backup host if (empty($_SESSION['error_msg'])) { if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = ''; @@ -352,24 +416,67 @@ if (!empty($_POST['save'])) { } } + + + // Delete WEB Domain SSL certificate + if ((!isset($_POST['v_web_ssl_domain_checkbox'])) && (!empty($_SESSION['VESTA_CERTIFICATE'])) && (empty($_SESSION['error_msg']))) { + unset($_SESSION['VESTA_CERTIFICATE']); + exec (VESTA_CMD."v-delete-sys-vesta-ssl", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Updating WEB Domain SSL certificate + if ((isset($_POST['v_web_ssl_domain_checkbox'])) && (isset($_POST['v_web_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + + if ((!empty($_POST['v_web_ssl_domain'])) && ($_POST['v_web_ssl_domain'] != $_SESSION['VESTA_CERTIFICATE'])) { + $v_web_ssl_str = explode(":", $_POST['v_web_ssl_domain']); + $v_web_ssl_user = escapeshellarg($v_web_ssl_str[0]); + $v_web_ssl_domain = escapeshellarg($v_web_ssl_str[1]); + exec (VESTA_CMD."v-add-sys-vesta-ssl ".$v_web_ssl_user." ".$v_web_ssl_domain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + + if (empty($_SESSION['error_msg'])) { + $_SESSION['VESTA_CERTIFICATE'] = $_POST['v_web_ssl_domain']; + + // List SSL certificate info + exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); + $v_sys_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; + $v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; + $v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; + $v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; + $v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; + $v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; + $v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; + $v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; + $v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; + $v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + } + } + } + + // Update SSL certificate - if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) { - if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) { + if ((!empty($_POST['v_sys_ssl_crt'])) && (empty($_POST['v_web_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + if (($v_sys_ssl_crt != str_replace("\r\n", "\n", $_POST['v_sys_ssl_crt'])) || ($v_sys_ssl_key != str_replace("\r\n", "\n", $_POST['v_sys_ssl_key']))) { exec ('mktemp -d', $mktemp_output, $return_var); $tmpdir = $mktemp_output[0]; // Certificate - if (!empty($_POST['v_ssl_crt'])) { + if (!empty($_POST['v_sys_ssl_crt'])) { $fp = fopen($tmpdir."/certificate.crt", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_sys_ssl_crt'])); fwrite($fp, "\n"); fclose($fp); } // Key - if (!empty($_POST['v_ssl_key'])) { + if (!empty($_POST['v_sys_ssl_key'])) { $fp = fopen($tmpdir."/certificate.key", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_sys_ssl_key'])); fwrite($fp, "\n"); fclose($fp); } @@ -378,20 +485,22 @@ if (!empty($_POST['save'])) { check_return_code($return_var,$output); unset($output); - // List ssl certificate info - exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); - $ssl_str = json_decode(implode('', $output), true); - unset($output); - $v_ssl_crt = $ssl_str['VESTA']['CRT']; - $v_ssl_key = $ssl_str['VESTA']['KEY']; - $v_ssl_ca = $ssl_str['VESTA']['CA']; - $v_ssl_subject = $ssl_str['VESTA']['SUBJECT']; - $v_ssl_aliases = $ssl_str['VESTA']['ALIASES']; - $v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE']; - $v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER']; - $v_ssl_signature = $ssl_str['VESTA']['SIGNATURE']; - $v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY']; - $v_ssl_issuer = $ssl_str['VESTA']['ISSUER']; + if (empty($_SESSION['error_msg'])) { + // List ssl certificate info + exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); + $v_sys_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; + $v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; + $v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; + $v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; + $v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; + $v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; + $v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; + $v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; + $v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; + $v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + } } } diff --git a/web/edit/web/index.php b/web/edit/web/index.php index edf29e9d..6c703e7d 100644 --- a/web/edit/web/index.php +++ b/web/edit/web/index.php @@ -36,7 +36,7 @@ $v_cgi = $data[$v_domain]['CGI']; $v_elog = $data[$v_domain]['ELOG']; $v_ssl = $data[$v_domain]['SSL']; if (!empty($v_ssl)) { - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -117,7 +117,7 @@ if (!empty($_POST['save'])) { // Change web domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_web = 'yes'; $restart_proxy = 'yes'; @@ -129,7 +129,8 @@ if (!empty($_POST['save'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var); unset($output); if ($return_var == 0 ) { - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + $v_ip = escapeshellarg($_POST['v_ip']); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -139,10 +140,12 @@ if (!empty($_POST['save'])) { // Change dns ip for each alias if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { foreach($valiases as $v_alias ){ - exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var); + $v_alias = escapeshellarg($v_alias); + exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_alias." json", $output, $return_var); unset($output); if ($return_var == 0 ) { - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var); + $v_ip = escapeshellarg($_POST['v_ip']); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_alias." ".$v_ip, $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -153,7 +156,7 @@ if (!empty($_POST['save'])) { // Change template (admin only) if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; @@ -173,7 +176,8 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -181,7 +185,7 @@ if (!empty($_POST['save'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -196,14 +200,15 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -223,7 +228,7 @@ if (!empty($_POST['save'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_proxy); @@ -240,7 +245,7 @@ if (!empty($_POST['save'])) { if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) { $ext = str_replace(', ', ",", $ext); if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template']; - exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); $v_proxy_ext = str_replace(',', ', ', $ext); unset($output); @@ -259,7 +264,7 @@ if (!empty($_POST['save'])) { $ext = str_replace(' ', ",", $ext); $v_proxy_ext = str_replace(',', ', ', $ext); } - exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_proxy = 'yes'; @@ -269,7 +274,7 @@ if (!empty($_POST['save'])) { if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if ( $v_ssl_home != $_POST['v_ssl_home'] ) { $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); $v_ssl_home = $_POST['v_ssl_home']; $restart_web = 'yes'; @@ -308,13 +313,13 @@ if (!empty($_POST['save'])) { fclose($fp); } - exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -338,7 +343,7 @@ if (!empty($_POST['save'])) { // Delete Lets Encrypt support if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -353,7 +358,7 @@ if (!empty($_POST['save'])) { // Delete SSL certificate if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -367,7 +372,7 @@ if (!empty($_POST['save'])) { // Add Lets Encrypt support if ((!empty($_POST['v_ssl'])) && ( $v_letsencrypt == 'no' ) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) { $l_aliases = str_replace("\n", ',', $v_aliases); - exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$l_aliases."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." ".escapeshellarg($l_aliases)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_letsencrypt = 'yes'; @@ -415,14 +420,14 @@ if (!empty($_POST['save'])) { fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); fclose($fp); } - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl = 'yes'; $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$_POST['v_domain']]['CRT']; diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php index ac5faa3a..cf4eef82 100644 --- a/web/file_manager/fm_api.php +++ b/web/file_manager/fm_api.php @@ -1,8 +1,8 @@ 'مخدم البريد الالكتروني', 'Antivirus' => 'مضاد الفيروسات', 'AntiSpam' => 'مضاد البريد المزعج سبام', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'رابط WebMail', 'MySQL Support' => 'دعم MySQL', 'phpMyAdmin URL' => 'رابط phpMyAdmin', diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php new file mode 100644 index 00000000..715043a0 --- /dev/null +++ b/web/inc/i18n/az.php @@ -0,0 +1,727 @@ + 'Paketlər', + 'IP' => 'IP', + 'Graphs' => 'Qrafiklər', + 'Statistics' => 'Statistikalar', + 'Log' => 'Log', + 'Server' => 'Server', + 'Services' => 'Servislər', + 'Firewall' => 'Firewall', + 'Updates' => 'Yeniləmələr', + 'Log in' => 'Hesab yarat', + 'Log out' => 'Çıxış', + 'USER' => 'İstifadəsi', + 'WEB' => 'Veb', + 'DNS' => 'DNS', + 'MAIL' => 'Poçt', + 'DB' => 'DB', + 'CRON' => 'CRON', + 'BACKUP' => 'NÜSXƏ', + 'LOGIN' => 'Giriş', + 'RESET PASSWORD' => 'Şifrəni sıfırlamaq', + 'SEARCH' => 'Axtar', + 'PACKAGE' => 'Paket', + 'RRD' => 'RRD', + 'STATS' => 'STATS', + 'LOG' => 'LOG', + 'UPDATES' => 'Yenilənmələr', + 'FIREWALL' => 'Firewall', + 'SERVER' => 'Server', + 'MEMORY' => 'Yaddaş', + 'DISK' => 'Disk', + 'NETWORK' => 'Şəbəkə', + 'Web Log Manager' => 'Veb loq menecer', + 'no notifications' => 'bildiriş yoxdur', + 'Add User' => 'İstifadəçi əlavə edin', + 'Add Domain' => 'Domen əlavə edin', + 'Add Web Domain' => 'Domen əlavə edin', + 'Add DNS Domain' => 'DNS domeni əlavə edin', + 'Add DNS Record' => 'DNS qeydləri əlavə edin', + 'Add Mail Domain' => 'E-poçt domeni əlavə edin', + 'Add Mail Account' => 'E-poçt hesabı əlavə edin', + 'Add Database' => 'Verilənlər bazası əlavə edin', + 'Add Cron Job' => 'Cron əlavə et', + 'Create Backup' => 'Nüsxə yarat', + 'Configure' => 'Konfiqurasiya', + 'Restore All' => 'Hamısını bərpa edin', + 'Add Package' => 'Paket əlavə edin', + 'Add IP' => 'IP əlavə edin', + 'Add Rule' => 'Qayda əlavə edin', + 'Ban IP Address' => 'IP ünvanını ban edin', + 'Search' => 'Axtar', + 'Add one more FTP Account' => 'FTP hesabı əlavə edin', + 'Overall Statistics' => 'Bütün statistikalar', + 'Daily' => 'Günlük', + 'Weekly' => 'Həftəlik', + 'Monthly' => 'Aylıq', + 'Yearly' => 'İllik', + 'Add' => 'Əlavə edin', + 'Back' => 'Ləğv edin', + 'Save' => 'Yadda saxla', + 'Submit' => 'Göndər', + 'toggle all' => 'Hamısını seç', + 'apply to selected' => 'Seçimi tətbiq edin', + 'rebuild' => 'Yenidən yarat', + 'rebuild web' => "Veb-in yenidən qurulması", + 'rebuild dns' => "DNS-in yenidən qurulması", + 'rebuild mail' => "E-poçt-un yenidən qurulması", + 'rebuild db' => "DB-nin yenidən qurulması", + 'rebuild cron' => "Cron-nun yenidən qurulması", + 'update counters' => 'Yeniləmə sayğacları', + 'suspend' => 'Dayandırın', + 'unsuspend' => 'Davam etdirin', + 'delete' => 'Sil', + 'show per user' => 'istifadəçiyə görə göstər', + 'login as' => 'GİRİŞ ET:', + 'logout' => 'Çıxış et', + 'edit' => 'redaktə et', + 'open webstats' => 'webstats aç', + 'view logs' => 'logları göstər', + 'list records' => '%s siyahı qeydiyyatı', + 'add record' => 'qeyd əlavə edin', + 'list accounts' => '%s hesabı sıyahıya alın', + 'add account' => 'hesap əlavə edin', + 'open webmail' => 'Vebpoçtu aç', + 'list fail2ban' => 'fail2ban siyahı alın', + 'open %s' => '%s aç', + 'download' => 'yüklə', + 'restore' => 'bərpa edin', + 'configure restore settings' => 'bərpa ayarlarını quraşdırın', + 'stop' => 'dayandırın', + 'start' => 'başlat', + 'restart' => 'yenidən başlat', + 'update' => 'yenilə', + 'generate' => 'yarat', + 'Generate CSR' => 'CSR yarat', + 'reread IP' => 'IP-ni yenidən oxu', + 'enable autoupdate' => 'AVTOMATIK YENİLƏNMƏNİ AKTİVLƏŞDİR', + 'disable autoupdate' => 'AVTOMATİK YENİLƏNMƏNİ SÖNDÜR', + 'turn on notifications' => 'xəbərdarlıqları açın', + 'turn off notifications' => 'xəbərdarlıqları bağlayın', + 'configure' => 'ayalar', + 'Adding User' => 'İstifadəçi əlavə edin', + 'Editing User' => 'İstifadəçi redaktə edin', + 'Adding Domain' => 'Domen əlavə edin', + 'Editing Domain' => 'Domen redaktə edin', + 'Adding DNS Domain' => 'DNS domeni əlavə edin', + 'Editing DNS Domain' => 'DNS domeni redaktə edin', + 'Adding DNS Record' => 'DNS qeyd əlavə edin', + 'Editing DNS Record' => 'DNS qeydi redaktə edin', + 'Adding Mail Domain' => 'E-poçt domen əlavə edin', + 'Editing Mail Domain' => 'E-poçt domen redaktə edin', + 'Adding Mail Account' => 'E-poçt əlavə edin', + 'Editing Mail Account' => 'E-poçt hesabını redaktə edin', + 'Adding database' => 'Verilənlər bazası əlavə edin', + 'Editing Cron Job' => 'Cron-u redaktə et', + 'Adding Cron Job' => 'Cron əlavə etmək', + 'Editing Database' => 'Verilənlər bazasını redaktə edin', + 'Adding Package' => 'Paket əlavə edin', + 'Editing Package' => 'Paketi redaktə edin', + 'Adding IP address' => 'IP ünvanı əlavə edin', + 'Editing IP Address' => 'IP ünvamını redaktə edin', + 'Editing Backup Exclusions' => 'Nüsxələmə istisnalarını redaktə edin', + 'Generating CSR' => 'CSR yaratma', + 'Listing' => 'Siyahılama', + 'Search Results' => 'Axtarış nəticələri', + 'Adding Firewall Rule' => 'Təhlükəsizlik divarı qaydası əlavə edin', + 'Editing Firewall Rule' => 'Təhlükəsizlik divarı qaydasını redaktə edin', + 'Adding IP Address to Banlist' => 'Ban siyahısına IP ünvanı əlavə edin', + 'active' => 'aktiv', + 'spnd' => 'söndürülmüş', + 'suspended' => 'söndürülmüş', + 'running' => 'işləyir', + 'stopped' => 'dayandı', + 'outdated' => 'köhnəlmiş', + 'updated' => 'yenilənmiş', + 'yes' => 'bəli', + 'no' => 'xeyir', + 'none' => 'heç biri', + 'pb' => 'pb', + 'tb' => 'tb', + 'gb' => 'gb', + 'mb' => 'mb', + 'minute' => 'dəqiqə', + 'hour' => 'saat', + 'day' => 'gün', + 'days' => 'günlər', + 'hours' => 'saat', + 'minutes' => 'dəqiqə', + 'month' => 'ay', + 'package' => 'paket', + 'Bandwidth' => 'Traffik', + 'Disk' => 'Disk', + 'Web' => 'Veb', + 'Mail' => 'E-poçt', + 'Databases' => 'Verilənlər bazası', + 'User Directories' => 'İstifadəçi qovluqları', + 'Template' => 'Şablon', + 'Web Template' => 'Veb Şablonu', + 'Backend Template' => 'Backend şablonu', + 'Proxy Template' =>'Proxy şablonu', + 'DNS Template' => 'DNS şablonu', + 'Web Domains' => 'Veb domenləri', + 'SSL Domains' => 'SSL domenləri', + 'Web Aliases' => 'Veb aliasları', + 'per domain' => 'domen başına', + 'DNS Domains' => 'DNS domen adları', + 'DNS domains' => 'DNS domen adları', + 'DNS records' => 'DNS qeydləri', + 'Name Servers' => 'Neymserverlər', + 'Mail Domains' => 'E-poçt domenləri', + 'Mail Accounts' => 'E-poçt hesabları', + 'Cron Jobs' => 'Cron-lar', + 'SSH Access' => 'SSH giriş', + 'IP Address' => 'IP ünvan', + 'IP Addresses' => 'IP ünvanları', + 'Backups' => 'Nüsxələr', + 'Backup System' => 'Nüsxələmə sistemi', + 'backup exclusions' => 'NÜSXƏLƏMƏ İSTİSNALARI', + 'template' => 'şablon', + 'SSL Support' => 'SSL dəstək', + 'SSL Home Directory' => 'SSL Ana qovluğu', + 'Lets Encrypt Support' => 'Lets Encrypt dəstəyi', + 'Lets Encrypt' => 'Şifrələ', + 'Your certificate will be automatically issued in 5 minutes' => 'Sənədiniz avtomatik olaraq 5 dəqiqə ərzində veriləcək', + 'Proxy Support' => 'Proxy dəstəyi', + 'Proxy Extensions' => 'Proxy əlavələri', + 'Web Statistics' => 'Veb statistikaları', + 'Additional FTP Account' => 'Əlavə FTP hesabı', + 'Path' => 'Path', + 'SOA' => 'SOA', + 'TTL' => 'TTL', + 'Expire' => 'Sona çatdırın', + 'Records' => 'Qeydlər', + 'Serial' => 'Seriya', + 'Catchall email' => 'Catchall e-poçt', + 'AntiVirus Support' => 'AntiVirus dəstəyi', + 'AntiSpam Support' => 'AntiSpam dəstəyi', + 'DKIM Support' => 'DKIM dəstəyi', + 'Accounts' => 'Hesablar', + 'Quota' => 'Norma', + 'Autoreply' => 'Avtomatik cavab', + 'Forward to' => 'Buraya yönləndir', + 'Do not store forwarded mail' => 'Göndərilən poçtu saxlamayın', + 'IMAP hostname' => 'IMAP hostname', + 'IMAP port' => 'IMAP port', + 'IMAP security' => 'IMAP təhlükəsizlik', + 'IMAP auth method' => 'IMAP auth metodu', + 'SMTP hostname' => 'SMTP hostname', + 'SMTP port' => 'SMTP port', + 'SMTP security' => 'SMTP təhlükəsizlik', + 'SMTP auth method' => 'SMTP auth metodu', + 'STARTTLS' => 'STARTTLS', + 'Normal password' => 'Normal şifrə', + 'database' => 'verilənələr bazası', + 'User' => 'İstifadəçi', + 'Host' => 'Host', + 'Charset' => 'Kodlaşdırma', + 'Min' => 'Dəq', + 'Hour' => 'Saat', + 'Day' => 'Gün', + 'Month' => 'Ay', + 'Day of week' => 'Həftənin günü', + 'local' => 'yerli', + 'Run Time' => 'İşləmə müddəti', + 'Backup Size' => 'Nüsxə ölçüsü', + 'SYS' => 'SYS', + 'Domains' => 'Domenlər', + 'Status' => 'Status', + 'shared' => 'paylaşılan', + 'dedicated' => 'həsr olunan', + 'Owner' => 'Sahib', + 'Users' => 'İstifadəçilər', + 'Load Average' => 'Sistem yükü', + 'Memory Usage' => 'Yaddaşın istifadəsi', + 'APACHE2 Usage' => 'APACHE2 istifadəsi', + 'HTTPD Usage' => 'HTTPD istifadəsi', + 'NGINX Usage' => 'NGINX istifadəsi', + 'MySQL Usage on localhost' => 'Localhost üzərindəki MySQL istifadəsi', + 'PostgreSQL Usage on localhost' => 'Localhost üzərindəki PostgreSQL istifadəsi', + 'Bandwidth Usage eth0' => 'eth0 traffik istifadəsi', + 'Bandwidth Usage eth1' => 'eth1 traffik istifadəsi', + 'Exim Usage' => 'Exim istifadəsi', + 'FTP Usage' => 'FTP istifadəsi', + 'SSH Usage' => 'SSH istifadəsi', + 'reverse proxy' => 'geri proksi', + 'web server' => 'veb server', + 'dns server' => 'dns server', + 'mail server' => 'e-poçt serve', + 'pop/imap server' => 'pop/imap server', + 'email antivirus' => 'e-poçt antivirus', + 'email antispam' => 'e-poçt antispam', + 'database server' => 'database server', + 'ftp server' => 'ftp server', + 'job scheduler' => 'job planlaşdırma', + 'firewall' => 'firewall', + 'brute-force monitor' => 'brute-force monitor', + 'CPU' => 'CPU', + 'Memory' => 'Yaddaş', + 'Uptime' => 'Uptime', + 'core package' => 'əsas paket', + 'php interpreter' => 'php tərcüməçi', + 'internal web server' => 'daxili veb server', + 'Version' => 'Versiya', + 'Release' => 'Buraxın', + 'Architecture' => 'Memarlıq', + 'Object' => 'Obyekt', + 'Username' => 'İstifadəçi adı', + 'Password' => 'Şifrə', + 'Email' => 'E-poçt', + 'Package' => 'Paket', + 'Language' => 'Dil', + 'First Name' => 'Ad', + 'Last Name' => 'Soyad', + 'Send login credentials to email address' => 'Giriş məlumatlarını ünvanlarını e-poçt ünvanına göndərin', + 'Default Template' => 'Default şablon', + 'Default Name Servers' => 'Default neymserver', + 'Domain' => 'Domen', + 'DNS Support' => 'DNS dəstəyi', + 'Mail Support' => 'E-poçt dəstəyi', + 'Advanced options' => 'TƏKMİLLƏŞMİŞ SEÇİMLƏR', + 'Basic options' => 'Əsas seçimlər', + 'Aliases' => 'Ləqəblər (Alias)', + 'SSL Certificate' => 'SSL sertifikatı', + 'SSL Key' => 'SSL açarı (Key)', + 'SSL Certificate Authority / Intermediate' => 'SSL sertifikat eyniləşdirməsi / köməkçi)', + 'SSL CSR' => 'SSL CSR', + 'optional' => 'istəyə bağlı', + 'internal' => 'daxili', + 'Statistics Authorization' => 'Statistikanın avtorizasiyası', + 'Statistics Auth' => 'Statistika eyniləşdirməsi', + 'Account' => 'Hesab', + 'Prefix will be automaticaly added to username' => 'Prefiks avtomatik olaraq istifadəçi adına əlavə olunacaq', + 'Send FTP credentials to email' => 'FTP məlumatlarını e-poçt ile göndər', + 'Expiration Date' => 'Bitmə tarixi', + 'YYYY-MM-DD' => 'YYYY-AA-GG', + 'Name servers' => 'Neymserverlər', + 'Record' => 'Qeydiyyat', + 'IP or Value' => 'IP və ya qiymət', + 'Priority' => 'Prioritet', + 'Record Number' => 'Qeydiyyat sayı', + 'in megabytes' => 'megabayt olaraq', + 'Message' => 'Mesaj', + 'use local-part' => 'local-part istifadə et', + 'one or more email addresses' => 'bir və ya daha çox e-poçt ünvanı', + 'Prefix will be automaticaly added to database name and database user' => 'Prefiks avtomatik olaraq verilənlər bazası adı və verilənlər bazası istifadəçisinə əlavə olunacaq', + 'Database' => 'Verilənlər bazası', + 'Type' => 'Tip', + 'Minute' => 'Dəqiqə', + 'Command' => 'Əmr', + 'Package Name' => 'Paket adı', + 'Netmask' => 'Netmask', + 'Interface' => 'İnterfeys', + 'Shared' => 'Paylaşılan', + 'Assigned user' => 'Təyin edilən istifadəçi', + 'Assigned domain' => 'Təyin edilən domen', + 'NAT IP association' => 'NAT IP assosiasiyası', + 'shell' => 'shell', + 'web domains' => 'Veb domenləri', + 'web aliases' => 'veb ləqəblər', + 'dns records' => 'dns qeydləri', + 'mail domains' => 'mail domenləri', + 'mail accounts' => 'mail hesabları', + 'accounts' => 'hesablar', + 'databases' => 'verilənlər bazası', + 'cron jobs' => 'Cron tapşırıqları', + 'backups' => 'nüsxələr', + 'quota' => 'kvota', + 'day of week' => 'həftənin günü', + 'cmd' => 'cmd', + 'users' => 'istifadəçilər', + 'domains' => 'domenlər', + 'aliases' => 'aliases', + 'records' => 'qeydlər', + 'jobs' => 'işlər', + 'username' => 'istifadəçi adı', + 'password' => 'şifrə', + 'type' => 'tip', + 'charset' => 'kodlaşdırma', + 'domain' => 'domen', + 'ip' => 'ip', + 'ip address' => 'ip ünvanı', + 'IP address' => 'IP ünvanı', + 'netmask' => 'netmask', + 'interface' => 'interfeys', + 'assigned user' => 'təyin edilən istifadəçi', + 'ns1' => 'ns1', + 'ns2' => 'ns2', + 'user' => 'istifadəçi', + 'email' => 'e-poçt', + 'first name' => 'ad', + 'last name' => 'soyad', + 'account' => 'hesab', + 'ssl certificate' => 'ssl sertifikatı', + 'ssl key' => 'ssl açarı (key)', + 'stats user password' => 'statistik istifadəçi sifrəsi', + 'stats username' => 'statistik istifadəçi adı', + 'stats password' => 'statistik şifrəsi', + 'ftp user password' => 'ftp istifadəçi şifrəsi', + 'ftp user' => 'ftp istifadəçisi', + 'Last 70 lines of %s.%s.log' => '%s.%s.log faylının son 70 sətri', + 'AccessLog' => 'AccessLog', + 'ErrorLog' => 'ErrorLog', + 'Download AccessLog' => 'AccessLog yüklə', + 'Download ErrorLog' => 'ErrorLog yüklə', + 'Country' => 'Ölkə', + '2 letter code' => '2 hərf kodu', + 'State / Province' => 'Dövlət / Əyalət', + 'City / Locality' => 'Şəhər / Yerləşmə', + 'Organization' => 'Orqanizasiya', + 'Action' => 'Fəaliyyət', + 'Protocol' => 'Protokol', + 'Port' => 'Port', + 'Comment' => 'Rəy', + 'Banlist' => 'Ban siyahısı', + 'ranges are acceptable' => 'qəbul edilə bilən aralıqlar', + 'CIDR format is supported' => 'CIDR versiyasını dəstəkləyir', + 'ACCEPT' => 'ACCEPT', + 'DROP' => 'DROP', + 'TCP' => 'TCP', + 'UDP' => 'UDP', + 'ICMP' => 'ICMP', + 'SSH' => 'SSH', + 'FTP' => 'FTP', + 'VESTA' => 'VESTA', + 'Add one more Name Server' => 'Neymserver əlavə edin', + 'web domain' => 'veb domen', + 'dns domain' => 'dns domen', + 'dns record' => 'dns qeyd', + 'mail domain' => 'mail domen', + 'mail account' => 'mail hesabı', + 'cron job' => 'cron işi', + 'cron' => 'cron', + 'user dir' => 'istifadəçidir', + 'unlimited' => 'limitsiz', + '1 account' => '1 hesab', + '%s accounts' => '%s hesab', + '1 domain' => '1 alan adı', + '%s domains' => '%s alan adı', + '1 record' => '1 kayıt', + '%s records' => '%s kayıt', + '1 mail account' => '1 mail hesabı', + '%s mail accounts' => '%s mail hesabı', + '1 database' => '1 verilənlər bazası', + '%s databases' => '%s verilənlər bazası', + '1 cron job' => '1 zamanlanmış tapşırıq', + '%s cron jobs' => '%s zamanlanmış tapşırıq', + '1 archive' => '1 arxiv', + '%s archives' => '%s arxiv', + '1 item' => '1 maddə', + '%s items' => '%s maddələr', + '1 package' => '1 paket', + '%s packages' => '%s paket', + '1 IP address' => '1 IP ünvanı', + '%s IP addresses' => '%s IP ünvanı', + '1 month' => '1 ay', + '%s months' => '%s ay', + '1 log record' => '1 log qeydi', + '%s log records' => '%s log qeydi', + '1 object' => '1 obyekt', + '%s objects' => '%s obyekt', + 'no exclusions' => 'istisna yoxdur', + '1 rule' => '1 qayda', + '%s rules' => '%s qayda', + 'There are no currently banned IP' => 'Hazırda ban edilmiş İP yoxdur', + 'USER_CREATED_OK' => '%s istifadəşisi uğurla yaradıldı.', + 'WEB_DOMAIN_CREATED_OK' => '%s domen uğurla yaradıldı.', + 'DNS_DOMAIN_CREATED_OK' => '%s DNS domen uğurla yaradıldı.', + 'DNS_RECORD_CREATED_OK' => '%s.%s qeydi uğurla yaradıldı.', + 'MAIL_DOMAIN_CREATED_OK' => '%s əsas domen uğurla yaradıldı', + 'MAIL_ACCOUNT_CREATED_OK' => '%s@%s e-poçt hesabı uğurla yaradıldı', + 'DATABASE_CREATED_OK' => '%s verilənlər bazası uğurla yaradıldı.', + 'CRON_CREATED_OK' => 'Zamanlanmış tapşırıq uğurla yaradıldı.', + 'IP_CREATED_OK' => '%s ip ünvanı uğurla yaradıldı.', + 'PACKAGE_CREATED_OK' => '%s paketi uğurla yaradıldı.', + 'SSL_GENERATED_OK' => 'Sertifikart uğurla yaradıldı.', + 'RULE_CREATED_OK' => 'Qayda uğurla yaradıldı.', + 'BANLIST_CREATED_OK' => 'IP ünvan müvəffəqiyyətlə qadağan edildi', + 'Autoupdate has been successfully enabled' => 'Avtomatik yenilənmə uğurla aktivləşdirildi', + 'Autoupdate has been successfully disabled' => 'Avtomatik yenilənmə uğurla söndürüldü', + 'Cronjob email reporting has been successfully enabled' => 'Zamanlanmış tapşırıq e-poçt hesabatı uğurla aktivləşdirildi', + 'Cronjob email reporting has been successfully disabled' => 'Zamanlanmış tapşırıq e-poçt hesabatı uğurla dayandırıldı', + 'Changes has been saved.' => 'Dəyişikliklər yadda saxlanıldı.', + 'Confirmation' => 'Təsdiqləmə', + 'DELETE_USER_CONFIRMATION' => '%s istifadəçisini silmək istədiyinizə əminsinizmi?', + 'SUSPEND_USER_CONFIRMATION' => '%s istifadəçisini qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_USER_CONFIRMATION' => '%s istifadəçisini davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_DOMAIN_CONFIRMATION' => '%s domeni silmək istədiyinizə əminsinizmi?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '%s domeni qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '%s domeni davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_RECORD_CONFIRMATION' => '%s qeydi silmək istədiyinizə əminsinizmi?', + 'SUSPEND_RECORD_CONFIRMATION' => '%s qeydi qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '%s qeydi davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_DATABASE_CONFIRMATION' => '%s verilənlər bazasını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_DATABASE_CONFIRMATION' => '%s verilənlər bazasını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '%s verilənlər bazasını davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı silmək istədiyinizə əminsinizmi?', + 'SUSPEND_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_BACKUP_CONFIRMATION' => '%s nüsxəsini silmək istədiyinizə əminsinizmi?', + 'DELETE_EXCLUSION_CONFIRMATION' => '%s nüsxələmə qaydasını silmək istədiyinizə əminsinizmi?', + 'DELETE_PACKAGE_CONFIRMATION' => '%s paketini silmək istədiyinizə əminsinizmi?', + 'DELETE_IP_CONFIRMATION' => '%s IP ünvanı silmək istədiyinizə əminsinizmi?', + 'DELETE_RULE_CONFIRMATION' => '#%s qaydasını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_RULE_CONFIRMATION' => '#%s qaydasını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_RULE_CONFIRMATION' => '#%s qaydasını davam etdirmək istədiyinizə əminsinizmi?', + 'LEAVE_PAGE_CONFIRMATION' => 'Səhifəni tərk edirsiniz?', + 'RESTART_CONFIRMATION' => '%s yenidən başladılacaq.əstiqləyirsiniz?', + 'Welcome' => 'XOŞ GƏLDİNİZ', + 'LOGGED_IN_AS' => '%s istifadəçisi olaraq daxil oldunuz', + 'Error' => 'Xəta', + 'Invalid username or password' => 'Doğru olmayan istifadəçi adı və ya şifrə', + 'Invalid username or code' => 'Doğru olmayan istifadəçi adı və ya kod', + 'Passwords not match' => 'Şifrələr uyğun deyil', + 'Please enter valid email address.' => 'Lütfən doğru e-poçt ünvanı daxil edin.', + 'Field "%s" can not be blank.' => '"%s" sahəni boş saxlaya bilməzsiniz.', + 'Password is too short.' => 'Şifrə çox qısadır (minimum 6 simvol)', + 'Error code:' => 'Xəta kodu: %s', + 'SERVICE_ACTION_FAILED' => '"%s" "%s" uğursuz oldu', + 'IP address is in use' => 'IP ünvanı istifadədədir', + 'BACKUP_SCHEDULED' => 'Tapşırıq uğurla əlavə edildi. Nüsxə yüklənildiyi zaman xəbərdarlıq e-poçtu alacaqsınız.', + 'BACKUP_EXISTS' => 'Artıq nüsxələmə əməliyyatı davam edir. Yenidən yaratmaq üçün bunun bitməsini gözləyin.', + 'RESTORE_SCHEDULED' => 'Tapşırıq sıraya əlavə edildi. Nüsxə yüklənildiyi zaman xəbərdarlıq e-poçtu alacaqsınız.', + 'RESTORE_EXISTS' => 'Artıq restovrasiya əməliyyatı davam edir. Bunu işlətmək üçün lütfən əvvəlki əməliyyatın bitməsiniz gözləyin.', + 'WEB_EXCLUSIONS' => 'Hər sətrə bir domen əlavə yazın. Bütün domenlər xaric etmək üçün * istifadə edin. Xüsusi qovluq üçün bu formatda yazın: domain.com:public_html/cache:public_html/tmp', + 'DNS_EXCLUSIONS' => 'Hər sətrə bi domen əlavə edin. Bütün domenləri xaric etmək üçün * istifadə edin', + 'MAIL_EXCLUSIONS' => 'Hər sətrə bi domen əlavə edin. Bütün domenləri xaric etmək üçün * istifadə edin. Xüsusi hesab təyin etmək üçün bu formatda yazın: domain.com:info:destek:postmaster', + 'DB_EXCLUSIONS' => 'Hər sətrə bir verilənlər bazası əlavə edin. Hamısı üçün * istifadə edin. ', + 'CRON_EXCLUSIONS' => 'Bütün zamanlanmış tapşırıqları xaric etmək üçün * istifadə edin', + 'USER_EXCLUSIONS' => 'Hər sətrə bir qovluq əlavə edin. Bütün versiyaları xaric etmək üçün * istifadə edin', + 'Welcome to Vesta Control Panel' => 'Vesta nəzarət panelinə xoş gəldiniz', + 'MAIL_FROM' => 'Vesta Nəzarət Paneli ', + 'GREETINGS_GORDON_FREEMAN' => "Hər vaxtınız xeyir, %s %s,\n", + 'GREETINGS' => "Hər vaxtınız xeyir,\n", + 'ACCOUNT_READY' => "Hesabınız uğurla yaradıldı və istifadəyə hazırdır.\n\nhttps://%s/login/\nİstifadəçi adı: %s\nŞifrə: %s\n\n--\nVesta Nəzarət Paneli\n", + 'FTP login credentials' => 'FTP giriş məlumatları', + 'FTP_ACCOUNT_READY' => "FTP hesabı uğurla yaradıldı və istifadə hazırdır.\n\nHostname: %s\nİstifadəçi adı: %s_%s\nŞifrə: %s\n\n--\nVesta Control Panel\n", + 'Database Credentials' => 'Veritabanı Bilgileri', + 'DATABASE_READY' => "Verilənlər bazası yaradıldı.\n\Verilənlər bazsı: %s\nİstifadəçi: %s\Şifrə: %s\n%s\n\n--\nVesta Nəzarət Paneli\n", + 'forgot password' => 'Şifrəmi unutdum', + 'Confirm' => 'Təstiqlə', + 'New Password' => 'Yeni şifrə', + 'Confirm Password' => 'Şifrəni təstiqlə', + 'Reset' => 'Sıfırla', + 'Reset Code' => 'Sıfırlama Kodu', + 'RESET_NOTICE' => '', + 'RESET_CODE_SENT' => 'Şifrə sıfırlama kodu e-poçt ünvanınıza göndərildi.
', + 'MAIL_RESET_SUBJECT' => 'Şifrə sıfırlama - %s', + 'PASSWORD_RESET_REQUEST' => "Şifrənizi sıfırlamaq üçün lütfən linki izləyin:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\Alternativ olaraq https://%s/reset/?action=code&user=%s linkinə klik edib davamına bu reset kodunuzu daxil edə bilərsiniz:\n%s\n\nƏgər şifrə sıfırlama istəyiniz olmayıbsa lütfən mesajı yox sayın və üzrümüzü qəbul edin.\n\n--\nVesta Nəzarət Mərkəzi\n", + 'Jan' => 'Yan', + 'Feb' => 'Fev', + 'Mar' => 'Mar', + 'Apr' => 'Apr', + 'May' => 'May', + 'Jun' => 'İyn', + 'Jul' => 'İyl', + 'Aug' => 'Avq', + 'Sep' => 'Sent', + 'Oct' => 'Okt', + 'Nov' => 'Noy', + 'Dec' => 'Dek', + 'Configuring Server' => 'Server ayarlanması', + 'Hostname' => 'Hostname', + 'Time Zone' => 'Vaxt qurşağı', + 'Default Language' => 'Default dil', + 'Proxy Server' => 'Proxy server', + 'Web Server' => 'Veb server', + 'Backend Server' => 'Backend Server', + 'Backend Pool Mode' => 'Backend pul rejimi', + 'DNS Server' => 'DNS server', + 'DNS Cluster' => 'DNS Cluster', + 'MAIL Server' => 'MAIL Server', + 'Antivirus' => 'Antivirus', + 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', + 'Webmail URL' => 'Vebmail URL', + 'MySQL Support' => 'MySQL dəstək', + 'phpMyAdmin URL' => 'phpMyAdmin URL', + 'PostgreSQL Support' => 'PostgreSQL dəstəyi', + 'phpPgAdmin URL' => 'phpPgAdmin URL', + 'Maximum Number Of Databases' => 'Verilənlər bazasının maksimum sayı', + 'Current Number Of Databases' => 'Current Number Of Databases', + 'Local backup' => 'Yerli backup', + 'Compression level' => 'Sıxılma səviyyəsi', + 'Directory' => 'Kataloq', + 'Remote backup' => 'Uzaqdan backup', + 'ftp' => 'FTP', + 'sftp' => 'SFTP', + 'SFTP Chroot' => 'SFTP Chroot', + 'FileSystem Disk Quota' => 'FaylSistemi disk kvotası', + 'Vesta Control Panel Plugins' => 'Vesta Nəzarət Paneli əlavələri', + 'preview' => 'Ön görünüş', + 'Reseller Role' => 'Reseller rolu', + 'Web Config Editor' => 'Veb Konfiqurasiya redaktoru', + 'Template Manager' => 'Şablon idarəçisi', + 'Backup Migration Manager' => 'Nüsxələmə miqrasiya idarəçisi', + 'FileManager' => 'Faylİdarəçisi', + 'show: CPU / MEM / NET / DISK' => 'göstər: CPU / BEL / ŞƏ / DISK', + 'sort by' => 'sıralama ölçüsü', + 'Date' => 'Tarix', + 'Starred' => 'Ulduzlu', + 'Name' => 'Ad', + 'save to favorites' => 'Sevimlilərə əlavə edin', + 'File Manager' => 'Fayl İdarəçisi', + 'size' => 'ölçü', + 'date' => 'tarix', + 'name' => 'ad', + 'Initializing' => 'Başladılır', + 'UPLOAD' => 'YÜKLƏ', + 'NEW FILE' => 'YENİ FAYL', + 'NEW DIR' => 'YENİ QOVLUQ', + 'DELETE' => 'SİL', + 'RENAME' => 'YENİDƏN ADLANDIR', + 'MOVE' => 'kÖÇÜRT', + 'RIGHTS' => 'HÜQUQLAR', + 'COPY' => 'KOPYALA', + 'ARCHIVE' => 'ARXİVLƏ', + 'EXTRACT' => 'ÇIXART', + 'DOWNLOAD' => 'YÜKLƏ', + 'Are you sure?' => 'Əminsinizmi?', + 'Hit' => 'Hit', + 'to reload the page' => 'səhifəni yeniləm üçün', + 'Directory name cannot be empty' => 'Kataloq adı boş ola bilməz', + 'File name cannot be empty' => 'Fayl adı boş ola bilməz', + 'No file selected' => 'Fayl seçilmədi', + 'No file or folder selected' => 'Fayl və ya qovluq seçilmədi', + 'File type not supported' => 'Fayl tipi dəstəklənmir', + 'Directory download not available in current version' => 'Kataloq yüklnməsi bu versiyada mövcud deyil', + 'Directory not available' => 'Kataloq keçərli deyil', + 'Done' => 'Birdi', + 'Close' => 'Bağla', + 'Copy' => 'Kopyala', + 'Cancel' => 'Ləğv et', + 'Rename' => 'Yenidən adlandır', + 'Move' => 'Köçürt', + 'Change Rights' => 'Hüquqları dəyişdirin', + 'Delete' => 'Sil', + 'Extract' => 'Çıxart', + 'Create' => 'Yarat', + 'Compress' => 'Sıx', + 'OK' => 'TAMAM', + 'YOU ARE COPYING' => 'Siz kopyalayırsınız', + 'YOU ARE REMOVING' => 'Siz silirsiniz', + 'Delete items' => 'Maddələri silin', + 'Copy files' => 'Faylları kopyalayın', + 'Move files' => 'Faylları daşıyın', + 'Are you sure you want to copy' => 'Kopyalamaq istədiyinizə əminsinizmi', + 'Are you sure you want to move' => 'Köçürtmək istədiyinizə əminsinizmi?', + 'Are you sure you want to delete' => 'Silmək istədiyinizə əminsinizmi?', + 'into' => 'daxil', + 'existing files will be replaced' => 'mövcud fayllar dəyişdirilir', + 'Original name' => 'Orjinal adı', + 'File' => 'Fayl', + 'already exists' => 'mövcuddur', + 'Create file' => 'Fayl yarat', + 'Create directory' => 'Kataloq yarat', + 'read by owner' => 'sahini tərəfindən oxunan', + 'write by owner' => 'sahibi tərəfindən yazılan', + 'execute/search by owner' => 'sahibi tərəfindən icra edilən/axtarılan', + 'read by group' => 'grup tərəfindən oxunan', + 'write by group' => 'qrup tərəfindən yazılan', + 'execute/search by group' => 'qrup tərəfindən icar edilən/axtarılan', + 'read by others' => 'başqaları tərəfindən oxunan', + 'write by others' => 'başqaları tərəfindən yazılan', + 'execute/search by others' => 'başqaları tərəfindən icra edilən/axtarılan', + 'Shortcuts' => 'Qısayollar', + 'Add New object' => 'Yeni obyekt əlavə edin', + 'Save Form' => 'Formanı yadda saxla', + 'Cancel saving form' => 'Formanı yadda saxlama', + 'Go to USER list' => 'İstifadəçi siyahısına get', + 'Go to WEB list' => 'Veb siyahısına get', + 'Go to DNS list' => 'DNS siyahısına get', + 'Go to MAIL list' => 'MAIL siyahısına get', + 'Go to DB list' => 'DB siyahısına get', + 'Go to CRON list' => 'CRON siyahısına get', + 'Go to BACKUP list' => 'Nüsxə siyahısına get', + 'Focus on search' => 'Axtarışa fokuslan', + 'Display/Close shortcuts' => 'Qısayolları göstər/bağla', + 'Move backward through top menu' => 'Üst menyu arasında geriyə get', + 'Move forward through top menu' => 'Üst menyu arasında iləriyə get', + 'Enter focused element' => 'Fokuslanmış elementi gör', + 'Move up through elements list' => 'Elementlər siyahısına keçin', + 'Move down through elements list' => 'Elementlər siyahısına keçin', + 'Upload' => 'Yüklə', + 'New File' => 'Yeni fayl', + 'New Folder' => 'Yeni qovluq', + 'Download' => 'Yüklə', + 'Archive' => 'Arxivlə', + 'Save File (in text editor)' => 'Faylı yadda saxla (mətn redaktorunda)', + 'Close Popup / Cancel' => 'Popup bağla / Ləğv et', + 'Move Cursor Up' => 'Kursoru yuxarı qaldır', + 'Move Cursor Down' => 'Kursoru aşağı endir', + 'Switch to Left Tab' => 'Sol taba keçin', + 'Switch to Right Tab' => 'Sağ taba keçin', + 'Switch Tab' => 'Taba keç', + 'Go to the Top of the File List' => 'Fayl siyahısının əvvəlinə get', + 'Go to the Last File' => 'Son fayla bax', + 'Open File / Enter Directory' => 'Faylı aç/Kataloqa daxil ol', + 'Edit File' => 'Faylı redaktə edin', + 'Go to Parent Directory' => 'Əsas kataloqa daxil olun', + 'Select Current File' => 'Hazırki faylı seçin', + 'Select Bunch of Files' => 'Fayl dəstini seçin', + 'Add File to the Current Selection' => 'Hazırki seçimə fayl əlavə edin', + 'Select All Files' => 'Bütün faylları seçin', + 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => + 'qısayollar mükəmməl fayl idarəçisi Midnight Commander fayl idarəçisindən alınmışdır', + 'Licence Key' => 'Lisenziya açarı', + 'Enter License Key' => 'Lisenziya açarını daxil edin', + 'Buy Licence' => 'Lisenziya alın', + 'Buy Lifetime License' => 'Ömür boyu lisenziyası alın', + 'Disable and Cancel Licence' => 'Lisenziyanı söndürün və ləğv edin', + 'Licence Activated' => 'Lisenziya aktivdir', + 'Licence Deactivated' => 'Lisenziya ləğv edilib', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'İstifadəçilə SSH yalnız öz əsas kataloqlarına daxil ola bilərlər.', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Baxış, kopyalama, redaktə, tamfunksional fayl meneceri vasitəsilə veb domendə olan faylların baxışı və ixracı.', + 'This is a commercial module, you would need to purchace license key to enable it.' => 'Bu kommersiya moduludur. Ondan istifadə etmək üçün lisenziya açarını əldə etməlisiniz', + 'Minutes' => 'Dəqiqəlik', + 'Hourly' => 'Saatlıq', + 'Run Command' => 'Əmri aktivləşdir', + 'every month' => 'hər ay', + 'every odd month' => 'hər tək ay', + 'every even month' => 'hər cüt ay', + 'every day' => 'hər gün', + 'every odd day' => 'hər tək gün', + 'every even day' => 'hər cüt gün', + 'weekdays (5 days)' => 'həftə içi (5 gün)', + 'weekend (2 days)' => 'həftə sonu (2 gün)', + 'Monday' => 'Bazar ertəsi', + 'Tuesday' => 'Çərşənbə axşamı', + 'Wednesday' => 'Çərşənbə', + 'Thursday' => 'Cümə axşamı', + 'Friday' => 'Cümə', + 'Saturday' => 'Şənbə', + 'Sunday' => 'Bazar', + 'every hour' => 'hər saat', + 'every two hours' => 'hər iki saatda bir', + 'every minute' => 'hər dəqiqə', + 'every two minutes' => 'hər iki dəqiqdə bir', + 'every' => 'hər', + 'Generate' => 'Yaratmaq', + 'webalizer' => 'webalizer', + 'awstats' => 'awstats', + 'Vesta SSL' => 'Vesta SSL', + 'SUBJECT' => 'MÖVZU', + 'ALIASES' => 'LƏQƏBLƏR', + 'NOT_BEFORE' => 'NOT_BEFORE', + 'NOT_AFTER' => 'NOT_AFTER', + 'SIGNATURE' => 'İMZA', + 'PUB_KEY' => 'PUB_KEY', + 'ISSUER' => 'ISSUER', + 'Use server hostname' => 'Server hostname-dən istifadə et', + 'Use domain hostname' => 'Domen hostname-dən istifadə et', + 'Use STARTTLS' => 'STARTTLS istifadə et', + 'Use SSL / TLS' => 'SSL / TLS istifadə et', + 'No encryption' => 'Şifrələnməsiz', + 'Do not use encryption' => 'Şifrələnməni istifadə etmə', + 'maximum characters length, including prefix' => 'Simvolların maksimal uzunlu %s, prfiks daxil', + 'Email Credentials' => 'E-poçt hüquqları', +); diff --git a/web/inc/i18n/bg.php b/web/inc/i18n/bg.php index 760b88c1..642e6cfa 100644 --- a/web/inc/i18n/bg.php +++ b/web/inc/i18n/bg.php @@ -553,6 +553,7 @@ $LANG['bg'] = array( 'MAIL Server' => 'Пощенски сървър', 'Antivirus' => 'Антивирус', 'AntiSpam' => 'Антиспам', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Уебмейл адрес', 'MySQL Support' => 'MySQL поддръжкс', 'phpMyAdmin URL' => 'phpMyAdmin адрес', diff --git a/web/inc/i18n/bs.php b/web/inc/i18n/bs.php index 22d997e5..4e2f32e1 100644 --- a/web/inc/i18n/bs.php +++ b/web/inc/i18n/bs.php @@ -559,6 +559,7 @@ $LANG['bs'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index 9d58b381..dd39bc10 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -10,104 +10,104 @@ */ $LANG['cn'] = array( - 'Packages' => '预设方案', - 'IP' => 'IP 地址', - 'Graphs' => '资源图表', - 'Statistics' => '统计信息', - 'Log' => '系统日志', - 'Server' => '服务器', - 'Services' => '系统服务', + 'Packages' => '用户方案', + 'IP' => 'IP 地址', + 'Graphs' => '资源图表', + 'Statistics' => '统计信息', + 'Log' => '系统日志', + 'Server' => '服务器', + 'Services' => '系统服务', 'Firewall' => '防火墙', - 'Updates' => '系统更新', - 'Log in' => '登录', - 'Log out' => '登出', + 'Updates' => '系统更新', + 'Log in' => '登录', + 'Log out' => '登出', - 'USER' => '用户账户', - 'WEB' => 'Web 服务', - 'DNS' => 'DNS 服务', - 'MAIL' => '邮箱服务', - 'DB' => '数据库', - 'CRON' => '定时任务', - 'BACKUP' => '数据备份', + 'USER' => '用户账户', + 'WEB' => 'Web 服务', + 'DNS' => 'DNS 服务', + 'MAIL' => '邮箱服务', + 'DB' => '数据库', + 'CRON' => '定时任务', + 'BACKUP' => '数据备份', - 'LOGIN' => '登录', - 'RESET PASSWORD' => '重置密码', - 'SEARCH' => '搜索', - 'PACKAGE' => '预设方案', - 'RRD' => '资源图表', - 'STATS' => '统计信息', - 'LOG' => '系统日志', - 'UPDATES' => '系统更新', - 'FIREWALL' => '防火墙', - 'SERVER' => '服务器', - 'MEMORY' => '内存', - 'DISK' => '磁盘', - 'NETWORK' => '网络', - 'Web Log Manager' => 'Web 日志管理', + 'LOGIN' => '登录', + 'RESET PASSWORD' => '重置密码', + 'SEARCH' => '搜索', + 'PACKAGE' => '用户方案', + 'RRD' => '资源图表', + 'STATS' => '统计信息', + 'LOG' => '系统日志', + 'UPDATES' => '系统更新', + 'FIREWALL' => '防火墙', + 'SERVER' => '服务器', + 'MEMORY' => '内存', + 'DISK' => '磁盘', + 'NETWORK' => '网络', + 'Web Log Manager' => 'Web 日志管理', - 'no notifications' => '没有通知', + 'no notifications' => '没有通知', - 'Add User' => '添加用户', - 'Add Domain' => '添加域名', + 'Add User' => '添加用户', + 'Add Domain' => '添加域名', 'Add Web Domain' => '添加网站域名', - 'Add DNS Domain' => '添加DNS域名', - 'Add DNS Record' => '添加DNS记录', - 'Add Mail Domain' => '添加邮箱域名', - 'Add Mail Account' => '添加邮箱账户', - 'Add Database' => '添加数据库', - 'Add Cron Job' => '添加定时任务', - 'Create Backup' => '创建备份', - 'Configure' => '配置', - 'Restore All' => '全部恢复', - 'Add Package' => '添加方案', - 'Add IP' => '添加IP地址', + 'Add DNS Domain' => '添加DNS域名', + 'Add DNS Record' => '添加DNS记录', + 'Add Mail Domain' => '添加邮箱域名', + 'Add Mail Account' => '添加邮箱账户', + 'Add Database' => '添加数据库', + 'Add Cron Job' => '添加定时任务', + 'Create Backup' => '创建备份', + 'Configure' => '配置', + 'Restore All' => '全部恢复', + 'Add Package' => '添加方案', + 'Add IP' => '添加IP地址', 'Add Rule' => '添加规则', 'Ban IP Address' => '封锁IP地址', - 'Search' => '搜索', + 'Search' => '搜索', 'Add one more FTP Account' => '增加一个FTP账户', - 'Overall Statistics' => '整体统计信息', - 'Daily' => '按天', - 'Weekly' => '按周', - 'Monthly' => '按月', - 'Yearly' => '按年', - 'Add' => '添加', - 'Back' => '返回', - 'Save' => '保存', - 'Submit' => '提交', + 'Overall Statistics' => '整体统计信息', + 'Daily' => '按天', + 'Weekly' => '按周', + 'Monthly' => '按月', + 'Yearly' => '按年', + 'Add' => '添加', + 'Back' => '返回', + 'Save' => '保存', + 'Submit' => '提交', - 'toggle all' => '批量操作', - 'apply to selected' => '应用于选中项的操作', - 'rebuild' => '重建', - 'rebuild web' => '重建网站', - 'rebuild dns' => '重建DNS', - 'rebuild mail' => '重建邮箱', - 'rebuild db' => '重建数据库', - 'rebuild cron' => '重建定时任务', - 'update counters' => '更新计数器', - 'suspend' => '暂停', - 'unsuspend' => '解除暂停', - 'delete' => '删除', - 'show per user' => '按用户显示', - 'login as' => '登录至账户', - 'logout' => '登出', - 'edit' => '编辑', - 'open webstats' => '打开网站统计', - 'view logs' => '查看日志', - 'list records' => '列出 %s 条记录', - 'add record' => '添加记录', - 'list accounts' => '列出 %s 个账户', - 'add account' => '添加账户', - 'open webmail' => '打开网页邮箱', - 'list fail2ban' => 'fail2ban 封锁名单', - 'open %s' => '打开 %s', - 'download' => '下载', - 'restore' => '恢复', - 'configure restore settings' => '配置恢复选项', - 'stop' => '停止', - 'start' => '启动', - 'restart' => '重新启动', - 'update' => '更新', - 'generate' => '生成', + 'toggle all' => '批量操作', + 'apply to selected' => '应用于选中项的操作', + 'rebuild' => '重建', + 'rebuild web' => '重建网站', + 'rebuild dns' => '重建DNS', + 'rebuild mail' => '重建邮箱', + 'rebuild db' => '重建数据库', + 'rebuild cron' => '重建定时任务', + 'update counters' => '更新计数器', + 'suspend' => '暂停', + 'unsuspend' => '解除暂停', + 'delete' => '删除', + 'show per user' => '按用户显示', + 'login as' => '登录至账户', + 'logout' => '登出', + 'edit' => '编辑', + 'open webstats' => '打开网站统计', + 'view logs' => '查看日志', + 'list records' => '列出 %s 条记录', + 'add record' => '添加记录', + 'list accounts' => '列出 %s 个账户', + 'add account' => '添加账户', + 'open webmail' => '打开网页邮箱', + 'list fail2ban' => 'Fail2ban 封锁列表', + 'open %s' => '打开 %s', + 'download' => '下载', + 'restore' => '恢复', + 'configure restore settings' => '配置恢复', + 'stop' => '停止', + 'start' => '启动', + 'restart' => '重新启动', + 'update' => '更新', + 'generate' => '生成', 'Generate CSR' => '生成CSR', 'reread IP' => '重新读取IP', 'enable autoupdate' => '启用自动更新', @@ -116,41 +116,41 @@ $LANG['cn'] = array( 'turn off notifications' => '停用通知', 'configure' => '配置', - 'Adding User' => '添加用户', - 'Editing User' => '编辑用户', - 'Adding Domain' => '添加域名', - 'Editing Domain' => '编辑域名', - 'Adding DNS Domain' => '添加DNS域名', - 'Editing DNS Domain' => '编辑DNS域名', - 'Adding DNS Record' => '添加DNS记录', - 'Editing DNS Record' => '编辑DNS记录', - 'Adding Mail Domain' => '添加邮箱域名', - 'Editing Mail Domain' => '编辑邮箱域名', - 'Adding Mail Account' => '添加邮箱账户', - 'Editing Mail Account' => '编辑邮箱账户', - 'Adding database' => '添加数据库', - 'Editing Cron Job' => '编辑定时任务', - 'Adding Cron Job' => '添加定时任务', - 'Editing Database' => '编辑数据库', - 'Adding Package' => '添加方案', - 'Editing Package' => '编辑方案', - 'Adding IP address' => '添加IP地址', - 'Editing IP Address' => '编辑IP地址', - 'Editing Backup Exclusions' => '配置备份排除项目', + 'Adding User' => '添加用户', + 'Editing User' => '编辑用户', + 'Adding Domain' => '添加域名', + 'Editing Domain' => '编辑域名', + 'Adding DNS Domain' => '添加DNS域名', + 'Editing DNS Domain' => '编辑DNS域名', + 'Adding DNS Record' => '添加DNS记录', + 'Editing DNS Record' => '编辑DNS记录', + 'Adding Mail Domain' => '添加邮箱域名', + 'Editing Mail Domain' => '编辑邮箱域名', + 'Adding Mail Account' => '添加邮箱账户', + 'Editing Mail Account' => '编辑邮箱账户', + 'Adding database' => '添加数据库', + 'Editing Cron Job' => '编辑定时任务', + 'Adding Cron Job' => '添加定时任务', + 'Editing Database' => '编辑数据库', + 'Adding Package' => '添加方案', + 'Editing Package' => '编辑方案', + 'Adding IP address' => '添加IP地址', + 'Editing IP Address' => '编辑IP地址', + 'Editing Backup Exclusions' => '配置需排除备份的项目', 'Generating CSR' => '生成CSR', - 'Listing' => '列出', - 'Search Results' => '搜索结果', + 'Listing' => '列出', + 'Search Results' => '搜索结果', 'Adding Firewall Rule' => '添加防火墙规则', 'Editing Firewall Rule' => '编辑防火墙规则', - 'Adding IP Address to Banlist' => '添加IP至封锁名单', + 'Adding IP Address to Banlist' => '添加IP至封锁列表', - 'active' => '正常', - 'spnd' => '暂停', - 'suspended' => '已暂停', - 'running' => '运行中', - 'stopped' => '已停止', - 'outdated' => '可升级新版本', - 'updated' => '已是最新版本', + 'active' => '正常', + 'spnd' => '暂停', + 'suspended' => '已暂停', + 'running' => '运行中', + 'stopped' => '已停止', + 'outdated' => '可升级新版本', + 'updated' => '已是最新版本', 'yes' => '是', 'no' => '否', @@ -175,7 +175,8 @@ $LANG['cn'] = array( 'User Directories' => '用户目录', 'Template' => '模板', 'Web Template' => 'Web模板', - 'Backend Template' => 'Backend模板', + 'Backend Support' => '后端支持', //New Keyword for PHP-FPM in WEB page. + 'Backend Template' => '后端模板', 'Proxy Template' => '代理模板', 'DNS Template' => 'DNS模板', 'Web Domains' => '网站域名', @@ -184,33 +185,33 @@ $LANG['cn'] = array( 'per domain' => '每域名', 'DNS Domains' => 'DNS域名', 'DNS domains' => 'DNS域名', - 'DNS records' => 'DNS记录', + 'DNS records' => 'DNS记录', 'Name Servers' => 'DNS服务器', 'Mail Domains' => '邮箱域名', 'Mail Accounts' => '邮箱账户', 'Cron Jobs' => '定时任务', 'SSH Access' => 'SSH权限', - 'IP Address' => 'IP地址', + 'IP Address' => 'IP地址', 'IP Addresses' => 'IP地址', 'Backups' => '备份', 'Backup System' => '备份系统', - 'backup exclusions' => '备份排除项目', + 'backup exclusions' => '需排除备份的项目', 'template' => '模板', 'SSL Support' => '启用SSL', 'SSL Home Directory' => 'SSL站点主目录', - 'Lets Encrypt Support' => '采用 Let's Encrypt', - 'Lets Encrypt' => 'Let's Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动签发完成', + 'Lets Encrypt Support' => '采用 Let's Encrypt', + 'Lets Encrypt' => 'Let's Encrypt', + 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动完成签发', 'Proxy Support' => '反向代理', - 'Proxy Extensions' => '代理的文件扩展名', + 'Proxy Extensions' => '需代理的文件扩展名', 'Web Statistics' => '网站统计', 'Additional FTP Account' => '额外的FTP账户', - 'Path' => '路径', + 'Path' => '路径', 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => '过期', 'Records' => '记录', - 'Serial' => 'Serial', + 'Serial' => '序号', 'Catchall email' => '未知收件人聚合邮箱', 'AntiVirus Support' => '防病毒支持', 'AntiSpam Support' => '防垃圾邮件支持', @@ -220,16 +221,16 @@ $LANG['cn'] = array( 'Autoreply' => '自动回复', 'Forward to' => '转发到', 'Do not store forwarded mail' => '不保留已转发的邮件', - 'IMAP hostname' => 'IMAP 服务器', - 'IMAP port' => 'IMAP 端口', - 'IMAP security' => 'IMAP 安全性', - 'IMAP auth method' => 'IMAP 身份验证', - 'SMTP hostname' => 'SMTP 服务器', - 'SMTP port' => 'SMTP 端口', - 'SMTP security' => 'SMTP 安全性', - 'SMTP auth method' => 'SMTP 身份验证', - 'STARTTLS' => 'STARTTLS', - 'Normal password' => '普通密码', + 'IMAP hostname' => 'IMAP 服务器', + 'IMAP port' => 'IMAP 端口', + 'IMAP security' => 'IMAP 安全类型', + 'IMAP auth method' => 'IMAP 身份验证', + 'SMTP hostname' => 'SMTP 服务器', + 'SMTP port' => 'SMTP 端口', + 'SMTP security' => 'SMTP 安全类型', + 'SMTP auth method' => 'SMTP 身份验证', + 'STARTTLS' => 'STARTTLS', + 'Normal password' => '普通密码', 'database' => '数据库', 'User' => '用户名称', 'Host' => '主机', @@ -248,144 +249,147 @@ $LANG['cn'] = array( 'shared' => '共享', 'dedicated' => '独立', 'Owner' => '归属', - 'Users' => '用户', - 'Load Average' => '平均负载', - 'Memory Usage' => '内存用量', - 'APACHE2 Usage' => 'Apache2 用量', - 'HTTPD Usage' => 'HTTPD 用量', - 'NGINX Usage' => 'NGINX 用量', - 'MySQL Usage on localhost' => 'MySQL用量 (localhost)', - 'PostgreSQL Usage on localhost' => 'PostgreSQL用量 (localhost)', - 'Bandwidth Usage eth0' => '网络流量 (eth0)', - 'Bandwidth Usage eth1' => '网络流量 (eth1)', - 'Bandwidth Usage venet0' => '网络流量 (venet0)', - 'Bandwidth Usage venet1' => '网络流量 (venet1)', - 'Exim Usage' => 'Exim 用量', - 'FTP Usage' => 'FTP 用量', - 'SSH Usage' => 'SSH 用量', - 'reverse proxy' => '反向代理', - 'web server' => 'Web服务', - 'dns server' => 'DNS服务', - 'mail server' => '邮箱服务', - 'pop/imap server' => 'POP/IMAP服务', - 'email antivirus' => '邮箱防病毒', - 'email antispam' => '防垃圾邮件', - 'database server' => '数据库服务', - 'ftp server' => 'FTP服务', - 'job scheduler' => '执行定时任务', - 'firewall' => '防火墙服务', - 'brute-force monitor' => '监控暴力破解', - 'CPU' => 'CPU', - 'Memory' => '内存', - 'Uptime' => '已运行时间', - 'core package' => '核心系统', - 'php interpreter' => 'PHP解释器', - 'internal web server' => '内部Web服务', - 'Version' => '版本', - 'Release' => '发布号', - 'Architecture' => '架构', - 'Object' => '对象', - 'Username' => '用户名称', - 'Password' => '密码', - 'Email' => '电子邮箱', - 'Package' => '方案', - 'Language' => '语言', - 'First Name' => '名字', - 'Last Name' => '姓氏', - 'Send login credentials to email address' => '将登录信息发送到邮箱', - 'Default Template' => '默认模板', - 'Default Name Servers' => '默认DNS服务器', - 'Domain' => '域名', - 'DNS Support' => 'DNS支持', - 'Mail Support' => '邮箱支持', - 'Advanced options' => '高级选项', - 'Basic options' => '基本选项', - 'Aliases' => '别名', - 'SSL Certificate' => 'SSL证书', - 'SSL Key' => 'SSL密钥', - 'SSL Certificate Authority / Intermediate' => 'CA证书或中级证书', + 'Users' => '用户', + 'Load Average' => '平均负载', + 'Memory Usage' => '内存使用情况', + 'APACHE2 Usage' => 'Apache2 使用情况', + 'HTTPD Usage' => 'HTTPD 使用情况', + 'NGINX Usage' => 'NGINX 使用情况', + 'MySQL Usage on localhost' => 'MySQL 使用情况 (localhost)', + 'PostgreSQL Usage on localhost' => 'PostgreSQL 使用情况 (localhost)', + 'Bandwidth Usage eth0' => '网络使用情况 (eth0)', + 'Bandwidth Usage eth1' => '网络使用情况 (eth1)', + 'Bandwidth Usage venet0' => '网络使用情况 (venet0)', + 'Bandwidth Usage venet1' => '网络使用情况 (venet1)', + 'Bandwidth Usage docker0' => '网络使用情况 (docker0)', + 'Bandwidth Usage docker1' => '网络使用情况 (docker1)', + 'Exim Usage' => 'Exim 使用情况', + 'FTP Usage' => 'FTP 使用情况', + 'SSH Usage' => 'SSH 使用情况', + 'reverse proxy' => '反向代理', + 'web server' => 'Web服务', + 'backend server' => '后端服务', //New Keyword for PHP-FPM in SERVER page. + 'dns server' => 'DNS服务', + 'mail server' => '邮箱服务', + 'pop/imap server' => 'POP/IMAP服务', + 'email antivirus' => '邮箱防病毒', + 'email antispam' => '防垃圾邮件', + 'database server' => '数据库服务', + 'ftp server' => 'FTP服务', + 'job scheduler' => '执行定时任务', + 'firewall' => '防火墙服务', + 'brute-force monitor' => '防范暴力攻击', + 'CPU' => 'CPU', + 'Memory' => '内存', + 'Uptime' => '已运行时间', + 'core package' => '核心系统', + 'php interpreter' => 'PHP解释器', + 'internal web server' => '内部Web服务', + 'Version' => '版本', + 'Release' => '发布号', + 'Architecture' => '架构', + 'Object' => '对象', + 'Username' => '用户名称', + 'Password' => '密码', + 'Email' => '电子邮箱', + 'Package' => '方案', + 'Language' => '语言', + 'First Name' => '名字', + 'Last Name' => '姓氏', + 'Send login credentials to email address' => '将登录信息发送到邮箱', + 'Default Template' => '默认模板', + 'Default Name Servers' => '默认DNS服务器', + 'Domain' => '域名', + 'DNS Support' => 'DNS支持', + 'Mail Support' => '邮箱支持', + 'Advanced options' => '高级选项', + 'Basic options' => '基本选项', + 'Aliases' => '别名', + 'SSL Certificate' => 'SSL证书', + 'SSL Key' => 'SSL密钥', + 'SSL Certificate Authority / Intermediate' => 'SSL CA证书 / 中级证书', 'SSL CSR' => 'SSL CSR', - 'optional' => '可选', + 'optional' => '可选', 'internal' => '内部', - 'Statistics Authorization' => '统计授权', - 'Statistics Auth' => '统计验证', - 'Account' => '账户', - 'Prefix will be automaticaly added to username' => '用户名称将会自动添加 %s 前缀', - 'Send FTP credentials to email' => '将FTP登录信息发送到邮箱', - 'Expiration Date' => '到期日期', - 'YYYY-MM-DD' => 'YYYY-MM-DD', - 'Name servers' => 'DNS服务器', - 'Record' => '记录', - 'IP or Value' => 'IP或值', - 'Priority' => '优先级', + 'Statistics Authorization' => '统计授权', + 'Statistics Auth' => '统计验证', + 'Account' => '账户', + 'Prefix will be automaticaly added to username' => '用户名称将会自动添加 %s 前缀', + 'Send FTP credentials to email' => '将FTP登录信息发送到邮箱', + 'Expiration Date' => '到期日期', + 'YYYY-MM-DD' => 'YYYY-MM-DD', + 'Name servers' => 'DNS服务器', + 'Record' => '记录', + 'IP or Value' => 'IP或值', + 'Priority' => '优先级', 'Record Number' => '记录编号', - 'in megabytes' => '以MB为单位', - 'Message' => '信息', - 'use local-part' => '采用 local-part', - 'one or more email addresses' => '一个或更多邮箱地址', - 'Prefix will be automaticaly added to database name and database user' => '数据库名及用户名将会自动添加 %s 前缀', - 'Database' => '数据库名称', - 'Type' => '类型', - 'Minute' => '分', - 'Command' => '指令', - 'Package Name' => '方案名称', - 'Netmask' => '子网掩码', - 'Interface' => '网络接口', - 'Shared' => '共享', - 'Assigned user' => '指定用户', - 'Assigned domain' => '指定域名', + 'in megabytes' => '以MB为单位', + 'Message' => '信息', + 'use local-part' => '使用域内部分', + 'one or more email addresses' => '一个或更多邮箱地址', + 'Prefix will be automaticaly added to database name and database user' => '数据库名及用户名将会自动添加 %s 前缀', + 'Database' => '数据库名称', + 'Type' => '类型', + 'Minute' => '分', + 'Command' => '指令', + 'Package Name' => '方案名称', + 'Netmask' => '子网掩码', + 'Interface' => '网络接口', + 'Shared' => '共享', + 'Assigned user' => '指定用户', + 'Assigned domain' => '指定域名', 'NAT IP association' => 'NAT IP 关联', - 'shell' => 'shell', - 'web domains' => '网站域名', - 'web aliases' => '网站别名', - 'dns records' => 'DNS记录', - 'mail domains' => '邮箱域名', - 'mail accounts' => '邮箱账户', - 'accounts' => '账户', - 'databases' => '数据库', - 'cron jobs' => '定时任务', - 'backups' => '备份', - 'quota' => '配额', - 'day of week' => '星期几', - 'cmd' => '指令', - 'users' => '用户', - 'domains' => '域名', - 'aliases' => '别名', - 'records' => '记录', - 'jobs' => '任务', - 'username' => '用户名称', - 'password' => '密码', - 'type' => '类型', - 'charset' => '编码', - 'domain' => '域名', - 'ip' => 'IP', - 'ip address' => 'IP地址', - 'IP address' => 'IP地址', - 'netmask' => '子网掩码', - 'interface' => '网络接口', - 'assigned user' => '指定用户', - 'ns1' => 'ns1', - 'ns2' => 'ns2', - 'user' => '用户', - 'email' => '邮箱', - 'first name' => '名字', - 'last name' => '姓氏', - 'account' => '账户', - 'ssl certificate' => 'SSL证书', - 'ssl key' => 'SSL密钥', - 'stats user password' => '统计用户账户密码', - 'stats username' => '统计用户名称', - 'stats password' => '统计密码', - 'ftp user password' => 'FTP用户账户密码', - 'ftp user' => 'FTP用户', + 'shell' => 'shell', + 'web domains' => '网站域名', + 'web aliases' => '网站别名', + 'dns records' => 'DNS记录', + 'mail domains' => '邮箱域名', + 'mail accounts' => '邮箱账户', + 'accounts' => '账户', + 'databases' => '数据库', + 'cron jobs' => '定时任务', + 'backups' => '备份', + 'quota' => '配额', + 'day of week' => '星期几', + 'cmd' => '指令', + 'users' => '用户', + 'domains' => '域名', + 'aliases' => '别名', + 'records' => '记录', + 'jobs' => '任务', + 'username' => '用户名称', + 'password' => '密码', + 'type' => '类型', + 'charset' => '编码', + 'domain' => '域名', + 'ip' => 'IP', + 'ip address' => 'IP地址', + 'IP address' => 'IP地址', + 'netmask' => '子网掩码', + 'interface' => '网络接口', + 'assigned user' => '指定用户', + 'ns1' => 'ns1', + 'ns2' => 'ns2', + 'user' => '用户', + 'email' => '邮箱', + 'first name' => '名字', + 'last name' => '姓氏', + 'account' => '账户', + 'ssl certificate' => 'SSL证书', + 'ssl key' => 'SSL密钥', + 'stats user password' => '统计用户账户密码', + 'stats username' => '统计用户名称', + 'stats password' => '统计密码', + 'ftp user password' => 'FTP用户账户密码', + 'ftp user' => 'FTP用户', 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最后 70 行', 'AccessLog' => '访问日志', 'ErrorLog' => '错误日志', 'Download AccessLog' => '下载访问日志', 'Download ErrorLog' => '下载错误日志', - 'Country' => '国家', - '2 letter code' => '2位国家简码 如: 中国CN / 美国US', - 'State / Province' => '州 / 省', + 'Country' => '国家地区', + '2 letter code' => '采用 ISO 3166-1 α-2 二位代码 如: 中国CN / 美国US', + 'State / Province' => '州 / 省级', 'City / Locality' => '市 / 地区', 'Organization' => '组织名称', 'Action' => '操作', @@ -415,48 +419,48 @@ $LANG['cn'] = array( 'cron' => '任务', 'user dir' => '用户目录', - 'unlimited' => '无限', - '1 account' => '1 个账户', - '%s accounts' => '%s 个账户', - '1 domain' => '1 个域名', - '%s domains' => '%s 个域名', - '1 record' => '1 条记录', - '%s records' => '%s 条记录', - '1 mail account' => '1 个邮箱账户', - '%s mail accounts' => '%s 个邮箱账户', - '1 database' => '1 个数据库', - '%s databases' => '%s 个数据库', - '1 cron job' => '1 个任务', - '%s cron jobs' => '%s 个任务', - '1 archive' => '1 个存档', - '%s archives' => '%s 个存档', - '1 item' => '1 个项目', - '%s items' => '%s 个项目', - '1 package' => '1 个方案', - '%s packages' => '%s 个方案', - '1 IP address' => '1 个IP地址', - '%s IP addresses' => '%s 个IP地址', - '1 month' => '1 个月', - '%s months' => '%s 个月', - '1 log record' => '1 条日志记录', - '%s log records' => '%s 条日志记录', - '1 object' => '1 个对象', - '%s objects' => '%s 个对象', - 'no exclusions' => '未排除', + 'unlimited' => '无限', + '1 account' => '1 个账户', + '%s accounts' => '%s 个账户', + '1 domain' => '1 个域名', + '%s domains' => '%s 个域名', + '1 record' => '1 条记录', + '%s records' => '%s 条记录', + '1 mail account' => '1 个邮箱账户', + '%s mail accounts' => '%s 个邮箱账户', + '1 database' => '1 个数据库', + '%s databases' => '%s 个数据库', + '1 cron job' => '1 个任务', + '%s cron jobs' => '%s 个任务', + '1 archive' => '1 个存档', + '%s archives' => '%s 个存档', + '1 item' => '1 个项目', + '%s items' => '%s 个项目', + '1 package' => '1 个方案', + '%s packages' => '%s 个方案', + '1 IP address' => '1 个IP地址', + '%s IP addresses' => '%s 个IP地址', + '1 month' => '1 个月', + '%s months' => '%s 个月', + '1 log record' => '1 条日志记录', + '%s log records' => '%s 条日志记录', + '1 object' => '1 个对象', + '%s objects' => '%s 个对象', + 'no exclusions' => '没有被排除的项目', '1 rule' => '1 条规则', '%s rules' => '%s 条规则', 'There are no currently banned IP' => '目前没有被封锁的IP地址', - 'USER_CREATED_OK' => '用户 %s 已添加成功', - 'WEB_DOMAIN_CREATED_OK' => '网站域名 %s 已添加成功', - 'DNS_DOMAIN_CREATED_OK' => 'DNS域名 %s 已添加成功', - 'DNS_RECORD_CREATED_OK' => '记录 %s.%s 已添加成功', - 'MAIL_DOMAIN_CREATED_OK' => '邮箱域名 %s 已添加成功', - 'MAIL_ACCOUNT_CREATED_OK' => '邮箱账户 %s@%s 已添加成功', - 'DATABASE_CREATED_OK' => '数据库 %s 已添加成功', - 'CRON_CREATED_OK' => '定时任务已添加成功', - 'IP_CREATED_OK' => 'IP地址 %s 已添加成功', - 'PACKAGE_CREATED_OK' => '方案 %s 已添加成功', + 'USER_CREATED_OK' => '用户 %s 已添加成功', + 'WEB_DOMAIN_CREATED_OK' => '网站域名 %s 已添加成功', + 'DNS_DOMAIN_CREATED_OK' => 'DNS域名 %s 已添加成功', + 'DNS_RECORD_CREATED_OK' => '记录 %s.%s 已添加成功', + 'MAIL_DOMAIN_CREATED_OK' => '邮箱域名 %s 已添加成功', + 'MAIL_ACCOUNT_CREATED_OK' => '邮箱账户 %s@%s 已添加成功', + 'DATABASE_CREATED_OK' => '数据库 %s 已添加成功', + 'CRON_CREATED_OK' => '定时任务已添加成功', + 'IP_CREATED_OK' => 'IP地址 %s 已添加成功', + 'PACKAGE_CREATED_OK' => '方案 %s 已添加成功', 'SSL_GENERATED_OK' => 'SSL证书已生成成功', 'RULE_CREATED_OK' => '规则已创建成功', 'BANLIST_CREATED_OK' => 'IP地址已封锁成功', @@ -464,8 +468,8 @@ $LANG['cn'] = array( 'Autoupdate has been successfully disabled' => '自动更新已成功关闭', 'Cronjob email reporting has been successfully enabled' => '定时任务的电子邮件报告已成功启用', 'Cronjob email reporting has been successfully disabled' => '定时任务的电子邮件报告已成功关闭', - 'Changes has been saved.' => '已保存更改', - 'Confirmation' => '确认', + 'Changes has been saved.' => '已保存更改', + 'Confirmation' => '确认', 'DELETE_USER_CONFIRMATION' => '确定要删除用户 %s 吗?', 'SUSPEND_USER_CONFIRMATION' => '确定要暂停用户 %s 吗?', 'UNSUSPEND_USER_CONFIRMATION' => '确定要解除暂停用户 %s 吗?', @@ -484,31 +488,31 @@ $LANG['cn'] = array( 'DELETE_CRON_CONFIRMATION' => '确定要删除定时任务吗?', 'SUSPEND_CRON_CONFIRMATION' => '确定要暂停定时任务吗?', 'UNSUSPEND_CRON_CONFIRMATION' => '确定要解除暂停定时任务吗?', - 'DELETE_BACKUP_CONFIRMATION' => '确定要删除 %s 备份吗?', + 'DELETE_BACKUP_CONFIRMATION' => '确定要删除 %s 备份吗?', 'DELETE_EXCLUSION_CONFIRMATION' => '确定要删除 %s 例外吗?', - 'DELETE_PACKAGE_CONFIRMATION' => '确定要删除方案 %s 吗?', - 'DELETE_IP_CONFIRMATION' => '确定要删除IP地址 %s 吗?', + 'DELETE_PACKAGE_CONFIRMATION' => '确定要删除方案 %s 吗?', + 'DELETE_IP_CONFIRMATION' => '确定要删除IP地址 %s 吗?', 'DELETE_RULE_CONFIRMATION' => '确定要删除规则 #%s 吗?', 'SUSPEND_RULE_CONFIRMATION' => '确定要暂停规则 #%s 吗?', 'UNSUSPEND_RULE_CONFIRMATION' => '确定要解除暂停规则 #%s 吗?', 'LEAVE_PAGE_CONFIRMATION' => '确定要离开当前页吗?', 'RESTART_CONFIRMATION' => '确定要重新启动 %s 吗?', - 'Welcome' => '欢迎', - 'LOGGED_IN_AS' => '以 %s 的身份登录', - 'Error' => '错误', - 'Invalid username or password' => '无效的用户名称或密码', - 'Invalid username or code' => '无效的用户名称或验证码.', - 'Passwords not match' => '密码错误', - 'Please enter valid email address.' => '请输入正确的邮箱', - 'Field "%s" can not be blank.' => '"%s" 不能为空', - 'Password is too short.' => '密码太短 (至少为6个数字+字母)', - 'Error code:' => '错误代码: %s', - 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失败', + 'Welcome' => '欢迎', + 'LOGGED_IN_AS' => '以 %s 的身份登录', + 'Error' => '错误', + 'Invalid username or password' => '无效的用户名称或密码', + 'Invalid username or code' => '无效的用户名称或验证码.', + 'Passwords not match' => '密码错误', + 'Please enter valid email address.' => '请输入正确的邮箱', + 'Field "%s" can not be blank.' => '"%s" 不能为空', + 'Password is too short.' => '密码太短 (至少为6个数字+字母)', + 'Error code:' => '错误代码: %s', + 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失败', 'IP address is in use' => 'IP地址在使用中', - 'BACKUP_SCHEDULED' => '您的要求已加入队列中,备份完成后会以电子邮件通知您 ', - 'BACKUP_EXISTS' => '已经有一个备份正在执行,请等待备份完成后再操作', - 'RESTORE_SCHEDULED' => '您的要求已加入队列中,恢复完成后会以电子邮件通知您', - 'RESTORE_EXISTS' => '已经有一个恢复正在执行,请等待恢复完成后再操作', + 'BACKUP_SCHEDULED' => '您的要求已加入队列中,备份完成后会以电子邮件通知您 ', + 'BACKUP_EXISTS' => '已经有一个备份正在执行,请等待备份完成后再操作', + 'RESTORE_SCHEDULED' => '您的要求已加入队列中,恢复完成后会以电子邮件通知您', + 'RESTORE_EXISTS' => '已经有一个恢复正在执行,请等待恢复完成后再操作', 'WEB_EXCLUSIONS' => '输入域名,每行一个。要排除所有域名请使用 *。要排除特定目录使用以下格式: domain.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => '输入域名,每行一个。要排除所有域名请使用 *', @@ -517,27 +521,27 @@ $LANG['cn'] = array( 'CRON_EXCLUSIONS' => '要排除所有任务请使用 *', 'USER_EXCLUSIONS' => '输入目录名称,每行一个。要排除所有目录请使用 *', - 'Welcome to Vesta Control Panel' => '欢迎来到 Vesta 管理系统', - 'MAIL_FROM' => 'Vesta 管理系统 ', + 'Welcome to Vesta Control Panel' => '欢迎来到 Vesta 管理系统', + 'MAIL_FROM' => 'Vesta 管理系统 ', 'GREETINGS_GORDON_FREEMAN' => "您好, %s %s,\n", 'GREETINGS' => "您好,\n", 'ACCOUNT_READY' => "您的账户已创建成功,并可以开始使用了!\n\nhttps://%s/login/\n用户名称: %s\n密码: %s\n\n--\nVesta Control Panel\n", - 'FTP login credentials' => 'FTP 登录信息', + 'FTP login credentials' => 'FTP 登录信息', 'FTP_ACCOUNT_READY' => "FTP账户已创建成功,并可以开始使用了!\n\n主机名称: %s\n用户名称: %s_%s\n密码: %s\n\n--\nVesta Control Panel\n", - 'Database Credentials' => '数据库登录信息', + 'Database Credentials' => '数据库登录信息', 'DATABASE_READY' => "数据库已添加成功!\n\n数据库名称: %s\n用户名称: %s\n密码: %s\n%s\n\n--\nVesta Control Panel\n", - 'forgot password' => '忘记密码', - 'Confirm' => '确认', - 'New Password' => '新密码', - 'Confirm Password' => '确认密码', - 'Reset' => '重置', - 'Reset Code' => '重置代码', - 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => '密码重置代码已发送到您的邮箱
', - 'MAIL_RESET_SUBJECT' => '密码重置在 %s', + 'forgot password' => '忘记密码', + 'Confirm' => '确认', + 'New Password' => '新密码', + 'Confirm Password' => '确认密码', + 'Reset' => '重置', + 'Reset Code' => '重置代码', + 'RESET_NOTICE' => '', + 'RESET_CODE_SENT' => '密码重置代码已发送到您的邮箱
', + 'MAIL_RESET_SUBJECT' => '密码重置在 %s', 'PASSWORD_RESET_REQUEST' => '重置密码请点击链接:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 输入密码重置代码:\n%s\n\n如果您没有要求重置密码,请忽略此邮件\n\n--\nVesta Control Panel\n', 'Jan' => '01月', @@ -559,13 +563,14 @@ $LANG['cn'] = array( 'Default Language' => '默认语言', 'Proxy Server' => '代理服务器', 'Web Server' => 'Web 服务器', - 'Backend Server' => 'Backend 服务器', - 'Backend Pool Mode' => 'Backend Pool 模式', + 'Backend Server' => '后端服务器', + 'Backend Pool Mode' => '后端池模式', 'DNS Server' => 'DNS 服务器', 'DNS Cluster' => 'DNS 集群', 'MAIL Server' => '邮箱服务器', 'Antivirus' => '防病毒引擎', 'AntiSpam' => '防垃圾邮件', + 'Use Web Domain SSL Certificate' => '采用网站域名SSL证书', 'Webmail URL' => '网页邮箱网址', 'MySQL Support' => 'MySQL 支持', 'phpMyAdmin URL' => '设置 phpMyAdmin 网址', @@ -595,7 +600,7 @@ $LANG['cn'] = array( 'Starred' => '星标', 'Name' => '名称', - 'save to favorites' => '收藏加星', + 'save to favorites' => '添加星标', 'File Manager' => '文件管理', 'size' => '大小', @@ -635,8 +640,8 @@ $LANG['cn'] = array( 'Create' => '创建', 'Compress' => '压缩', 'OK' => '确定', - 'YOU ARE COPYING' => 'YOU ARE COPYING', - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', + 'YOU ARE COPYING' => '你正在复制', + 'YOU ARE REMOVING' => '你正在移除', 'Delete items' => '删除这些项目', 'Copy files' => '复制这些文件', 'Move files' => '移动这些文件', @@ -701,7 +706,7 @@ $LANG['cn'] = array( 'Add File to the Current Selection' => '将文件添加到当前选中区内', 'Select All Files' => '选择所有文件', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - '快捷键的灵感来自旖旎的 GNU Midnight Commander 文件管理器', + '快捷键的灵感来自华丽的 GNU Midnight Commander 文件管理器', 'Licence Key' => '许可密匙', 'Enter License Key' => '输入许可密匙', @@ -710,7 +715,7 @@ $LANG['cn'] = array( 'Disable and Cancel Licence' => '停用并取消许可', 'Licence Activated' => '许可已激活', 'Licence Deactivated' => '许可已停用', - 'Restrict users so that they cannot use SSH and access only their home directory.' => '限制用户,使他们通过 SSH 只能访问自己的主目录。', + 'Restrict users so that they cannot use SSH and access only their home directory.' => '限制用户,对他们禁用 SSH 且只能访问自己的主目录。', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '功能全面的文件管理器,浏览,复制,编辑,查看和检索你的 Web 文件。', 'This is a commercial module, you would need to purchace license key to enable it.' => '这是商业模块,请购买许可密匙来启用它。', @@ -719,10 +724,10 @@ $LANG['cn'] = array( 'Run Command' => '运行指令于', 'every month' => '每个月', 'every odd month' => '每个奇数月', - 'every even month' => '每隔 2 月', + 'every even month' => '每个偶数月', 'every day' => '每日', 'every odd day' => '每个奇数日', - 'every even day' => '每隔 2 日', + 'every even day' => '每个偶数日', 'weekdays (5 days)' => '工作日 (5天)', 'weekend (2 days)' => '双休日 (2天)', 'Monday' => '周一 ', @@ -743,16 +748,16 @@ $LANG['cn'] = array( 'awstats' => 'AWStats', 'Vesta SSL' => 'Vesta SSL', - 'SUBJECT' => '颁发给', + 'SUBJECT' => '使用者', 'ALIASES' => '可选名称', - 'NOT_BEFORE' => '有效期从', - 'NOT_AFTER' => '有效期到', + 'NOT_BEFORE' => '有效期自', + 'NOT_AFTER' => '有效期至', 'SIGNATURE' => '签名算法', - 'PUB_KEY' => '密钥位数', + 'PUB_KEY' => '密钥大小', 'ISSUER' => '颁发者', 'Use server hostname' => '采用服务器主机名', - 'Use domain hostname' => '采用域名', + 'Use domain hostname' => '采用账户所在域名', 'Use STARTTLS' => '采用 STARTTLS 加密', 'Use SSL / TLS' => '采用 SSL / TLS 加密', 'No encryption' => '不加密', @@ -760,5 +765,5 @@ $LANG['cn'] = array( 'maximum characters length, including prefix' => '包含前缀最多 %s 个字符', - 'Email Credentials' => '电子邮件证书', + 'Email Credentials' => '电子邮件凭据', ); diff --git a/web/inc/i18n/cz.php b/web/inc/i18n/cz.php index f9f291bf..9a0cac79 100644 --- a/web/inc/i18n/cz.php +++ b/web/inc/i18n/cz.php @@ -560,6 +560,7 @@ $LANG['cz'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/da.php b/web/inc/i18n/da.php index 80e78a35..6e0fab72 100644 --- a/web/inc/i18n/da.php +++ b/web/inc/i18n/da.php @@ -561,6 +561,7 @@ $LANG['da'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/de.php b/web/inc/i18n/de.php index 43fc857b..17d1101f 100644 --- a/web/inc/i18n/de.php +++ b/web/inc/i18n/de.php @@ -214,7 +214,7 @@ $LANG['de'] = array( 'Quota' => 'Kontingent', 'Autoreply' => 'Autoreply', 'Forward to' => 'Weiterleiten zu', - 'Do not store forwarded mail' => 'Weiterleitungs Adresse nicht speichern', + 'Do not store forwarded mail' => 'Weitergeleitete E-Mails nicht speichern', 'IMAP hostname' => 'IMAP hostname', 'IMAP port' => 'IMAP port', 'IMAP security' => 'IMAP security', @@ -559,6 +559,7 @@ $LANG['de'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/el.php b/web/inc/i18n/el.php index 7e193523..bef89086 100644 --- a/web/inc/i18n/el.php +++ b/web/inc/i18n/el.php @@ -561,6 +561,7 @@ $LANG['el'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index ed5c1f2e..d7ae290d 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -559,6 +559,7 @@ $LANG['en'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index d9b9f5fb..6e5ce352 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -8,7 +8,7 @@ * > huloza - https://github.com/huloza * > Estratos Consulting "estratos" - estratos.net * > Manuel Valle "Estilate" - estilate.com - * + * */ $LANG['es'] = array( @@ -21,6 +21,7 @@ $LANG['es'] = array( 'Services' => 'Servicios', 'Firewall' => 'Cortafuegos', 'Updates' => 'Actualizaciones', + 'Apps' => 'Aplicaciones', 'Log in' => 'Iniciar Sesión', 'Log out' => 'Salir', @@ -144,7 +145,7 @@ $LANG['es'] = array( 'Search Results' => 'Resultados de Busqueda', 'Adding Firewall Rule' => 'Añadiendo Regla al Cortafuegos', 'Editing Firewall Rule' => 'Editando Regla del Cortafuegos', - 'Adding IP Address to Banlist' => 'Agregando direcciones IP a la lista negra', + 'Adding IP Address to Banlist' => 'Agregando dirección IP a la lista negra', 'active' => 'activo', 'spnd' => 'suspendido', @@ -192,11 +193,11 @@ $LANG['es'] = array( 'Mail Accounts' => 'Cuentas de Correo', 'Cron Jobs' => 'Tareas Programadas', 'SSH Access' => 'Acceso SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'Dirección IP', + 'IP Address' => 'Dirección IP', + 'IP Addresses' => 'Direcciones IP', 'Backups' => 'Respaldos', 'Backup System' => 'Sistema de Respaldo', - 'backup exclusions' => 'respaldos excluídos', + 'backup exclusions' => 'configurar exclusiones', 'template' => 'plantilla', 'SSL Support' => 'Soportar SSL', 'SSL Home Directory' => 'Directorio local del SSL', @@ -247,8 +248,8 @@ $LANG['es'] = array( 'SYS' => 'SYS', 'Domains' => 'Dominios', 'Status' => 'Estado', - 'shared' => 'compartido', - 'dedicated' => 'dedicado', + 'shared' => 'compartida', + 'dedicated' => 'dedicada', 'Owner' => 'Dueño', 'Users' => 'Usuarios', 'Load Average' => 'Promedio de carga', @@ -287,18 +288,18 @@ $LANG['es'] = array( 'Object' => 'Objeto', 'Username' => 'Nombre de Usuario', 'Password' => 'Contraseña', - 'Email' => 'Email', + 'Email' => 'Correo electrónico', 'Package' => 'Plan', - 'Language' => 'Lenguaje', + 'Language' => 'Idioma', 'First Name' => 'Nombre', 'Last Name' => 'Apellido', 'Send login credentials to email address' => 'Correo para enviar datos de acceso al panel', - 'Default Template' => 'Plantilla por Defecto', - 'Default Name Servers' => 'Servidor de Nombre por Defecto', + 'Default Template' => 'Plantilla Predeterminada', + 'Default Name Servers' => 'Servidor de Nombre Predeterminado', 'Domain' => 'Dominio', 'DNS Support' => 'Soportar DNS', 'Mail Support' => 'Soportar Correo', - 'Advanced options' => 'Opciones Avanzadas', + 'Advanced options' => 'Opciones avanzadas', 'Basic options' => 'Opciones básicas', 'Aliases' => 'Alias', 'SSL Certificate' => 'Certificado SSL', @@ -331,7 +332,7 @@ $LANG['es'] = array( 'Package Name' => 'Nombre del Plan', 'Netmask' => 'Máscara de Red', 'Interface' => 'Interfaz', - 'Shared' => 'Compartido', + 'Shared' => 'Compartida', 'Assigned user' => 'Usuario asignado', 'Assigned domain' => 'Dominio asignado', 'NAT IP association' => 'Asociación NAT IP', @@ -394,7 +395,7 @@ $LANG['es'] = array( 'Comment' => 'Comentario', 'Banlist' => 'Lista Negra', 'ranges are acceptable' => 'rangos son aceptables', - 'CIDR format is supported' => 'Se admite formato CIDR', + 'CIDR format is supported' => 'se admite formato CIDR', 'ACCEPT' => 'ACEPTAR', 'DROP' => 'DENEGAR', 'TCP' => 'TCP', @@ -454,7 +455,7 @@ $LANG['es'] = array( 'MAIL_DOMAIN_CREATED_OK' => 'El Dominio de Correo %s ha sido creado exitosamente.', 'MAIL_ACCOUNT_CREATED_OK' => 'La Cuenta de Correo %s@%s ha sido creada exitosamente.', 'DATABASE_CREATED_OK' => 'La Base de Datos %s ha sido creada exitosamente.', - 'CRON_CREATED_OK' => 'Una Tarea Programada ha sido creada exitosamente.', + 'CRON_CREATED_OK' => 'La Tarea Programada ha sido creada exitosamente.', 'IP_CREATED_OK' => 'La Dirección IP %s ha sido creada exitosamente.', 'PACKAGE_CREATED_OK' => 'El Plan %s ha sido creado exitosamente.', 'SSL_GENERATED_OK' => 'El certificado SSl ha sido creado exitosamente.', @@ -466,33 +467,33 @@ $LANG['es'] = array( 'Cronjob email reporting has been successfully disabled' => 'Se han desactivado exitosamente las notificaciones por correo de las Tareas Programadas.', 'Changes has been saved.' => 'Los cambios han sido guardados exitosamente.', 'Confirmation' => 'Confirmación', - 'DELETE_USER_CONFIRMATION' => '¿Está seguro que desea eliminar el usuario %s?', - 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea suspender el usuario %s?', - 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea habilitar el usuario %s?', - 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro que desea eliminar el dominio %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea suspender el dominio %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea habilitar el dominio %s?', - 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro que desea eliminar el registro %s?', - 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea suspender el registro %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea habilitar el registro %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea eliminar la cuenta de correo %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea suspender la cuenta de correo %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea habilitar la cuenta de correo %s?', - 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro que desea eliminar la base de datos %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea suspender la base de datos %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea habilitar la base de datos %s?', - 'DELETE_CRON_CONFIRMATION' => '¿Está seguro que desea eliminar la tarea programada %s?', - 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea suspender la tarea programada %s?', - 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea habilitar la tarea programada %s?', - 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro que desea eliminar el resplado %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro que desea eliminar la exclusión %s?', - 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro que desea eliminar el plan %s?', - 'DELETE_IP_CONFIRMATION' => '¿Está seguro que desea eliminar la dirección IP %s?', - 'DELETE_RULE_CONFIRMATION' => '¿Está seguro que desea eliminar la regla #%s', - 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea suspender la regla #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea habilitar la regla #%s?', + 'DELETE_USER_CONFIRMATION' => '¿Está seguro de que desea eliminar el usuario %s?', + 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea suspender el usuario %s?', + 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea habilitar el usuario %s?', + 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea eliminar el dominio %s?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea suspender el dominio %s?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea habilitar el dominio %s?', + 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro de que desea eliminar el registro %s?', + 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea suspender el registro %s?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea habilitar el registro %s?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea eliminar la cuenta de correo %s?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea suspender la cuenta de correo %s?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea habilitar la cuenta de correo %s?', + 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro de que desea eliminar la base de datos %s?', + 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea suspender la base de datos %s?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea habilitar la base de datos %s?', + 'DELETE_CRON_CONFIRMATION' => '¿Está seguro de que desea eliminar la tarea programada %s?', + 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea suspender la tarea programada %s?', + 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea habilitar la tarea programada %s?', + 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro de que desea eliminar el resplado %s?', + 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro de que desea eliminar la exclusión %s?', + 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro de que desea eliminar el plan %s?', + 'DELETE_IP_CONFIRMATION' => '¿Está seguro de que desea eliminar la dirección IP %s?', + 'DELETE_RULE_CONFIRMATION' => '¿Está seguro de que desea eliminar la regla #%s', + 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea suspender la regla #%s?', + 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea habilitar la regla #%s?', 'LEAVE_PAGE_CONFIRMATION' => '¿Está seguro de que quiere abandonar esta página?', - 'RESTART_CONFIRMATION' => '¿Está seguro que desea reiniciar %s?', + 'RESTART_CONFIRMATION' => '¿Está seguro de que desea reiniciar %s?', 'Welcome' => 'Bienvenido', 'LOGGED_IN_AS' => 'Has iniciado sesión exitosamente con el usuario %s.', 'Error' => 'Error', @@ -505,10 +506,10 @@ $LANG['es'] = array( 'Error code:' => 'Código de Error: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ha fallado', 'IP address is in use' => 'La Dirección IP está en uso.', - 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', - 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que éste termine.', + 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', + 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que este termine.', 'RESTORE_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando la restauración haya terminado.', - 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que ésta termine.', + 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que esta termine.', 'WEB_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *. Para excluir directorios específicos utilice el siguiente formato: dominio.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *', @@ -556,7 +557,7 @@ $LANG['es'] = array( 'Configuring Server' => 'Configurar Servidor', 'Hostname' => 'Nombre del Servidor', 'Time Zone' => 'Zona Horaria', - 'Default Language' => 'Idioma por Defecto', + 'Default Language' => 'Idioma Predeterminado', 'Proxy Server' => 'Servidor Proxy', 'Web Server' => 'Servidor Web', 'Backend Server' => 'Backend Server', @@ -566,6 +567,7 @@ $LANG['es'] = array( 'MAIL Server' => 'Servidor de Correo', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Utilizar el certificado SSL de un dominio', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Soportar MYSQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', @@ -614,7 +616,7 @@ $LANG['es'] = array( 'EXTRACT' => 'EXTRAER', 'DOWNLOAD' => 'DESCARGAR', 'Are you sure?' => '¿Estás seguro?', - 'Hit' => 'Hit', + 'Hit' => 'Pulsa', 'to reload the page' => 'para recargar la página', 'Directory name cannot be empty' => 'El nombre del directorio no puede estar vacío', 'File name cannot be empty' => 'El nombre del archivo no puede estar vacío', @@ -637,12 +639,12 @@ $LANG['es'] = array( 'OK' => 'OK', 'YOU ARE COPYING' => 'ESTÁS COPIANDO', 'YOU ARE REMOVING' => 'ESTÁS ELIMINANDO', - 'Delete items' => 'Eliminando items', + 'Delete items' => 'Eliminar elementos', 'Copy files' => 'Copiar archivos', 'Move files' => 'Mover archivos', - 'Are you sure you want to copy' => 'Estás seguro que deseas copiar', - 'Are you sure you want to move' => 'Estás seguro que deseas mover', - 'Are you sure you want to delete' => 'Estás seguro que deseas eliminar', + 'Are you sure you want to copy' => 'Estás seguro de que deseas copiar', + 'Are you sure you want to move' => 'Estás seguro de que deseas mover', + 'Are you sure you want to delete' => 'Estás seguro de que deseas eliminar', 'into' => 'en', 'existing files will be replaced' => 'los archivos existentes serán reemplazados', 'Original name' => 'Nombre original', @@ -664,13 +666,13 @@ $LANG['es'] = array( 'Add New object' => 'Añadir Objeto Nuevo', 'Save Form' => 'Guardar Formulario', 'Cancel saving form' => 'Omitir guardar el formulario', - 'Go to USER list' => 'Ir a USUARIOS', // En mi opinión queda mejor "Ir a" que "Ir a Listado o Catalogo" + 'Go to USER list' => 'Ir a USUARIOS', 'Go to WEB list' => 'Ir a DOMINIOS / WEB', 'Go to DNS list' => 'Ir a DNS', 'Go to MAIL list' => 'Ir a CORREOS', 'Go to DB list' => 'Ir a BASES DE DATOS', - 'Go to CRON list' => 'IR a TAREAS PROGRAMADAS', - 'Go to BACKUP list' => 'IR a RESPALDOS', + 'Go to CRON list' => 'Ir a TAREAS PROGRAMADAS', + 'Go to BACKUP list' => 'Ir a RESPALDOS', 'Focus on search' => 'Desplegar Buscador', 'Display/Close shortcuts' => 'Mostrar/Ocultar atajos', 'Move backward through top menu' => 'Desplazarse hacia atrás en el menú superior', @@ -710,7 +712,7 @@ $LANG['es'] = array( 'Disable and Cancel Licence' => 'Deshabilitar y Cancelar Licencia', 'Licence Activated' => 'Licencia Activada', 'Licence Deactivated' => 'Licencia Desactivada', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringue a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringe a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Navegar, copiar, editar, ver y descargar todos los archivos de tu página web utilizando el Administrador de Archivos.', 'This is a commercial module, you would need to purchace license key to enable it.' => 'Este es un módulo comercial, tendrás que adquirir una licencia para poder activarlo.', @@ -751,8 +753,8 @@ $LANG['es'] = array( 'PUB_KEY' => 'CLAVE PÚBLICA', 'ISSUER' => 'EMITIDO POR', - 'Use server hostname' => 'Usar hostname del servidor', - 'Use domain hostname' => 'Usar hostname del dominio', + 'Use server hostname' => 'Usar el nombre del servidor', + 'Use domain hostname' => 'Usar el dominio', 'Use STARTTLS' => 'Usar STARTTLS', 'Use SSL / TLS' => 'Usar SSL / TLS', 'No encryption' => 'Sin encriptación', @@ -760,5 +762,6 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Datos de acceso a la cuenta de correo', + ); diff --git a/web/inc/i18n/fa.php b/web/inc/i18n/fa.php index 926673cc..8355691a 100644 --- a/web/inc/i18n/fa.php +++ b/web/inc/i18n/fa.php @@ -88,6 +88,7 @@ $LANG['fa'] = array( 'list records' => 'فهرست پیشینه های %s', 'add record' => 'افزودن پیشینه', 'list accounts' => 'فهرست حسابهای %s', + 'Apps' => 'برنامه ها', 'add account' => 'افزودن حساب', 'open webmail' => 'بازکردن وب میل', 'list fail2ban' => 'فهرست fail2ban', @@ -542,6 +543,7 @@ $LANG['fa'] = array( 'MAIL Server' => 'سرور پستی', 'Antivirus' => 'ضد ویروس', 'AntiSpam' => 'ضد هرزنامه', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'نشانی وب میل', 'MySQL Support' => 'پشتیبانی MySQL', 'phpMyAdmin URL' => 'نشانی phpMyAdmin', diff --git a/web/inc/i18n/fi.php b/web/inc/i18n/fi.php index aff1375b..951f8da3 100644 --- a/web/inc/i18n/fi.php +++ b/web/inc/i18n/fi.php @@ -2,7 +2,7 @@ /** * Vesta Finnish language file * OHakala (onni@koodimonni.fi) -* RJuho (juho.rasanen@kotikone.fi) +* RJuho (juho.rasanen@setuppi.fi) * theel0ja (theel0ja@theel0ja.info) */ @@ -40,9 +40,9 @@ $LANG['fi'] = array( 'MEMORY' => 'MUISTI', 'DISK' => 'LEVY', 'NETWORK' => 'VERKKO', - 'Web Log Manager' => 'Web Log Manager', + 'Web Log Manager' => 'Verkkolokimanageri', - 'no notifications' => 'no notifications', + 'no notifications' => 'ei ilmoituksia', 'Add User' => 'Lisää käyttäjä', 'Add Domain' => 'Lisää domaini', @@ -111,7 +111,7 @@ $LANG['fi'] = array( 'disable autoupdate' => 'älä päivitä automaattisesti', 'turn on notifications' => 'päälle ilmoitus', 'turn off notifications' => 'sammuta ilmoitus', - 'configure' => 'configure', + 'configure' => 'määritä', 'Adding User' => 'Lisätään käyttäjää', 'Editing User' => 'Muokataan käyttäjää', @@ -195,14 +195,14 @@ $LANG['fi'] = array( 'template' => 'pohjat', 'SSL Support' => 'SSL-tuki', 'SSL Home Directory' => 'SSL-kotihakemisto', - 'Lets Encrypt Support' => 'Lets Encrypt Support', + 'Lets Encrypt Support' => 'Lets Encrypt Tuki', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', + 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikaattisi käsitellään viiden minuutin sisään', 'Proxy Support' => 'Proxy-tuki', 'Proxy Extensions' => 'Proxy-laajennukset', 'Web Statistics' => 'Web-tilastot', 'Additional FTP Account' => 'Ylimääräinen FTP-tili', - 'Path' => 'Path', + 'Path' => 'Polku', 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'Päättyy', @@ -217,19 +217,19 @@ $LANG['fi'] = array( 'Autoreply' => 'Automaattinen vastaus', 'Forward to' => 'Uudelleenohjaa', 'Do not store forwarded mail' => 'Älä säilytä uudelleenohjattuja viestejä', - 'IMAP hostname' => 'IMAP hostname', - 'IMAP port' => 'IMAP port', - 'IMAP security' => 'IMAP security', - 'IMAP auth method' => 'IMAP auth method', - 'SMTP hostname' => 'SMTP-hostname', - 'SMTP port' => 'SMTP-portti', - 'SMTP security' => 'SMTP-turvallisuus', - 'SMTP auth method' => 'SMTP auth method', + 'IMAP hostname' => 'IMAP osoite', + 'IMAP port' => 'IMAP portti', + 'IMAP security' => 'IMAP turvallisuus', + 'IMAP auth method' => 'IMAP auth-menetelmä', + 'SMTP hostname' => 'SMTP osoite', + 'SMTP port' => 'SMTP portti', + 'SMTP security' => 'SMTP turvallisuus', + 'SMTP auth method' => 'SMTP auth-menetelmä', 'STARTTLS' => 'STARTTLS', 'Normal password' => 'Normaali salasana', 'database' => 'tietokanta', 'User' => 'Käyttäjä', - 'Host' => 'Host', + 'Host' => 'Isäntä', 'Charset' => 'Merkistö', 'Min' => 'Min', 'Hour' => 'Tunti', @@ -243,7 +243,7 @@ $LANG['fi'] = array( 'Domains' => 'Domainit', 'Status' => 'Tila', 'shared' => 'jaetut', - 'dedicated' => 'dedicated', + 'dedicated' => 'omistautunut', 'Owner' => 'Omistaja', 'Users' => 'Käyttäjät', 'Load Average' => 'Keskimääräinen Käyttöaste', @@ -268,8 +268,8 @@ $LANG['fi'] = array( 'database server' => 'tietokantapalvelin', 'ftp server' => 'ftp-palvelin', 'job scheduler' => 'ajastettu työ', //no-idea E: @theel0ja: ajastettu työ would be good. - 'firewall' => 'firewall', - 'brute-force monitor' => 'brute-force monitor', + 'firewall' => 'palomuuri', + 'brute-force monitor' => 'raaka voima monitori', 'CPU' => 'Prosessori', 'Memory' => 'Muisti', 'Uptime' => 'Käyttöaika', @@ -282,7 +282,7 @@ $LANG['fi'] = array( 'Object' => 'Objekti', 'Username' => 'Käyttäjä', 'Password' => 'Salasana', - 'Email' => 'Email', + 'Email' => 'Sähköposti', 'Package' => 'Paketti', 'Language' => 'Kieli', 'First Name' => 'Etunimi', @@ -290,15 +290,15 @@ $LANG['fi'] = array( 'Send login credentials to email address' => 'Lähetä kirjautumistiedot sähköpostilla.', 'Default Template' => 'Oletuspohja', 'Default Name Servers' => 'Oletusnimipalvelimet', - 'Domain' => 'Domain', + 'Domain' => 'Domaini', 'DNS Support' => 'Tarvitsee DNS:n', 'Mail Support' => 'Tarvitsee sähköpostin', 'Advanced options' => 'Lisäasetukset', - 'Basic options' => 'Basic options', + 'Basic options' => 'Perusasetukset', 'Aliases' => 'Aliakset', 'SSL Certificate' => 'SSL-sertifikaatti', 'SSL Key' => 'SSL-avain', - 'SSL Certificate Authority / Intermediate' => 'SSL Certificate Authority / Intermediate', //no-idea + 'SSL Certificate Authority / Intermediate' => 'SSL varmenteen tarjoaja', //no-idea 'SSL CSR' => 'SSL CSR', 'optional' => 'valinnainen', 'internal' => 'sisäinen', @@ -311,12 +311,12 @@ $LANG['fi'] = array( 'YYYY-MM-DD' => 'YYYY-MM-DD', 'Name servers' => 'Nimipalvelimet', 'Record' => 'Tietue', - 'IP or Value' => 'IP or Value', //no-idea + 'IP or Value' => 'IP tai Arvo', //no-idea 'Priority' => 'Prioriteetti', 'Record Number' => 'Tietueen numero', 'in megabytes' => 'megatavuissa', 'Message' => 'Viesti', - 'use local-part' => 'use local-part', //no-idea + 'use local-part' => 'käytä paikallista osaa', //no-idea 'one or more email addresses' => 'yksi tai useampia sähköposteja', 'Prefix will be automaticaly added to database name and database user' => 'Etuliite %s lisätään automaattisesti tietokannan nimeen ja käyttäjään', 'Database' => 'Tietokanta', @@ -324,12 +324,12 @@ $LANG['fi'] = array( 'Minute' => 'Minuutti', 'Command' => 'Käsky', 'Package Name' => 'Paketin nimi', - 'Netmask' => 'Netmask', //no-idea - 'Interface' => 'Interface', //no-idea + 'Netmask' => 'Verkkopeite', //no-idea + 'Interface' => 'Käyttöliittymä', //no-idea 'Shared' => 'Jaettu', 'Assigned user' => 'Määritetty käyttäjä', 'Assigned domain' => 'Määritetty domain', - 'NAT IP association' => 'NAT IP association', //no-idea + 'NAT IP association' => 'NAT IP yhteys', //no-idea 'shell' => 'shell', 'web domains' => 'web-domainit', 'web aliases' => 'web-aliakset', @@ -351,12 +351,12 @@ $LANG['fi'] = array( 'username' => 'käyttäjänimi', 'password' => 'salasana', 'type' => 'tyyppi', - 'charset' => 'charset', + 'charset' => 'merkistö', 'domain' => 'domain', 'ip' => 'ip', 'ip address' => 'ip-osoite', 'IP address' => 'IP-osoite', - 'netmask' => 'netmask', + 'netmask' => 'verkkopeite', 'interface' => 'yhdyskäytävä', 'assigned user' => 'omistaja', 'ns1' => 'ns1', @@ -385,35 +385,35 @@ $LANG['fi'] = array( 'Organization' => 'Organisaatio', 'Action' => 'Toiminta', 'Protocol' => 'Protokolla', - 'Port' => 'Port', + 'Port' => 'Portti', 'Comment' => 'Kommentti', 'Banlist' => 'Bannilista', 'ranges are acceptable' => 'vaihteluvälit ovat hyväksyttäviä', 'CIDR format is supported' => 'CIDR muotoa tuetaan', - 'ACCEPT' => 'ACCEPT', - 'DROP' => 'DROP', + 'ACCEPT' => 'HYVÄKSY', + 'DROP' => 'TIPUTA', 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP' => 'ICMP', 'SSH' => 'SSH', 'FTP' => 'FTP', 'VESTA' => 'VESTA', - 'Add one more Name Server' => 'Add one more Name Server', + 'Add one more Name Server' => 'Lisää vielä yksi nimipalvelin', - 'web domain' => 'web domain', - 'dns domain' => 'dns domain', - 'dns record' => 'dns record', - 'mail domain' => 'mail domain', - 'mail account' => 'mail account', - 'cron job' => 'cron job', + 'web domain' => 'web domaini', + 'dns domain' => 'dns domaini', + 'dns record' => 'dns tietue', + 'mail domain' => 'mail domaini', + 'mail account' => 'mail tili', + 'cron job' => 'cron-tehtävä', 'cron' => 'cron', - 'user dir' => 'user dir', + 'user dir' => 'käyttäjän hakemisto', - 'unlimited' => 'unlimited', + 'unlimited' => 'rajoittamaton', '1 account' => '1 tili', '%s accounts' => '%s tiliä', - '1 domain' => '1 domain', + '1 domain' => '1 domaini', '%s domains' => '%s domainia', '1 record' => '1 tietue', '%s records' => '%s tietuetta', @@ -423,10 +423,10 @@ $LANG['fi'] = array( '%s databases' => '%s tietokantaa', '1 cron job' => '1 cron-tehtävä', '%s cron jobs' => '%s cron-tehtävää', - '1 archive' => '1 archive', - '%s archives' => '%s archives', - '1 item' => '1 item', - '%s items' => '%s items', + '1 archive' => '1 arkisto', + '%s archives' => '%s arkistoa', + '1 item' => '1 kohde', + '%s items' => '%s kohdetta', '1 package' => '1 paketti', '%s packages' => '%s pakettia', '1 IP address' => '1 IP-osoite', @@ -454,11 +454,11 @@ $LANG['fi'] = array( 'PACKAGE_CREATED_OK' => 'Paketti %s lisättiin onnistuneesti.', 'SSL_GENERATED_OK' => 'Sertifikaatti lisättiin onnistuneesti.', 'RULE_CREATED_OK' => 'Sääntö lisättiin onnistuneesti.', - 'BANLIST_CREATED_OK' => 'IP address has been banned successfully', + 'BANLIST_CREATED_OK' => 'IP-osoite on bannattu onnistuneesti', 'Autoupdate has been successfully enabled' => 'Automaattinen päivitys otettu käyttöön', 'Autoupdate has been successfully disabled' => 'Automaattinen päivitys poistettu käytöstä', - 'Cronjob email reporting has been successfully enabled' => 'Cronjob sähköposti raportointi on onnistuneesti mahdollistanut', - 'Cronjob email reporting has been successfully disabled' => 'Cronjob sähköposti raportointi on onnistuneesti poistettu', + 'Cronjob email reporting has been successfully enabled' => 'Ajoitettu sähköposti raportointi onnistuneesti aktivoitu', + 'Cronjob email reporting has been successfully disabled' => 'Ajoitettu sähköposti raportointi onnistuneesti poistettu käytöstä', 'Changes has been saved.' => 'Muutokset tallennettu.', 'Confirmation' => 'Hyväksyntä', 'DELETE_USER_CONFIRMATION' => 'Haluatko varmasti poistaa käyttäjän %s?', @@ -530,7 +530,7 @@ $LANG['fi'] = array( 'Confirm Password' => 'Hyväksy salasana', 'Reset' => 'Nollaa', 'Reset Code' => 'Nollauskoodi', - 'RESET_NOTICE' => '', // should we add something here? + 'RESET_NOTICE' => '', 'RESET_CODE_SENT' => 'Salasanan nollauskoodi on lähetetty sähköpostiisi
', 'MAIL_RESET_SUBJECT' => 'Salana vaihdettiin %s', 'PASSWORD_RESET_REQUEST' => "Nollataksesi hallintapaneelin salasanan, seuraa tätä linkkiä:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nVaihtoehtoisesti voit mennä https://%s/reset/?action=code&user=%s ja syöttää nollauskoodin:\n%s\n\nJos et varta vasten pyytänyt tätä salasananvaihtoa, mene paniikkiin ja ota yhteyttä ylläpitoon.\n\n--\nVesta-hallintapaneeli\n", @@ -549,54 +549,55 @@ $LANG['fi'] = array( 'Dec' => 'Jou', 'Configuring Server' => 'Konfiguroidaan palvelinta', - 'Hostname' => 'Hostname', + 'Hostname' => 'Osoite', 'Time Zone' => 'Aikavyöhyke', 'Default Language' => 'Oletuskieli', 'Proxy Server' => 'Välityspalvelin', 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', + 'Backend Server' => 'Taustapalvelin', + 'Backend Pool Mode' => 'Taustapalvelin Allas Tila', 'DNS Server' => 'DNS-palvelin', 'DNS Cluster' => 'DNS-klusteri', 'MAIL Server' => 'MAIL-palvelin', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmailin URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', - 'PostgreSQL Support' => 'PostgreSQL Support', + 'PostgreSQL Support' => 'PostgreSQL Tuki', 'phpPgAdmin URL' => 'phpPgAdmin URL', 'Maximum Number Of Databases' => 'Maksimimäärä tietokantoja', - 'Current Number Of Databases' => 'Current Number Of Databases', + 'Current Number Of Databases' => 'Nykyisten tietokantojen lukumäärä', 'Local backup' => 'Paikallinen varmuuskopio', - 'Compression level' => 'Compression level', + 'Compression level' => 'Pakkausaste', 'Directory' => 'Hakemisto', - 'Remote backup' => 'Remote backup', + 'Remote backup' => 'Etävarmuuskopiointi', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', - 'Vesta Control Panel Plugins' => 'Vesta Control Panel Plugins', - 'preview' => 'preview', - 'Reseller Role' => 'Reseller Role', - 'Web Config Editor' => 'Web Config Editor', - 'Template Manager' => 'Template Manager', - 'Backup Migration Manager' => 'Backup Migration Manager', + 'FileSystem Disk Quota' => 'FileSystem Levykiintiö', + 'Vesta Control Panel Plugins' => 'Vesta Hallintapaneeli Lisäosat', + 'preview' => 'esikatselu', + 'Reseller Role' => 'Jälleenmyyjän Rooli', + 'Web Config Editor' => 'Web-määrityseditori', + 'Template Manager' => 'Pohja Hallinta', + 'Backup Migration Manager' => 'Varmuuskopion Siirtymänhallinta', 'FileManager' => 'FileManager', - 'show: CPU / MEM / NET / DISK' => 'show: CPU / MEM / NET / DISK', + 'show: CPU / MEM / NET / DISK' => 'näytä: CPU / MEM / NET / DISK', - 'sort by' => 'sort by', + 'sort by' => 'järjestä', 'Date' => 'Päivämäärä', - 'Starred' => 'Starred', + 'Starred' => 'Tähditetty', 'Name' => 'Nimi', - 'save to favorites' => 'save to favorites', + 'save to favorites' => 'tallenna suosikkeihin', 'File Manager' => 'Tiedostonhallinta', 'size' => 'koko', 'date' => 'päivämäärä', 'name' => 'nimi', - 'Initializing' => 'Initializing', + 'Initializing' => 'Alustetaan', 'UPLOAD' => 'LÄHETÄ', 'NEW FILE' => 'UUSI TIEDOSTO', 'NEW DIR' => 'UUSI HAKEMISTO', @@ -609,117 +610,117 @@ $LANG['fi'] = array( 'EXTRACT' => 'PURA', 'DOWNLOAD' => 'LATAA', 'Are you sure?' => 'Oletko varma?', // unused? - 'Hit' => 'Hit', - 'to reload the page' => 'to reload the page', - 'Directory name cannot be empty' => 'Directory name cannot be empty', - 'File name cannot be empty' => 'File name cannot be empty', - 'No file selected' => 'No file selected', - 'No file or folder selected' => 'No file or folder selected', - 'File type not supported' => 'File type not supported', - 'Directory download not available in current version' => 'Directory download not available in current version', - 'Directory not available' => 'Directory not available', - 'Done' => 'Done', + 'Hit' => 'Osuma', + 'to reload the page' => 'ladataksesi sivu uudelleen', + 'Directory name cannot be empty' => 'Hakemiston nimi ei voi olla tyhjä', + 'File name cannot be empty' => 'Tiedostonimi ei voi olla tyhjä', + 'No file selected' => 'Ei tiedostoa valittuna', + 'No file or folder selected' => 'Ei tiedostoa tai kansiota valittuna', + 'File type not supported' => 'Tiedostotyyppiä ei tueta', + 'Directory download not available in current version' => 'Hakemiston lataus ei ole saatavilla nykyisessä versiossa', + 'Directory not available' => 'Hakemisto ei ole käytettävissä', + 'Done' => 'Tehty', 'Close' => 'Sulje', 'Copy' => 'Kopioi', 'Cancel' => 'Peru', 'Rename' => 'Uudelleennimeä', 'Move' => 'Siirrä', - 'Change Rights' => 'Change Rights', + 'Change Rights' => 'Muuta Oikeuksia', 'Delete' => 'Poista', 'Extract' => 'Pura', 'Create' => 'Luo', 'Compress' => 'Pakkaa', 'OK' => 'OK', - 'YOU ARE COPYING' => 'YOU ARE COPYING', // unused? - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', - 'Delete items' => 'Delete items', + 'YOU ARE COPYING' => 'OLET KOPIOIMASSA', // unused? + 'YOU ARE REMOVING' => 'OLET POISTAMASSA', + 'Delete items' => 'Poista kohteet', 'Copy files' => 'Kopioi tiedostoja', 'Move files' => 'Siirrä tiedostoja', - 'Are you sure you want to copy' => 'Are you sure you want to copy', - 'Are you sure you want to move' => 'Are you sure you want to move', - 'Are you sure you want to delete' => 'Are you sure you want to delete', - 'into' => 'into', - 'existing files will be replaced' => 'existing files will be replaced', - 'Original name' => 'Original name', + 'Are you sure you want to copy' => 'Haluatko varmasti kopioida', + 'Are you sure you want to move' => 'Haluatko varmasti siirtää', + 'Are you sure you want to delete' => 'Haluatko varmasti poistaa', + 'into' => 'osaksi', + 'existing files will be replaced' => 'olemassa olevat tiedostot korvataan', + 'Original name' => 'Alkuperäinen nimi', 'File' => 'Tiedosto', 'already exists' => 'on jo olemassa', 'Create file' => 'Luo tiedosto', 'Create directory' => 'Luo hakemisto', - 'read by owner' => 'read by owner', - 'write by owner' => 'write by owner', - 'execute/search by owner' => 'execute/search by owner', - 'read by group' => 'read by group', - 'write by group' => 'write by group', - 'execute/search by group' => 'execute/search by group', - 'read by others' => 'read by others', - 'write by others' => 'write by others', - 'execute/search by others' => 'execute/search by others', + 'read by owner' => 'read by owner', // no idea + 'write by owner' => 'write by owner', // no idea + 'execute/search by owner' => 'execute/search by owner', // no idea + 'read by group' => 'read by group',// no idea + 'write by group' => 'write by group', // no idea + 'execute/search by group' => 'execute/search by group', // no idea + 'read by others' => 'read by others', // no idea + 'write by others' => 'write by others', // no idea + 'execute/search by others' => 'execute/search by others', // no idea - 'Shortcuts' => 'Shortcuts', - 'Add New object' => 'Add New object', - 'Save Form' => 'Save Form', - 'Cancel saving form' => 'Cancel saving form', - 'Go to USER list' => 'Go to USER list', - 'Go to WEB list' => 'Go to WEB list', - 'Go to DNS list' => 'Go to DNS list', - 'Go to MAIL list' => 'Go to MAIL list', - 'Go to DB list' => 'Go to DB list', - 'Go to CRON list' => 'Go to CRON list', - 'Go to BACKUP list' => 'Go to BACKUP list', - 'Focus on search' => 'Focus on search', - 'Display/Close shortcuts' => 'Display/Close shortcuts', - 'Move backward through top menu' => 'Move backward through top menu', - 'Move forward through top menu' => 'Move forward through top menu', - 'Enter focused element' => 'Enter focused element', - 'Move up through elements list' => 'Move up through elements list', - 'Move down through elements list' => 'Move down through elements list', + 'Shortcuts' => 'Pikavalinnat', + 'Add New object' => 'Lisää uusi objekti', + 'Save Form' => 'Tallenna Lomake', + 'Cancel saving form' => 'Peruuta tallennuslomake', + 'Go to USER list' => 'Mene USER listaan', + 'Go to WEB list' => 'Mene WEB listaan', + 'Go to DNS list' => 'Mene DNS listaan', + 'Go to MAIL list' => 'Mene MAIL listaan', + 'Go to DB list' => 'Mene DB listaan', + 'Go to CRON list' => 'Mene CRON listaan', + 'Go to BACKUP list' => 'Mene BACKUP listaan', + 'Focus on search' => 'Keskity hakuun', + 'Display/Close shortcuts' => 'Näytä/Piilota pikavalinnat', + 'Move backward through top menu' => 'Siirrä taaksepäin ylävalikosta', + 'Move forward through top menu' => 'Siirry eteenpäin ylävalikosta', + 'Enter focused element' => 'Anna valittuun elementtiin', + 'Move up through elements list' => 'Siirry ylöspäin elementtien listassa', + 'Move down through elements list' => 'Siirry alaspäin elementtien listassa', 'Upload' => 'Lähetä', 'New File' => 'Uusi kansio', 'New Folder' => 'Uusi hakemisto', 'Download' => 'Lataa', 'Archive' => 'Arkisto', - 'Save File (in text editor)' => 'Save File (in text editor)', - 'Close Popup / Cancel' => 'Close Popup / Cancel', - 'Move Cursor Up' => 'Move Cursor Up', - 'Move Cursor Down' => 'Move Cursor Down', - 'Switch to Left Tab' => 'Switch to Left Tab', - 'Switch to Right Tab' => 'Switch to Right Tab', - 'Switch Tab' => 'Switch Tab', - 'Go to the Top of the File List' => 'Go to the Top of the File List', - 'Go to the Last File' => 'Go to the Last File', - 'Open File / Enter Directory' => 'Open File / Enter Directory', - 'Edit File' => 'Edit File', - 'Go to Parent Directory' => 'Go to Parent Directory', - 'Select Current File' => 'Select Current File', - 'Select Bunch of Files' => 'Select Bunch of Files', - 'Add File to the Current Selection' => 'Add File to the Current Selection', + 'Save File (in text editor)' => 'Tallenna tiedosto (tekstieditorissa)', + 'Close Popup / Cancel' => 'Sulje ponnahdusikkuna / Peruuta', + 'Move Cursor Up' => 'Siirrä Osoitin Ylös', + 'Move Cursor Down' => 'Siirrä Osoitin Alas', + 'Switch to Left Tab' => 'Vaihda Vasempaan Välilehteen', + 'Switch to Right Tab' => 'Vaihda Oikeaan Välilehteen', + 'Switch Tab' => 'Vaihda Välilehteä', + 'Go to the Top of the File List' => 'Siirry Tiedosto Luettelon Yläreunaan', + 'Go to the Last File' => 'Siirry Viimeiseen Tiedostoon', + 'Open File / Enter Directory' => 'Avaa Tiedosto / Anna hakemisto', + 'Edit File' => 'Muokkaa tiedostoa', + 'Go to Parent Directory' => 'Mene emohakemistoon', + 'Select Current File' => 'Valitse Nykyinen Tiedosto', + 'Select Bunch of Files' => 'Valitse Joukko Tiedostoja', + 'Add File to the Current Selection' => 'Lisää Tiedosto Nykyiseen Valintaan', 'Select All Files' => 'Valitse kaikki tiedostot', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'shortcuts are inspired by magnificent GNU Midnight Commander file manager', + 'pikavalinnat inspiroi upea GNU Midnight Commander tiedostonhallinta', 'Licence Key' => 'Lisenssiavain', - 'Enter License Key' => 'Enter License Key', + 'Enter License Key' => 'Syötä Lisenssi Avain', 'Buy Licence' => 'Osta lisenssi', 'Buy Lifetime License' => 'Osta elinikäinen lisenssi', - 'Disable and Cancel Licence' => 'Disable and Cancel Licence', + 'Disable and Cancel Licence' => 'Poista Käytöstä ja Peruuta Lisenssi', 'Licence Activated' => 'Lisenssi aktivoitu', 'Licence Deactivated' => 'Lisenssi deaktivoitu', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restrict users so that they cannot use SSH and access only their home directory.', - 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.', - 'This is a commercial module, you would need to purchace license key to enable it.' => 'This is a commercial module, you would need to purchace license key to enable it.', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Rajoita käyttäjiä siten, että he eivät voi käyttää SSH:ta ja heillä on pääsy vain kotikansioonsa.', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Selaa, kopioi, muokkaa, tarkastele ja hae kaikista web palveluista täysin varustellulla File Managerilla.', + 'This is a commercial module, you would need to purchace license key to enable it.' => 'Tämä on kaupallinen moduuli, sinun on ostettava lisenssiavain, ottaaksesi se käyttöön.', 'Minutes' => 'Minuutittain', // fuzzy 'Hourly' => 'Tunneittain', 'Run Command' => 'Aja Komento', 'every month' => 'joka kuukausi', 'every odd month' => 'joka toinen kuukausi', - 'every even month' => 'every even month', + 'every even month' => 'joka parillinen kuukausi', 'every day' => 'joka päivä', 'every odd day' => 'joka toinen päivä', - 'every even day' => 'every even day', - 'weekdays (5 days)' => 'weekdays (5 days)', - 'weekend (2 days)' => 'weekend (2 days)', + 'every even day' => 'joka parillinen päivä', + 'weekdays (5 days)' => 'arkisin (5 päivää)', + 'weekend (2 days)' => 'viikonloppu (2 päivää)', 'Monday' => 'Maanantai', 'Tuesday' => 'Tiistai', 'Wednesday' => 'Keskiviikko', @@ -731,7 +732,7 @@ $LANG['fi'] = array( 'every two hours' => 'joka toinen tunti', 'every minute' => 'joka minuutti', 'every two minutes' => 'joka toinen minuutti', - 'every' => 'every', + 'every' => 'joka', 'Generate' => 'Generoi', 'webalizer' => 'webalizer', @@ -746,16 +747,16 @@ $LANG['fi'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'Käytä palvelimen isäntänimeä', + 'Use domain hostname' => 'Käytä verkkotunnuksen isäntänimeä', + 'Use STARTTLS' => 'Käytä STARTTLS', + 'Use SSL / TLS' => 'Käytä SSL / TLS', + 'No encryption' => 'Ei salausta', + 'Do not use encryption' => 'Älä käytä salausta', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'maksimissaan %s merkkiä pitkä, mukaan lukien etuliite', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Sähköpostitiedot', // Texts below doesn't exist in en.php 'traffic' => 'tiedonsiirto', diff --git a/web/inc/i18n/fr.php b/web/inc/i18n/fr.php index c57e6266..4e2e3144 100644 --- a/web/inc/i18n/fr.php +++ b/web/inc/i18n/fr.php @@ -559,6 +559,7 @@ $LANG['fr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/hu.php b/web/inc/i18n/hu.php index af461107..1c37f93f 100644 --- a/web/inc/i18n/hu.php +++ b/web/inc/i18n/hu.php @@ -563,6 +563,7 @@ $LANG['hu'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/id.php b/web/inc/i18n/id.php index ad3c18eb..4702b7cc 100644 --- a/web/inc/i18n/id.php +++ b/web/inc/i18n/id.php @@ -1,22 +1,20 @@ 'Paket', 'IP' => 'IP', 'Graphs' => 'Grafik', - 'Statistics' => 'Statisktik', + 'Statistics' => 'Statistik', 'Log' => 'Log', 'Server' => 'Server', 'Services' => 'Layanan', 'Firewall' => 'Firewall', - 'Updates' => 'Updates', + 'Updates' => 'Perbarui', 'Log in' => 'Masuk', 'Log out' => 'Keluar', @@ -28,22 +26,22 @@ $LANG['id'] = array( 'CRON' => 'CRON', 'BACKUP' => 'CADANGAN', - 'LOGIN' => 'LOGIN', - 'RESET PASSWORD' => 'RESET PASSWORD', - 'SEARCH' => 'SEARCH', - 'PACKAGE' => 'PACKAGE', + 'LOGIN' => 'MASUK', + 'RESET PASSWORD' => 'RESET KATA SANDI', + 'SEARCH' => 'CARI', + 'PACKAGE' => 'PAKET', 'RRD' => 'RRD', 'STATS' => 'STATS', 'LOG' => 'LOG', - 'UPDATES' => 'UPDATES', + 'UPDATES' => 'PERBARUI', 'FIREWALL' => 'FIREWALL', 'SERVER' => 'SERVER', - 'MEMORY' => 'MEMORY', - 'DISK' => 'DISK', - 'NETWORK' => 'NETWORK', + 'MEMORY' => 'MEMORI', + 'DISK' => 'DISKA', + 'NETWORK' => 'JARINGAN', 'Web Log Manager' => 'Web Log Manager', - 'no notifications' => 'no notifications', + 'no notifications' => 'tidak ada notifikasi', 'Add User' => 'Tambah Pengguna', 'Add Domain' => 'Tambah Domain', @@ -60,7 +58,7 @@ $LANG['id'] = array( 'Add Package' => 'Tambah Paket', 'Add IP' => 'Tambah IP', 'Add Rule' => 'Tambah Aturan', - 'Ban IP Address' => 'Memblokir IP', + 'Ban IP Address' => 'Blokir Alamat IP', 'Search' => 'Cari', 'Add one more FTP Account' => 'Tambah satu lagi Pengguna FTP', 'Overall Statistics' => 'Seluruh Statistik', @@ -71,16 +69,16 @@ $LANG['id'] = array( 'Add' => 'Tambah', 'Back' => 'Kembali', 'Save' => 'Simpan', - 'Submit' => 'Masukkan', + 'Submit' => 'Submit', 'toggle all' => 'alihkan semua', - 'apply to selected' => 'terapkan yg dipilih', - 'rebuild' => 'rancang ulang', - 'rebuild web' => 'rancang ulang web', - 'rebuild dns' => 'rancang ulang dns', - 'rebuild mail' => 'rancang ulang mail', - 'rebuild db' => 'rancang ulang db', - 'rebuild cron' => 'rancang ulang cron', + 'apply to selected' => 'terapkan yang dipilih', + 'rebuild' => 'bangun kembali', + 'rebuild web' => 'bangun kembali web', + 'rebuild dns' => 'bangun kembali dns', + 'rebuild mail' => 'bangun kembali mail', + 'rebuild db' => 'bangun kembali db', + 'rebuild cron' => 'bangun kembali cron', 'update counters' => 'perbarui penghitung', 'suspend' => 'tangguhkan', 'unsuspend' => 'batalkan penangguhan', @@ -90,7 +88,7 @@ $LANG['id'] = array( 'logout' => 'keluar', 'edit' => 'sunting', 'open webstats' => 'buka webstats', - 'view logs' => 'lihat catatan', + 'view logs' => 'lihat log', 'list records' => 'daftar %s records', 'add record' => 'tambah record', 'list accounts' => 'daftar %s akun', @@ -110,12 +108,12 @@ $LANG['id'] = array( 'reread IP' => 'baca ulang IP', 'enable autoupdate' => 'mengaktifkan autoupdate', 'disable autoupdate' => 'menonaktifkan autoupdate', - 'turn on notifications' => 'mengaktifkan notifik.', - 'turn off notifications' => 'menonaktifkan notifik.', - 'configure' => 'configure', + 'turn on notifications' => 'mengaktifkan notifikasi.', + 'turn off notifications' => 'menonaktifkan notifikasi.', + 'configure' => 'konfigurasi', - 'Adding User' => 'Menambah User', - 'Editing User' => 'Menyunting User', + 'Adding User' => 'Menambah Pengguna', + 'Editing User' => 'Menyunting Pengguna', 'Adding Domain' => 'Menambah Domain', 'Editing Domain' => 'Menyunting Domain', 'Adding DNS Domain' => 'Menambah DNS Domain', @@ -147,7 +145,7 @@ $LANG['id'] = array( 'suspended' => 'ditangguhkan', 'running' => 'berjalan', 'stopped' => 'berhenti', - 'outdated' => 'kadarluasa', + 'outdated' => 'kadaluarsa', 'updated' => 'perbarui', 'yes' => 'ya', @@ -162,20 +160,20 @@ $LANG['id'] = array( 'day' => 'hari', 'days' => ' hari', 'hours' => ' jam', - 'minutes' => ' jam', - 'month' => ' month', + 'minutes' => ' menit', + 'month' => ' bulan', 'package' => 'paket', 'Bandwidth' => 'Bandwidth', - 'Disk' => 'Cakram', + 'Disk' => 'Diska', 'Web' => 'Web', 'Mail' => 'Mail', 'Databases' => 'Basis Data', 'User Directories' => 'Direktori Pengguna', - 'Template' => 'Contoh', - 'Web Template' => 'Contoh Web', - 'Backend Template' => 'Contoh Backend', - 'Proxy Template' =>'Contoh Proxy', - 'DNS Template' => 'Contoh DNS', + 'Template' => 'Template', + 'Web Template' => 'Template Web', + 'Backend Template' => 'Template Backend', + 'Proxy Template' =>'Template Proxy', + 'DNS Template' => 'Template DNS', 'Web Domains' => 'Web Domains', 'SSL Domains' => 'SSL Domains', 'Web Aliases' => 'Web Aliases', @@ -185,20 +183,20 @@ $LANG['id'] = array( 'DNS records' => 'DNS records', 'Name Servers' => 'Name Servers', 'Mail Domains' => 'Mail Domains', - 'Mail Accounts' => 'Para Pengguna Mail', + 'Mail Accounts' => 'Akun mail', 'Cron Jobs' => 'Cron Jobs', 'SSH Access' => 'Akses SSH', - 'IP Address' => 'IP Address', + 'IP Address' => 'Alamat IP', 'IP Addresses' => 'Alamat IP', 'Backups' => 'Cadangkan', - 'Backup System' => 'Cadangkan System', - 'backup exclusions' => 'pengecualian', - 'template' => 'kerangka', + 'Backup System' => 'Cadangkan Sistem', + 'backup exclusions' => 'pengecualian Cadangan', + 'template' => 'template', 'SSL Support' => 'Dukungan SSL', - 'SSL Home Directory' => 'Direktori SSL Home', - 'Lets Encrypt Support' => 'Lets Encrypt Support', + 'SSL Home Directory' => 'Direktori Home SSL', + 'Lets Encrypt Support' => 'Dukungan Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', + 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikat anda akan otomatis didapat dalam 5 menit', 'Proxy Support' => 'Dukungan Proxy', 'Proxy Extensions' => 'Ekstensi Proxy', 'Web Statistics' => 'Statistik Web', @@ -206,7 +204,7 @@ $LANG['id'] = array( 'Path' => 'Path', 'SOA' => 'SOA', 'TTL' => 'TTL', - 'Expire' => 'Kadarluasa', + 'Expire' => 'Expire', 'Records' => 'Records', 'Serial' => 'Serial', 'Catchall email' => 'Catchall email', @@ -217,18 +215,18 @@ $LANG['id'] = array( 'Quota' => 'Kuota', 'Autoreply' => 'Balasan Otomatis', 'Forward to' => 'Teruskan ke', - 'Do not store forwarded mail' => 'Email terusan-nya jangan disimpan', - 'IMAP hostname' => 'IMAP hostname', - 'IMAP port' => 'IMAP port', - 'IMAP security' => 'IMAP security', - 'IMAP auth method' => 'IMAP auth method', - 'SMTP hostname' => 'SMTP hostname', - 'SMTP port' => 'SMTP port', - 'SMTP security' => 'SMTP security', - 'SMTP auth method' => 'SMTP auth method', + 'Do not store forwarded mail' => 'Jangan simpan terusan surel', + 'IMAP hostname' => 'hostname IMAP', + 'IMAP port' => 'port IMAP', + 'IMAP security' => 'keamanan IMAP', + 'IMAP auth method' => 'metode autentikasi IMAP', + 'SMTP hostname' => 'hostname SMTP', + 'SMTP port' => 'port SMTP', + 'SMTP security' => 'keamanan SMTP', + 'SMTP auth method' => 'metode autentikasi SMTP', 'STARTTLS' => 'STARTTLS', - 'Normal password' => 'Normal password', - 'database' => 'basisdata', + 'Normal password' => 'kata sandi', + 'database' => 'basis data', 'User' => 'Pengguna', 'Host' => 'Host', 'Charset' => 'Charset', @@ -249,14 +247,14 @@ $LANG['id'] = array( 'Users' => 'Para Pengguna', 'Load Average' => 'Rata2 Pemuatan', 'Memory Usage' => 'Penggunaan Memori', - 'APACHE2 Usage' => 'APACHE2 Usage', + 'APACHE2 Usage' => 'Penggunaan APACHE2', 'HTTPD Usage' => 'Penggunaan HTTPD', 'NGINX Usage' => 'Penggunaan NGINX', 'MySQL Usage on localhost' => 'Penggunaan MySQL di localhost', 'PostgreSQL Usage on localhost' => 'Penggunaan PostgreSQL di localhost', 'Bandwidth Usage eth0' => 'Penggunaan Bandwidth eth0', 'Bandwidth Usage eth1' => 'Penggunaan Bandwidth eth1', - 'Exim Usage' => 'Exim Usage', + 'Exim Usage' => 'Penggunaan Exim', 'FTP Usage' => 'Penggunaan FTP', 'SSH Usage' => 'Penggunaan SSH', 'reverse proxy' => 'reverse proxy', @@ -266,7 +264,7 @@ $LANG['id'] = array( 'pop/imap server' => 'server pop/imap', 'email antivirus' => 'email antivirus', 'email antispam' => 'email antispam', - 'database server' => 'server basisdata', + 'database server' => 'server basis data', 'ftp server' => 'server ftp', 'job scheduler' => 'jadwal pekerjaan', 'firewall' => 'firewall', @@ -282,20 +280,20 @@ $LANG['id'] = array( 'Architecture' => 'Arsitektur', 'Object' => 'Objek', 'Username' => 'Nama Pengguna', - 'Password' => 'Katakunci', + 'Password' => 'Kata sandi', 'Email' => 'Email', 'Package' => 'Paket', 'Language' => 'Bahasa', 'First Name' => 'Nama Depan', 'Last Name' => 'Nama Belakang', - 'Send login credentials to email address' => 'Kirim mandat login ke alamat email', - 'Default Template' => 'Contoh Standar', - 'Default Name Servers' => 'Standar Name Servers', + 'Send login credentials to email address' => 'Kirim kredensial login ke alamat email', + 'Default Template' => 'Template Standar', + 'Default Name Servers' => 'Name Servers Standar', 'Domain' => 'Domain', 'DNS Support' => 'Dukungan DNS', 'Mail Support' => 'Dukungan Mail', 'Advanced options' => 'Opsi lanjutan', - 'Basic options' => 'Basic options', + 'Basic options' => 'Opsi Dasar', 'Aliases' => 'Alias', 'SSL Certificate' => 'Sertifikat SSL', 'SSL Key' => 'Kunci SSL', @@ -306,20 +304,20 @@ $LANG['id'] = array( 'Statistics Authorization' => 'Statistik Otoritas', 'Statistics Auth' => 'Statistik Otoritas', 'Account' => 'Pengguna', - 'Prefix will be automaticaly added to username' => 'Awalan % s nantinya ditambahin otomatis ke nama pengguna', - 'Send FTP credentials to email' => 'Kirim mandat FTP ke email', - 'Expiration Date' => 'Tanggal Kadarluasa', + 'Prefix will be automaticaly added to username' => 'Prefix %s nantinya ditambahin otomatis ke nama pengguna', + 'Send FTP credentials to email' => 'Kirim kredensial FTP ke email', + 'Expiration Date' => 'Tanggal Kadaluarsa', 'YYYY-MM-DD' => 'YYYY-MM-DD', - 'Name servers' => 'Name servers', + 'Name servers' => 'Name server', 'Record' => 'Record', - 'IP or Value' => 'IP or Nilai', + 'IP or Value' => 'Alamat IP atau Nilai', 'Priority' => 'Prioritas', - 'Record Number' => 'Nomer Record', + 'Record Number' => 'Nomor Record', 'in megabytes' => 'dalam megabytes', - 'Message' => 'PEsan', - 'use local-part' => 'gunakan local-part', + 'Message' => 'Pesan', + 'use local-part' => 'gunakan part lokal', 'one or more email addresses' => 'satu atau lebih alamat email', - 'Prefix will be automaticaly added to database name and database user' => 'Awalan %s nantinya ditambahin otomatis ke nama dan pengguna basisdata', + 'Prefix will be automaticaly added to database name and database user' => 'Prefix %s akan otomatis ditambahkan ke nama basis data dan pengguna basis data', 'Database' => 'Basis Data', 'Type' => 'Jenis', 'Minute' => 'Menit', @@ -338,19 +336,19 @@ $LANG['id'] = array( 'mail domains' => 'mail domains', 'mail accounts' => 'mail accounts', 'accounts' => 'akun-akun', - 'databases' => 'basisdata', + 'databases' => 'basis data', 'cron jobs' => 'cron jobs', - 'backups' => 'cadangan-cadangan', + 'backups' => 'cadangan', 'quota' => 'kuota', 'day of week' => 'hari dalam seminggu', 'cmd' => 'cmd', - 'users' => 'pengguna-pengguna', + 'users' => 'pengguna', 'domains' => 'domains', 'aliases' => 'aliases', 'records' => 'records', 'jobs' => 'jobs', - 'username' => 'namapengguna', - 'password' => 'katakunci', + 'username' => 'nama pengguna', + 'password' => 'kata sandi', 'type' => 'tipe', 'charset' => 'charset', 'domain' => 'domain', @@ -362,17 +360,17 @@ $LANG['id'] = array( 'assigned user' => 'pengguna yg ditetapkan', 'ns1' => 'ns1', 'ns2' => 'ns2', - 'user' => 'user', + 'user' => 'pengguna', 'email' => 'email', 'first name' => 'nama depan', 'last name' => 'nama belakang', 'account' => 'akun', 'ssl certificate' => 'sertifikat ssl', 'ssl key' => 'kunci ssl', - 'stats user password' => 'stats namapengguna katakunci', - 'stats username' => 'stats namapengguna', - 'stats password' => 'stats katakunci', - 'ftp user password' => 'ftp namapengguna katakunci', + 'stats user password' => 'stats nama pengguna kata sandi', + 'stats username' => 'stats nama pengguna', + 'stats password' => 'stats kata sandi', + 'ftp user password' => 'ftp nama pengguna kata sandi', 'ftp user' => 'ftp pengguna', 'Last 70 lines of %s.%s.log' => '70 baris terakhir dari %s.%s.log', 'AccessLog' => 'AccessLog', @@ -380,26 +378,26 @@ $LANG['id'] = array( 'Download AccessLog' => 'Unduh AccessLog', 'Download ErrorLog' => 'Unduh ErrorLog', 'Country' => 'Negara', - '2 letter code' => '2 kode surat', - 'State / Province' => 'Propinsi', + '2 letter code' => '2 kode negara', + 'State / Province' => 'Provinsi', 'City / Locality' => 'Kota', 'Organization' => 'Organisasi', - 'Action' => 'Action', + 'Action' => 'Aksi', 'Protocol' => 'Protokol', 'Port' => 'Port', 'Comment' => 'Komentar', - 'Banlist' => 'Banlist', + 'Banlist' => 'list blokir', 'ranges are acceptable' => 'rentang yang diperbolehkan', - 'CIDR format is supported' => 'Format CIDR didukung', - 'ACCEPT' => 'ACCEPT', - 'DROP' => 'DROP', + 'CIDR format is supported' => 'Format CIDR yang didukung', + 'ACCEPT' => 'TERIMA', + 'DROP' => 'BLOKIR', 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP' => 'ICMP', 'SSH' => 'SSH', 'FTP' => 'FTP', 'VESTA' => 'VESTA', - 'Add one more Name Server' => 'Add one more Name Server', + 'Add one more Name Server' => 'Tambah satu atau lebih Name Server', 'web domain' => 'web domain', 'dns domain' => 'dns domain', @@ -409,7 +407,7 @@ $LANG['id'] = array( 'cron job' => 'cron job', 'cron' => 'cron', - 'user dir' => 'user dir', + 'user dir' => 'dir pengguna', 'unlimited' => 'tidak terbatas', '1 account' => '1 pengguna', @@ -441,75 +439,75 @@ $LANG['id'] = array( 'no exclusions' => 'tidak ada pengecualian', '1 rule' => '1 aturan', '%s rules' => '%s aturan', - 'There are no currently banned IP' => 'Tidak dilarang IP', + 'There are no currently banned IP' => 'Saat ini tidak ada IP yang diblokir', - 'USER_CREATED_OK' => 'Pengguna %s udah berhasil dibikin', - 'WEB_DOMAIN_CREATED_OK' => 'Domain %s udah berhasil dibikin.', - 'DNS_DOMAIN_CREATED_OK' => 'Domain DNS%s udah berhasil dibikin.', - 'DNS_RECORD_CREATED_OK' => 'Record %s.%s udah berhasil dibikin.', - 'MAIL_DOMAIN_CREATED_OK' => 'Domain Mail %s udah berhasil dibikin.', - 'MAIL_ACCOUNT_CREATED_OK' => 'Akun Mail %s@%s udah berhasil dibikin', - 'DATABASE_CREATED_OK' => 'Database %s udah berhasil dibikin', - 'CRON_CREATED_OK' => 'Cron job udah berhasil dibuat.', - 'IP_CREATED_OK' => 'Alamat IP %s udah berhasil dibikin.', - 'PACKAGE_CREATED_OK' => 'Paket %s udah berhasil dibikin.', - 'SSL_GENERATED_OK' => 'Sertifikat udah berhasil dihasilkan.', - 'RULE_CREATED_OK' => 'Aturan udah berhasil dibikin.', - 'BANLIST_CREATED_OK' => 'IP address has been banned successfully', - 'Autoupdate has been successfully enabled' => 'Autoupdate sukses diaktifkan', + 'USER_CREATED_OK' => 'Pengguna %s telah berhasil dibuat', + 'WEB_DOMAIN_CREATED_OK' => 'Domain %s telah berhasil dibuat.', + 'DNS_DOMAIN_CREATED_OK' => 'Domain DNS%s telah berhasil dibuat.', + 'DNS_RECORD_CREATED_OK' => 'Record %s.%s telah berhasil dibuat.', + 'MAIL_DOMAIN_CREATED_OK' => 'Domain Mail %s telah berhasil dibuat.', + 'MAIL_ACCOUNT_CREATED_OK' => 'Akun Mail %s@%s telah berhasil dibuat', + 'DATABASE_CREATED_OK' => 'Basis data %s telah berhasi dibuat', + 'CRON_CREATED_OK' => 'Cron job telah berhasil dibuat.', + 'IP_CREATED_OK' => 'Alamat IP %s telah berhasil dibuat.', + 'PACKAGE_CREATED_OK' => 'Paket %s telah berhasil dibuat.', + 'SSL_GENERATED_OK' => 'Sertifikat telah berhasil didapatkan.', + 'RULE_CREATED_OK' => 'Aturan Telah berhasil dibuat.', + 'BANLIST_CREATED_OK' => 'Alamat IP telah berhasil diblokir', + 'Autoupdate has been successfully enabled' => 'Autoupdate telah diaktifkan', 'Autoupdate has been successfully disabled' => 'Autoupdate telah dinonaktifkan', 'Cronjob email reporting has been successfully enabled' => 'Pelaporan cronjob telah berhasil diaktifkan', 'Cronjob email reporting has been successfully disabled' => 'Pelaporan cronjob telah berhasil dinonaktifkan', - 'Changes has been saved.' => 'Perubahan udah disimpan.', + 'Changes has been saved.' => 'Perubahan telah disimpan.', 'Confirmation' => 'Konfirmasi', - 'DELETE_USER_CONFIRMATION' => 'Yakin pengguna %s mau dihapus nih?', - 'SUSPEND_USER_CONFIRMATION' => 'Yakin pengguna %s mau ditangguhkan nih?', - 'UNSUSPEND_USER_CONFIRMATION' => 'Yakin mau batalin penangguhan pengguna %s?', - 'DELETE_DOMAIN_CONFIRMATION' => 'Domain %s beneran mau dihapus?', - 'SUSPEND_DOMAIN_CONFIRMATION' => 'Domain %s beneran mau ditangguhin?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'Penangguhan Domain %s mau dibatalin. Yakin?', - 'DELETE_RECORD_CONFIRMATION' => 'Record %s mau dihapus?', - 'SUSPEND_RECORD_CONFIRMATION' => 'Record %s mau ditangguhin?', - 'UNSUSPEND_RECORD_CONFIRMATION' => 'Batalin penagguhan record %s. Yakin?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'Beneran mau ngapus %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '%s mau ditangguhkan nih?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'Yakin mau batalin penangguhan %s?', - 'DELETE_DATABASE_CONFIRMATION' => 'Basisdata mau dihhapus %s, Beneran?', - 'SUSPEND_DATABASE_CONFIRMATION' => 'Basisdata %s beneran mau ditangguhin?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => 'Penangguhan Basisdata %s mau dibatalin. Yakin?', - 'DELETE_CRON_CONFIRMATION' => 'Yakin mau dihapus?', - 'SUSPEND_CRON_CONFIRMATION' => 'Yakin mau ditangguhin?', - 'UNSUSPEND_CRON_CONFIRMATION' => 'Yakin mau batalin penangguhan?', - 'DELETE_BACKUP_CONFIRMATION' => 'Cadangan %s mau dihapus, serius?', - 'DELETE_EXCLUSION_CONFIRMATION' => 'Pengecualian %s mau dihapus?', - 'DELETE_PACKAGE_CONFIRMATION' => 'Paket %s mau dihapus?', - 'DELETE_IP_CONFIRMATION' => 'Alamat IP %s beneran mau dihapus?', - 'DELETE_RULE_CONFIRMATION' => 'Aturan #%s beneran mau dihapus?', - 'SUSPEND_RULE_CONFIRMATION' => 'Aturan #%s beneran mau ditangguhin?', - 'UNSUSPEND_RULE_CONFIRMATION' => 'Penangguhan aturan #%s mau dibatalin. Yakin?', - 'LEAVE_PAGE_CONFIRMATION' => 'Leave Page?', - 'RESTART_CONFIRMATION' => '%s mau me-restart?', + 'DELETE_USER_CONFIRMATION' => 'Apakah anda yakin akan menghapus pengguna %s ?', + 'SUSPEND_USER_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan pengguna %s ?', + 'UNSUSPEND_USER_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan pengguna %s?', + 'DELETE_DOMAIN_CONFIRMATION' => 'Apakah anda yakin akan menghapus Domain %s ?', + 'SUSPEND_DOMAIN_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan domain %s ?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan domain %s ?', + 'DELETE_RECORD_CONFIRMATION' => 'Apakah anda yakin akan menghapus record %s ?', + 'SUSPEND_RECORD_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan record %s ?', + 'UNSUSPEND_RECORD_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan record %s ?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'Apakah anda yakin akan menghapus surel %s?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan surel %s ?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan surel %s?', + 'DELETE_DATABASE_CONFIRMATION' => 'Apakah anda yakin akan menghapus basis data %s ?', + 'SUSPEND_DATABASE_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan basis data %s ?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan basis data %s ?', + 'DELETE_CRON_CONFIRMATION' => 'Apakah anda yakin akan menghapus cron ?', + 'SUSPEND_CRON_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan cron ?', + 'UNSUSPEND_CRON_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan cron ?', + 'DELETE_BACKUP_CONFIRMATION' => 'Apakah anda yakin akan menghapus Cadangan %s ?', + 'DELETE_EXCLUSION_CONFIRMATION' => 'Apakah anda yakin akan menghapus Pengecualian %s ?', + 'DELETE_PACKAGE_CONFIRMATION' => 'Apakah anda yakin akan menghapus Paket %s ?', + 'DELETE_IP_CONFIRMATION' => 'Apakah anda yakin akan menghapus Alamat IP %s ?', + 'DELETE_RULE_CONFIRMATION' => 'Apakah anda yakin akan menghapus Aturan #%s ?', + 'SUSPEND_RULE_CONFIRMATION' => 'Apakah anda yakin akan menangguhkan Aturan #%s ?', + 'UNSUSPEND_RULE_CONFIRMATION' => 'Apakah anda yakin akan membatalkan penangguhan aturan #%s ?', + 'LEAVE_PAGE_CONFIRMATION' => 'Tinggalkan halaman?', + 'RESTART_CONFIRMATION' => 'Apakah anda yakin ingin me-restart %s?', 'Welcome' => 'Selamat Datang', 'LOGGED_IN_AS' => 'Masuk sebagai pengguna %s', 'Error' => 'Kesalahan', - 'Invalid username or password' => 'Nama pengguna atau katakunci salah', + 'Invalid username or password' => 'Nama pengguna atau kata sandi salah', 'Invalid username or code' => 'Kode atau nama pengguna salah', - 'Passwords not match' => 'Katakunci ngga sama', - 'Please enter valid email address.' => 'Masukkan alamat email yg valid.', - 'Field "%s" can not be blank.' => 'Field "%s" ga boleh kosong.', - 'Password is too short.' => 'Katakunci kependekan (paling dikit 6 huruf)', + 'Passwords not match' => 'Kata sandi tidak sama', + 'Please enter valid email address.' => 'Masukkan alamat surel yang valid.', + 'Field "%s" can not be blank.' => 'Field "%s" tidak boleh kosong.', + 'Password is too short.' => 'Kata sandi terlalu pendek (minimal 6 karakter)', 'Error code:' => 'Kode kesalahan: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" gagal', - 'IP address is in use' => 'Alamat IP udah ada yang pake', - 'BACKUP_SCHEDULED' => 'Tugas udah ditambahin ke antrian. Nanti email pemberitahuan dikirim kalo backup-an sudah siap di unduh.', - 'BACKUP_EXISTS' => 'Backup lagi berjalan. Tunggu dulu sampe selesai.', - 'RESTORE_SCHEDULED' => 'Tugas udah ditambahin ke antrian. Nanti email pemberitahuan dikirim kalo backup-an sudah siap di unduh.', - 'RESTORE_EXISTS' => 'Tugas pengembalian lagi jalan. Tunggu ampe selesai baru jalanin lagi.', + 'IP address is in use' => 'Alamat IP sudah digunakan', + 'BACKUP_SCHEDULED' => 'Tugas sudah ditambahkan ke antrian. email pemberitahuan akan dikirim ketika cadangan telah siap diunduh.', + 'BACKUP_EXISTS' => 'Proses mencadangkan sedang berjalan. silahkan tunggu hingga selesai.', + 'RESTORE_SCHEDULED' => 'Tugas sudah ditambahkan ke antrian. email pemberitahuan akan dikirim ketika cadangan telah siap diunduh.', + 'RESTORE_EXISTS' => 'Tugas pengembalian sedang berjalan. Silahkan tunggu hingga selesai.', 'WEB_EXCLUSIONS' => 'Ketik nama domain, satu domain perbaris. Untuk pengecualian semua domain gunakan karakter *. Untuk pengecualian spesifik direktori gunakan format : domain.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'Ketik nama domain, satu domain perbaris. Untuk pengecualian semua domain gunakan karakter *.', 'MAIL_EXCLUSIONS' => 'Ketik nama domain, satu domain perbaris. Untuk pengecualian semua domain gunakan karakter *. Untuk pengecualian spesifik direktori gunakan format : domain.com:info:support:postmaster', - 'DB_EXCLUSIONS' => 'Ketik nama database, satu database per baris. Untuk pengecualian semua databases gunakan *', + 'DB_EXCLUSIONS' => 'Ketik nama basis data, satu basis data per baris. Untuk pengecualian semua databases gunakan *', 'CRON_EXCLUSIONS' => 'Untuk pengecualian semua JOBS gunakan *', 'USER_EXCLUSIONS' => 'Ketik nama direktori, satu direktori per baris. Untuk pengecualian semua direktori gunakan karakter *', @@ -517,37 +515,37 @@ $LANG['id'] = array( 'MAIL_FROM' => 'Panel Kontrol Vesta ', 'GREETINGS_GORDON_FREEMAN' => "Hai, %s %s,\n", 'GREETINGS' => "Hai,\n", - 'ACCOUNT_READY' => "Akun kamu sudah dibuat dan siap dipakai.\n\nhttps://%s/login/\nNamapengguna: %s\nKatakunci: %s\n\n--\nPanel Kontrol Vesta\n", + 'ACCOUNT_READY' => "Akun telah dibuat dan siap digunakan.\n\nhttps://%s/login/\nNama pengguna: %s\nKata sandi: %s\n\n--\nPanel Kontrol Vesta\n", - 'FTP login credentials' => 'Mandat untuk masuk FTP', - 'FTP_ACCOUNT_READY' => "Akun FTP kamu sudah dibuat dan siap dipakai.\n\nHostname: %s\nNamapengguna: %s_%s\nKatakunci: %s\n\n--\nPanel Kontrol Vesta\n", + 'FTP login credentials' => 'Kredensial untuk masuk FTP', + 'FTP_ACCOUNT_READY' => "Akun FTP telah dibuat dan siap digunakan.\n\nHostname: %s\nNama pengguna: %s_%s\nKata sandi: %s\n\n--\nPanel Kontrol Vesta\n", - 'Database Credentials' => 'Database Credentials', - 'DATABASE_READY' => "Basisdata udah berhasil dibikinin.\n\nDatabase: %s\nPengguna: %s\nKatakunci: %s\n%s\n\n--\nPanel Kontrol Vesta\n", + 'Database Credentials' => 'Kredensial Basis Data', + 'DATABASE_READY' => "Basis data telah berhasil dibuat.\n\nBasis data: %s\nNama pengguna: %s\nKata sandi: %s\n%s\n\n--\nPanel Kontrol Vesta\n", - 'forgot password' => 'lupa katakunci', + 'forgot password' => 'lupa kata sandi', 'Confirm' => 'Konfirmasi', - 'New Password' => 'Katakunci', - 'Confirm Password' => 'Konfirmasi Katakunci', + 'New Password' => 'Kata Sandi Baru', + 'Confirm Password' => 'Konfirmasi Kata Sandi', 'Reset' => 'Reset', 'Reset Code' => 'Reset Kode', 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => 'Kode katakunci buat me-reset udah dikirim ke email
', - 'MAIL_RESET_SUBJECT' => 'Katakunci di-reset pada %s', - 'PASSWORD_RESET_REQUEST' => "Kalo mau reset katakunci panel kontrol, klik aja tautan ini:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nAlternatively, kalo ngga ke https://%s/reset/?action=code&user=%s terus masukin kode reset-nya:\n%s\n\nKalau emang kamu ga minta reset katakunci pesan ini abaikan aja, dan maaf ya....\n\n--\nPanel Kontrol Vesta\n", + 'RESET_CODE_SENT' => 'Kode kata sandi untuk me-reset sudah dikirim ke surel
', + 'MAIL_RESET_SUBJECT' => 'Kata sandi di-reset pada %s', + 'PASSWORD_RESET_REQUEST' => "Untuk me-reset kata sandi, silahkan klik tautan ini:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\natau ke https://%s/reset/?action=code&user=%s lalu masukan kode reset-nya:\n%s\n\nJika anda tidak meminta untuk me-reset kata sandi, silahkan abaikan pesan ini.\n\n--\nPanel Kontrol Vesta\n", 'Jan' => 'Jan', 'Feb' => 'Feb', 'Mar' => 'Mar', 'Apr' => 'Apr', - 'May' => 'May', + 'May' => 'Mei', 'Jun' => 'Jun', 'Jul' => 'Jul', - 'Aug' => 'Aug', + 'Aug' => 'Agu', 'Sep' => 'Sep', - 'Oct' => 'Oct', + 'Oct' => 'Okt', 'Nov' => 'Nov', - 'Dec' => 'Dec', + 'Dec' => 'Des', 'Configuring Server' => 'Konfigurasi Server', 'Hostname' => 'Nama Host', @@ -556,27 +554,28 @@ $LANG['id'] = array( 'Proxy Server' => 'Proxy Server', 'Web Server' => 'Web Server', 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', + 'Backend Pool Mode' => 'Mode Backend Pool', 'DNS Server' => 'DNS Server', 'DNS Cluster' => 'DNS Cluster', 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', 'PostgreSQL Support' => 'PostgreSQL Support', 'phpPgAdmin URL' => 'phpPgAdmin URL', - 'Maximum Number Of Databases' => 'Maximum Number Of Databases', - 'Current Number Of Databases' => 'Current Number Of Databases', - 'Local backup' => 'Local backup', - 'Compression level' => 'Compression level', - 'Directory' => 'Directory', + 'Maximum Number Of Databases' => 'Jumlah maximal basis data', + 'Current Number Of Databases' => 'Jumlah database saat ini', + 'Local backup' => 'Cadangan lokal', + 'Compression level' => 'Tingkat Kompresi', + 'Directory' => 'Direktori', 'Remote backup' => 'Remote backup', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', + 'FileSystem Disk Quota' => 'Kuota Diska FileSystem', 'Vesta Control Panel Plugins' => 'Vesta Control Panel Plugins', 'preview' => 'pratinjau', 'Reseller Role' => 'Aturan Reseller', @@ -584,14 +583,14 @@ $LANG['id'] = array( 'Template Manager' => 'Template Manager', 'Backup Migration Manager' => 'Backup Migration Manager', 'FileManager' => 'FileManager', - 'show: CPU / MEM / NET / DISK' => 'show: CPU / MEM / NET / DISK', + 'show: CPU / MEM / NET / DISK' => 'tampilkan: CPU / MEM / NET / DISK', 'sort by' => 'sortir', 'Date' => 'Tanggal', 'Starred' => 'Bintangi', 'Name' => 'Nama', - 'save to favorites' => 'save to favorites', + 'save to favorites' => 'simpan ke favorit', 'File Manager' => 'File Manager', 'size' => 'ukuran', @@ -603,60 +602,60 @@ $LANG['id'] = array( 'NEW DIR' => 'DIREKTORI BARU', 'DELETE' => 'HAPUS', 'RENAME' => 'GANTI', - 'MOVE' => 'MOVE', - 'RIGHTS' => 'RIGHTS', + 'MOVE' => 'PINDAH', + 'RIGHTS' => 'HAK', 'COPY' => 'SALIN', 'ARCHIVE' => 'ARSIP', 'EXTRACT' => 'EKSTRAK', 'DOWNLOAD' => 'UNDUH', - 'Are you sure?' => 'Are you sure?', + 'Are you sure?' => 'Apakah anda yakin ?', 'Hit' => 'Hit', 'to reload the page' => 'untuk memuat ulang halaman', - 'Directory name cannot be empty' => 'Nama Directory ga boleh kosong', - 'File name cannot be empty' => 'Nama File ga boleh kosong', - 'No file selected' => 'Ga ada file yg dipilih', - 'No file or folder selected' => 'Ga ada file atau folder yg dipilih', - 'File type not supported' => 'Tipe file ga didukung', - 'Directory download not available in current version' => 'Unduh direktori ga tersedia di versi ini', - 'Directory not available' => 'Direktori ga tersedia', - 'Done' => 'Sudah Selesai', + 'Directory name cannot be empty' => 'Nama Direktori tidak boleh kosong', + 'File name cannot be empty' => 'Nama File tidak boleh kosong', + 'No file selected' => 'Tidak ada file yang dipilih', + 'No file or folder selected' => 'Tidak ada file atau folder yg dipilih', + 'File type not supported' => 'Tipe file tidak didukung', + 'Directory download not available in current version' => 'Direktori Unduh tidak tersedia di versi ini', + 'Directory not available' => 'Direktori tidak tersedia', + 'Done' => 'Selesai', 'Close' => 'Tutup', 'Copy' => 'Salin', 'Cancel' => 'Batal', 'Rename' => 'Ganti nama', - 'Move' => 'Move', - 'Change Rights' => 'Change Rights', + 'Move' => 'Pindah', + 'Change Rights' => 'Ganti Hak', 'Delete' => 'Hapus', 'Extract' => 'Ekstrak', 'Create' => 'Buat', 'Compress' => 'Kompres', 'OK' => 'OK', - 'YOU ARE COPYING' => 'YOU ARE COPYING', - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', - 'Delete items' => 'Delete items', - 'Copy files' => 'Copy files', - 'Move files' => 'Move files', - 'Are you sure you want to copy' => 'Yakin mau disalin', - 'Are you sure you want to move' => 'Are you sure you want to move', - 'Are you sure you want to delete' => 'Yakin mau dihapus', + 'YOU ARE COPYING' => 'ANDA MENYALIN', + 'YOU ARE REMOVING' => 'ANDA MENGHAPUS', + 'Delete items' => 'Hapus item', + 'Copy files' => 'Salin file', + 'Move files' => 'Pindah file', + 'Are you sure you want to copy' => 'Apakah anda yakin ingin menyalin', + 'Are you sure you want to move' => 'Apakah anda yakin ingin memindahkan', + 'Are you sure you want to delete' => 'Aapakah anda Yakin ingin menghapus', 'into' => 'ke', - 'existing files will be replaced' => 'file yg sudah ada akan diganti', - 'Original name' => 'Nama original', + 'existing files will be replaced' => 'file yang sudah ada akan diganti', + 'Original name' => 'Nama orisinal', 'File' => 'File', 'already exists' => 'sudah ada', - 'Create file' => 'Bikin file', - 'Create directory' => 'Bikin direktori', - 'read by owner' => 'read by owner', - 'write by owner' => 'write by owner', - 'execute/search by owner' => 'execute/search by owner', - 'read by group' => 'read by group', - 'write by group' => 'write by group', - 'execute/search by group' => 'execute/search by group', - 'read by others' => 'read by others', - 'write by others' => 'write by others', - 'execute/search by others' => 'execute/search by others', + 'Create file' => 'Buat file', + 'Create directory' => 'Buat direktori', + 'read by owner' => 'dibaca oleh owner', + 'write by owner' => 'ditulis oleh owner', + 'execute/search by owner' => 'eksekusi/cari oleh owner', + 'read by group' => 'dibaca oleh grup', + 'write by group' => 'ditulis oleh grup', + 'execute/search by group' => 'ekseskusi/cari oleh grup', + 'read by others' => 'dibaca oleh lainnya', + 'write by others' => 'ditulis oleh lainnya', + 'execute/search by others' => 'ekseskusi/cari oleh lainnya', - 'Shortcuts' => 'Shortcuts', + 'Shortcuts' => 'Pintasan', 'Add New object' => 'Tambah objek baru', 'Save Form' => 'Simpan Formulir', 'Cancel saving form' => 'Batalkan penyimpanan form', @@ -682,58 +681,58 @@ $LANG['id'] = array( 'Archive' => 'Arsip', 'Save File (in text editor)' => 'Simpan File (di text editor)', 'Close Popup / Cancel' => 'Tutup Popup / Batal', - 'Move Cursor Up' => 'Pindahkan kursur keatas', - 'Move Cursor Down' => 'Pindahkan kursur kebawah', + 'Move Cursor Up' => 'Pindahkan kursor keatas', + 'Move Cursor Down' => 'Pindahkan kursor kebawah', 'Switch to Left Tab' => 'Pindah ke tab kiri', 'Switch to Right Tab' => 'Pindah ke tab kanan', 'Switch Tab' => 'Pindah Tab', 'Go to the Top of the File List' => 'Pindah Ke atas dari Daftar File', 'Go to the Last File' => 'Pindah File terakhir', - 'Open File / Enter Directory' => 'Buka File/Masuk ke Directory', - 'Edit File' => 'Edit File', - 'Go to Parent Directory' => 'Ke Parent Directory', + 'Open File / Enter Directory' => 'Buka File/Masuk ke Direktori', + 'Edit File' => 'Sunting File', + 'Go to Parent Directory' => 'Ke Direktori Induk', 'Select Current File' => 'Pilih File ini', 'Select Bunch of Files' => 'Pilih Bunch of Files', 'Add File to the Current Selection' => 'Tambahkan File di Seleksi ini', 'Select All Files' => 'Pilih semua file', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'jalan pintas terinspirasi oleh magnificent GNU Midnight Commander file manager', + 'pintasan terinspirasi oleh magnificent GNU Midnight Commander file manager', - 'Licence Key' => 'Licence Key', - 'Enter License Key' => 'Enter License Key', - 'Buy Licence' => 'Buy Licence', - 'Buy Lifetime License' => 'Buy Lifetime License', - 'Disable and Cancel Licence' => 'Disable and Cancel Licence', - 'Licence Activated' => 'Licence Activated', - 'Licence Deactivated' => 'Licence Deactivated', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restrict users so that they cannot use SSH and access only their home directory.', - 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.', - 'This is a commercial module, you would need to purchace license key to enable it.' => 'This is a commercial module, you would need to purchace license key to enable it.', + 'Licence Key' => 'Lisensi', + 'Enter License Key' => 'Masukan Lisensi', + 'Buy Licence' => 'Beli lisensi', + 'Buy Lifetime License' => 'Beli Lisensi seumur hidup', + 'Disable and Cancel Licence' => 'Nonaktifkan dan batalkan lisensi', + 'Licence Activated' => 'Lisensi telah aktif', + 'Licence Deactivated' => 'Lisensi telah di nonaktifkan', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Batasi pengguna agar tidak dapat menggunakan SSH dan hanya dapat mengakses direktori home.', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Jelajahi, salin, sunting, lihat dan dapatkan semua file web anda menggunakan File Manager.', + 'This is a commercial module, you would need to purchace license key to enable it.' => 'Ini modul komersial, anda perlu membayar lisensi untuk mengaktifkannya.', - 'Minutes' => 'Minutes', - 'Hourly' => 'Hourly', - 'Run Command' => 'Run Command', - 'every month' => 'every month', - 'every odd month' => 'every odd month', - 'every even month' => 'every even month', - 'every day' => 'every day', - 'every odd day' => 'every odd day', - 'every even day' => 'every even day', - 'weekdays (5 days)' => 'weekdays (5 days)', - 'weekend (2 days)' => 'weekend (2 days)', - 'Monday' => 'Monday', - 'Tuesday' => 'Tuesday', - 'Wednesday' => 'Wednesday', - 'Thursday' => 'Thursday', - 'Friday' => 'Friday', - 'Saturday' => 'Saturday', - 'Sunday' => 'Sunday', - 'every hour' => 'every hour', - 'every two hours' => 'every two hours', - 'every minute' => 'every minute', - 'every two minutes' => 'every two minutes', - 'every' => 'every', - 'Generate' => 'Generate', + 'Minutes' => 'Permenit', + 'Hourly' => 'Perhari', + 'Run Command' => 'Jalankan Perintah', + 'every month' => 'setiap bulan', + 'every odd month' => 'setiap bulan ganjil', + 'every even month' => 'setiap bulan sekali', + 'every day' => 'setiap hari', + 'every odd day' => 'setiap hari ganjil', + 'every even day' => 'setiap hari sekali', + 'weekdays (5 days)' => 'hari kerja (5 hari)', + 'weekend (2 days)' => 'akhir pekan (2 hari)', + 'Monday' => 'Senin', + 'Tuesday' => 'Selasa', + 'Wednesday' => 'Rabu', + 'Thursday' => 'Kamis', + 'Friday' => 'Jumat', + 'Saturday' => 'Sabtu', + 'Sunday' => 'Minggu', + 'every hour' => 'setiap jam', + 'every two hours' => 'setiap dua jam', + 'every minute' => 'setiap menit', + 'every two minutes' => 'setiap dua menit', + 'every' => 'setiap', + 'Generate' => 'Hasilkan', 'webalizer' => 'webalizer', 'awstats' => 'awstats', @@ -747,14 +746,14 @@ $LANG['id'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'Gunakan hostname server', + 'Use domain hostname' => 'Gunakan hostname domain', + 'Use STARTTLS' => 'Gunakan STARTTLS', + 'Use SSL / TLS' => 'Gunakan SSL / TLS', + 'No encryption' => 'tidak ada enkripsi', + 'Do not use encryption' => 'Jangan gunakan enkripsi', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'maksimal jumlah karakter %s, termasuk prefix', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Kredensial surel', ); diff --git a/web/inc/i18n/it.php b/web/inc/i18n/it.php index ec7a83d5..1e104c51 100644 --- a/web/inc/i18n/it.php +++ b/web/inc/i18n/it.php @@ -560,6 +560,7 @@ $LANG['it'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ja.php b/web/inc/i18n/ja.php index f2836948..a592fd7b 100644 --- a/web/inc/i18n/ja.php +++ b/web/inc/i18n/ja.php @@ -559,6 +559,7 @@ $LANG['ja'] = array( 'MAIL Server' => 'メールサーバー', 'Antivirus' => 'アンチウイルス', 'AntiSpam' => 'アンチスパム', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'ウェブメールのURL', 'MySQL Support' => 'MySQLのサポート', 'phpMyAdmin URL' => 'phpMyAdminのURL', diff --git a/web/inc/i18n/ka.php b/web/inc/i18n/ka.php index 0ebf2d11..1512e06c 100644 --- a/web/inc/i18n/ka.php +++ b/web/inc/i18n/ka.php @@ -559,6 +559,7 @@ $LANG['ka'] = array( 'MAIL Server' => 'ელფოსტის სერვერი', 'Antivirus' => 'ანტივირუსი', 'AntiSpam' => 'ანტისპამი', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'ვებფოსტის URL', 'MySQL Support' => 'MySQL-ის მხარდაჭერა', 'phpMyAdmin URL' => 'phpMyAdmin-ის URL', @@ -744,14 +745,14 @@ $LANG['ka'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'სერვერის hostname-ის გამოყენება', + 'Use domain hostname' => 'დეომენის hostname-ის გამოყენება', + 'Use STARTTLS' => 'STARTTLS-ის გამოყენება', + 'Use SSL / TLS' => 'SSL / TLS-ის გამოყენება', + 'No encryption' => 'დაშიფრვის გარეშე', + 'Do not use encryption' => 'არ გამოიყენო დაშიფრვა', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'დასაშვებია მაქსიმუმ %s სიმბოლო, პრეფიქსის ჩათვლით', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'რეკვიზიტების ელ-ფოსტით გაგზავნა', ); diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index 5c98950f..1b09de25 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -26,11 +26,11 @@ $LANG['ko'] = array( 'BACKUP' => '백업', 'LOGIN' => '로그인', - 'RESET PASSWORD' => '비밀번호 초기화', + 'RESET PASSWORD' => '비밀번호 재설정', 'SEARCH' => '검색', 'PACKAGE' => '패키지', 'RRD' => 'RRD', - 'STATS' => 'STATS', + 'STATS' => '상태정보', 'LOG' => '기록', 'UPDATES' => '업데이트', 'FIREWALL' => '방화벽', @@ -59,7 +59,7 @@ $LANG['ko'] = array( 'Add Rule' => '규칙 추가', 'Ban IP Address' => 'IP 주소 차단', 'Search' => '검색', - 'Add one more FTP Account' => 'FTP 계정을 하나 추가하기', + 'Add one more FTP Account' => 'FTP 계정을 추가하기', 'Overall Statistics' => '전체 통계', 'Daily' => '매일', 'Weekly' => '매주', @@ -70,7 +70,7 @@ $LANG['ko'] = array( 'Save' => '저장', 'Submit' => '등록', - 'toggle all' => '모두 활성화', + 'toggle all' => '모두 선택', 'apply to selected' => '선택된 것에 적용', 'rebuild' => '리빌드', 'rebuild web' => '웹 리빌드', @@ -139,7 +139,7 @@ $LANG['ko'] = array( 'Editing Firewall Rule' => '방화벽 규칙 편집', 'Adding IP Address to Banlist' => 'IP 주소를 차단 목록에 추가', - 'active' => '활성', + 'active' => '활성화됨', 'spnd' => '정지됨', 'suspended' => '정지됨', 'running' => '작동중', @@ -192,10 +192,10 @@ $LANG['ko'] = array( 'backup exclusions' => '백업 예외', 'template' => '템플릿', 'SSL Support' => 'SSL 지원', - 'SSL Home Directory' => 'SSL 홈', + 'SSL Home Directory' => 'SSL 홈 디렉토리', 'Lets Encrypt Support' => 'Lets Encrypt 지원', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급됩니다', + 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급될 것입니다', 'Proxy Support' => '프록시 지원', 'Proxy Extensions' => '프록시 확장', 'Web Statistics' => '웹 통계', @@ -249,8 +249,8 @@ $LANG['ko'] = array( 'APACHE2 Usage' => 'APACHE2 사용', 'HTTPD Usage' => 'HTTPD 사용', 'NGINX Usage' => 'NGINX 사용', - 'MySQL Usage on localhost' => 'localhost에서의 MySQL 사용', - 'PostgreSQL Usage on localhost' => 'localhost에서의 PostgreSQL 사용', + 'MySQL Usage on localhost' => 'localhost에서 MySQL 사용', + 'PostgreSQL Usage on localhost' => 'localhost에서 PostgreSQL 사용', 'Bandwidth Usage eth0' => 'eth0 대역폭 사용', 'Bandwidth Usage eth1' => 'eth1 대역폭 사용', 'Exim Usage' => 'Exim 사용', @@ -267,7 +267,7 @@ $LANG['ko'] = array( 'ftp server' => 'FTP 서버', 'job scheduler' => '스케줄러 ', 'firewall' => '방화벽', - 'brute-force monitor' => '무차별 공격 모니터', + 'brute-force monitor' => '무차별 대입 공격 모니터', 'CPU' => 'CPU', 'Memory' => '메모리', 'Uptime' => '가동 시간', @@ -285,7 +285,7 @@ $LANG['ko'] = array( 'Language' => '언어', 'First Name' => '이름', 'Last Name' => '성', - 'Send login credentials to email address' => '이메일 주소로 로그인 정보를 보내기', + 'Send login credentials to email address' => '이메일 주소로 로그인 정보 전송', 'Default Template' => '기본 템플릿', 'Default Name Servers' => '기본 네임 서버', 'Domain' => '도메인', @@ -322,7 +322,7 @@ $LANG['ko'] = array( 'Minute' => '분', 'Command' => '명령어', 'Package Name' => '패키지 이름', - 'Netmask' => '넷마슴크', + 'Netmask' => '넷마스크', 'Interface' => '인터페이스', 'Shared' => '공유된', 'Assigned user' => '부여 된 사용자', @@ -356,7 +356,7 @@ $LANG['ko'] = array( 'IP address' => 'IP 주소', 'netmask' => '넷마스크', 'interface' => '인터페이스', - 'assigned user' => '부여 된 사용자', + 'assigned user' => '부여된 사용자', 'ns1' => 'NS1', 'ns2' => 'NS2', 'user' => '사용자', @@ -386,7 +386,7 @@ $LANG['ko'] = array( 'Port' => '포트', 'Comment' => '댓글', 'Banlist' => '차단 목록', - 'ranges are acceptable' => '허용 가능한 범위', + 'ranges are acceptable' => '허용할 수 있는 범위', 'CIDR format is supported' => 'CIDR 형식이 지원됩니다', 'ACCEPT' => '허용', 'DROP' => '드롭', @@ -474,18 +474,18 @@ $LANG['ko'] = array( 'DELETE_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 삭제 하시겠습니까?', 'SUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 정지 시키시겠습니까?', 'UNSUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스의 정지를 해제 하시겠습니까?', - 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시려는게 맞습니까?', - 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시려는게 맞습니까?', - 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시려는게 맞습니까?', - 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시려는게 맞습니까?', + 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시겠습니까?', + 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키겠습니까?', + 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시겠습니까?', + 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시겠습니까?', + 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시겠습니까?', 'DELETE_PACKAGE_CONFIRMATION' => '정말로 %s 패키지를 삭제 하시겠습니까?', 'DELETE_IP_CONFIRMATION' => '정말로 %s IP 주소를 삭제 하시겠습니까?', - 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제하시려는게 맞습니까?', - 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 시키시려는게 맞습니까?', + 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제 하시겠습니까?', + 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 하시겠습니까?', + 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 하시겠습니까?', 'LEAVE_PAGE_CONFIRMATION' => '페이지를 나가시겠습니까?', - 'RESTART_CONFIRMATION' => '%s을/를 재시작 하시려는게 맞습니까?', + 'RESTART_CONFIRMATION' => '%s을(를) 재시작 하시려는게 맞습니까?', 'Welcome' => '환영합니다', 'LOGGED_IN_AS' => '%s 사용자로 로그인 됨', 'Error' => 'Error', @@ -522,7 +522,7 @@ $LANG['ko'] = array( 'Database Credentials' => '데이터베이스 정보', 'DATABASE_READY' => "데이터베이스가 성공적으로 생성되었습니다.\n\데이터베이스: %s\n사용자: %s\n비밀번호: %s\n\n--\nVesta 제어판\n", - 'forgot password' => '비밀번호 잊기', + 'forgot password' => '비밀번호 잊음', 'Confirm' => '확인', 'New Password' => '새 비밀번호', 'Confirm Password' => '비밀번호 확인', @@ -531,7 +531,7 @@ $LANG['ko'] = array( 'RESET_NOTICE' => '', 'RESET_CODE_SENT' => '비밀번호 초기화 코드가 이메일 주소로 전송되었습니다
', 'MAIL_RESET_SUBJECT' => '%s에서의 비밀번호 초기화', - 'PASSWORD_RESET_REQUEST' => "제어판 비밀번호를 초기화 하기 위해서, 다음의 링크로 접속해주세요:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n또는, 다음의 주소로 가주시고 https://%s/reset/?action=code&user=%s 다음의 초기화 코드를 입력해주세요:\n%s\n\n만약 비밀번호 초기화를 요청하지 않으셨다면, 이 메시지를 무시해주세요.\n\n--\nVesta 제어판\n", + 'PASSWORD_RESET_REQUEST' => "제어판 비밀번호를 초기화 하기 위해서, 다음의 링크로 접속해주세요:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n또는, 다음의 주소로 간 뒤 https://%s/reset/?action=code&user=%s 다음의 초기화 코드를 입력해주세요:\n%s\n\n만약 비밀번호 초기화를 요청하지 않으셨다면, 이 메시지를 무시해주세요.\n\n--\nVesta 제어판\n", 'Jan' => '1월', 'Feb' => '2월', @@ -557,15 +557,16 @@ $LANG['ko'] = array( 'DNS Server' => 'DNS 서버', 'DNS Cluster' => 'DNS 클러스터', 'MAIL Server' => 'MAIL 서버', - 'Antivirus' => '안티바이러스', - 'AntiSpam' => '안티스팸', + 'Antivirus' => '바이러스 필터링', + 'AntiSpam' => '스팸 필터링', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => '웹메일 주소', 'MySQL Support' => 'MySQL 지원', 'phpMyAdmin URL' => 'phpMyAdmin 주소', 'PostgreSQL Support' => 'PostgreSQL 지원', 'phpPgAdmin URL' => 'phpPgAdmin 주소', - 'Maximum Number Of Databases' => '최대 데이터베이스 숫자', - 'Current Number Of Databases' => '현재 데이터베이스 숫자', + 'Maximum Number Of Databases' => '최대 데이터베이스 개수', + 'Current Number Of Databases' => '현재 데이터베이스 개수', 'Local backup' => '로컬 백업', 'Compression level' => '압축 수준', 'Directory' => '폴더', @@ -633,8 +634,8 @@ $LANG['ko'] = array( 'Delete items' => '항목 삭제', 'Copy files' => '항목 복사', 'Move files' => '항목 이동', - 'Are you sure you want to copy' => '정말 복사하시겠습니까?', - 'Are you sure you want to move' => '정말 이동하시겠습니까?', + 'Are you sure you want to copy' => '정말 복사하시겠습니까', + 'Are you sure you want to move' => '정말 이동하시겠습니까', 'Are you sure you want to delete' => '정말 삭제하시겠습니까', 'into' => '안에', 'existing files will be replaced' => '존재하는 파일들은 대체 될 것입니다', @@ -735,7 +736,7 @@ $LANG['ko'] = array( 'webalizer' => 'Webalizer', 'awstats' => 'Awstats', - 'Vesta SSL' => 'Vesta SSL', + 'Vesta SSL' => 'Vesta 인증서', 'SUBJECT' => '주체', 'ALIASES' => '별칭', 'NOT_BEFORE' => '유효 기간(시작)', @@ -754,5 +755,5 @@ $LANG['ko'] = array( 'maximum characters length, including prefix' => '최대 길이는 접두사를 포함하여 %s자입니다.', 'Email Credentials' => '이메일 자격증명', - + ); diff --git a/web/inc/i18n/nl.php b/web/inc/i18n/nl.php index 40274f5f..851fe46d 100644 --- a/web/inc/i18n/nl.php +++ b/web/inc/i18n/nl.php @@ -16,6 +16,7 @@ $LANG['nl'] = array( 'Services' => 'Processen', 'Firewall' => 'Firewall', 'Updates' => 'Updates', + 'Apps' => 'Applicaties', 'Log in' => 'Inloggen', 'Log out' => 'Uitloggen', @@ -562,6 +563,7 @@ $LANG['nl'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/no.php b/web/inc/i18n/no.php index 45c23f22..fe026f39 100644 --- a/web/inc/i18n/no.php +++ b/web/inc/i18n/no.php @@ -560,6 +560,7 @@ $LANG['no'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pl.php b/web/inc/i18n/pl.php index 23c8016c..e649a22c 100644 --- a/web/inc/i18n/pl.php +++ b/web/inc/i18n/pl.php @@ -560,6 +560,7 @@ $LANG['pl'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pt-BR.php b/web/inc/i18n/pt-BR.php index 686af900..303ae53f 100644 --- a/web/inc/i18n/pt-BR.php +++ b/web/inc/i18n/pt-BR.php @@ -559,6 +559,7 @@ $LANG['pt-BR'] = array( 'MAIL Server' => 'Servidor de E-MAIL', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Suporte MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pt.php b/web/inc/i18n/pt.php index ec1eb670..02d3bf51 100644 --- a/web/inc/i18n/pt.php +++ b/web/inc/i18n/pt.php @@ -559,6 +559,7 @@ $LANG['pt'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ro.php b/web/inc/i18n/ro.php index 0a9e93e3..5b70f5d5 100644 --- a/web/inc/i18n/ro.php +++ b/web/inc/i18n/ro.php @@ -561,6 +561,7 @@ $LANG['ro'] = array( 'MAIL Server' => 'Server MAIL', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Foloseşte certificatul SSL din domeniul WEB', 'Webmail URL' => 'URL Webmail', 'MySQL Support' => 'Suport MySQL', 'phpMyAdmin URL' => 'URL phpMyAdmin', diff --git a/web/inc/i18n/ru.php b/web/inc/i18n/ru.php index 22a9b645..58829fad 100644 --- a/web/inc/i18n/ru.php +++ b/web/inc/i18n/ru.php @@ -63,10 +63,10 @@ $LANG['ru'] = array( 'Search' => 'Поиск', 'Add one more FTP Account' => 'Добавить еще один FTP аккаунт', 'Overall Statistics' => 'Сводная статистика', - 'Daily' => 'Ежедневно', - 'Weekly' => 'Еженедельно', - 'Monthly' => 'Ежемесячно', - 'Yearly' => 'Ежегодно', + 'Daily' => 'День', + 'Weekly' => 'Неделя', + 'Monthly' => 'Месяц', + 'Yearly' => 'Год', 'Add' => 'Добавить', 'Back' => 'Назад', 'Save' => 'Сохранить', @@ -561,6 +561,7 @@ $LANG['ru'] = array( 'MAIL Server' => 'MAIL Сервер', 'Antivirus' => 'Антивирус', 'AntiSpam' => 'АнтиСпам', + 'Use Web Domain SSL Certificate' => 'Использовать SSL сертификат веб домена', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Поддержка MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/se.php b/web/inc/i18n/se.php index 87bb1910..96c5af9c 100644 --- a/web/inc/i18n/se.php +++ b/web/inc/i18n/se.php @@ -559,6 +559,7 @@ $LANG['se'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/sr.php b/web/inc/i18n/sr.php index 50dc766d..2b91b293 100644 --- a/web/inc/i18n/sr.php +++ b/web/inc/i18n/sr.php @@ -1,7 +1,7 @@ 'Dobrodošli', 'LOGGED_IN_AS' => 'Ulogovani ste kao %s', 'Error' => 'Greška', - 'Invalid username or password' => 'Pogrešani login podaci', + 'Invalid username or password' => 'Pogrešni login podaci', 'Invalid username or code' => 'Pogrešno korisničko ime ili kod', 'Passwords not match' => 'Passwordi se ne poklapaju', 'Please enter valid email address.' => 'Potrebno je uneti validnu email adresu.', @@ -512,8 +512,8 @@ $LANG['sr'] = array( 'Welcome to Vesta Control Panel' => 'Dobrodošli u Vesta kontrolni panel', 'MAIL_FROM' => 'Vesta kontrolni panel ', - 'GREETINGS_GORDON_FREEMAN' => "Poštovanje, %s %s,\n", - 'GREETINGS' => "Poštovanje,\n", + 'GREETINGS_GORDON_FREEMAN' => "Poštovani %s %s,\n", + 'GREETINGS' => "Poštovani,\n", 'ACCOUNT_READY' => "Vaš hosting nalog je kreiran i spreman za korišćenje.\n\nhttps://%s/login/\nKorisničko ime: %s\nŠifra: %s\n\n--\nVesta kontrolni panel\n", 'FTP login credentials' => 'FTP podaci', @@ -559,6 +559,7 @@ $LANG['sr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Koristi Web Domain SSL sertifikat', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL podrška', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/th.php b/web/inc/i18n/th.php index 96f23bb5..2878192f 100644 --- a/web/inc/i18n/th.php +++ b/web/inc/i18n/th.php @@ -3,6 +3,7 @@ * Vesta language file * Language: Thai ( Thailand ) * thatphon05@gmail.com + * phinitnan_c@xtony.us */ $LANG['th'] = array( @@ -11,10 +12,10 @@ $LANG['th'] = array( 'IP' => 'IP', 'Graphs' => 'กราฟ', 'Statistics' => 'สถิติ', - 'Log' => 'Log', - 'Server' => 'เซิฟเวอร์', + 'Log' => 'บันทึกเหตุการณ์', + 'Server' => 'เซิร์ฟเวอร์', 'Services' => 'บริการ', - 'Firewall' => 'ไฟร์วอลล์', + 'Firewall' => 'Firewall', 'Updates' => 'อัพเดท', 'Log in' => 'เข้าสู่ระบบ', 'Log out' => 'ออกจากระบบ', @@ -22,47 +23,47 @@ $LANG['th'] = array( 'USER' => 'ผู้ใช้', 'WEB' => 'เว็บ', 'DNS' => 'DNS', - 'MAIL' => 'เมล์', + 'MAIL' => 'เมล', 'DB' => 'ฐานข้อมูล', 'CRON' => 'CRON', 'BACKUP' => 'สำรองข้อมูล', 'LOGIN' => 'เข้าสู่ระบบ', - 'RESET PASSWORD' => 'รีเซ็ตรหัสผ่าน', + 'RESET PASSWORD' => 'ตั้งรหัสผ่านใหม่', 'SEARCH' => 'ค้นหา', 'PACKAGE' => 'แพ็กเกจ', 'RRD' => 'RRD', - 'STATS' => 'STATS', - 'LOG' => 'ล็อก', + 'STATS' => 'สถิติ', + 'LOG' => 'บันทึกเหตุการณ์', 'UPDATES' => 'อัพเดท', - 'FIREWALL' => 'ไฟร์วอลล์', - 'SERVER' => 'เซิฟเวอร์', + 'FIREWALL' => 'FIREWALL', + 'SERVER' => 'เซิร์ฟเวอร์', 'MEMORY' => 'หน่วยความจำ', - 'DISK' => 'พื้นที่จัดเก็บข้อมูล', + 'DISK' => 'พื้นที่เก็บข้อมูล', 'NETWORK' => 'เครือข่าย', - 'Web Log Manager' => 'ตัวจัดการ Web Log', + 'Web Log Manager' => 'ตัวจัดการบันทึกเหตุการณ์เว็บ', 'no notifications' => 'ไม่มีการแจ้งเตือน', 'Add User' => 'เพิ่มผู้ใช้', 'Add Domain' => 'เพิ่มโดเมน', - 'Add Web Domain' => 'เพิ่ม Web Domain', - 'Add DNS Domain' => 'เพิ่ม DNS Domain', - 'Add DNS Record' => 'เพิ่ม DNS Record', - 'Add Mail Domain' => 'เพิ่ม Mail Domain', - 'Add Mail Account' => 'เพิ่มบัญชีเมล์', + 'Add Web Domain' => 'เพิ่มโดเมนสำหรับเว็บ', + 'Add DNS Domain' => 'เพิ่มโดเมนสำหรับ DNS', + 'Add DNS Record' => 'เพิ่มรายการ DNS', + 'Add Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Add Mail Account' => 'เพิ่มบัญชีเมล', 'Add Database' => 'เพิ่มฐานข้อมูล', - 'Add Cron Job' => 'เพิ่ม Cron Job', - 'Create Backup' => 'สร้างการสำรองข้อมูล', - 'Configure' => 'ปรับแต่ง', + 'Add Cron Job' => 'เพิ่มงาน CRON', + 'Create Backup' => 'สร้างข้อมูลสำรอง', + 'Configure' => 'ตั้งค่า', 'Restore All' => 'คืนค่าทั้งหมด', 'Add Package' => 'เพิ่มแพ็กเกจ', - 'Add IP' => 'เพิ่ม IP Address', - 'Add Rule' => 'เพิ่ม Rule', - 'Ban IP Address' => 'แบน IP Address', + 'Add IP' => 'เพิ่ม IP', + 'Add Rule' => 'เพิ่มกฎ', + 'Ban IP Address' => 'แบนหมายเลข IP', 'Search' => 'ค้นหา', - 'Add one more FTP Account' => 'เพิ่มอีกบัญชี', - 'Overall Statistics' => 'สถิติโดยรวม', + 'Add one more FTP Account' => 'เพิ่ม FTP อีกหนึ่งบัญชี', + 'Overall Statistics' => 'สถิติภาพรวม', 'Daily' => 'รายวัน', 'Weekly' => 'รายสัปดาห์', 'Monthly' => 'รายเดือน', @@ -73,28 +74,28 @@ $LANG['th'] = array( 'Submit' => 'ส่งข้อมูล', 'toggle all' => 'เลือกทั้งหมด', - 'apply to selected' => 'นำไปใช้กับที่เลือก', - 'rebuild' => 'สร้างใหม่', - 'rebuild web' => 'สร้างเว็บใหม่', - 'rebuild dns' => 'สร้าง DNS ใหม่', - 'rebuild mail' => 'สร้างเมล์ใหม่', - 'rebuild db' => 'สร้างฐานข้อมูลใหม่', - 'rebuild cron' => 'สร้าง Cron ใหม่', + 'apply to selected' => 'นำไปใช้กับรายการที่เลือก', + 'rebuild' => 'ใช้การตั้งค่าล่าสุด', + 'rebuild web' => 'ใช้การตั้งค่าเว็บล่าสุด', + 'rebuild dns' => 'ใช้การตั้งค่า DNS ล่าสุด', + 'rebuild mail' => 'ใช้การตั้งค่าเมลล่าสุด', + 'rebuild db' => 'ใช้การตั้งค่าฐานข้อมูลล่าสุด', + 'rebuild cron' => 'ใช้การตั้งค่า CRON ล่าสุด', 'update counters' => 'อัพเดทตัวนับ', 'suspend' => 'ระงับการใช้งาน', - 'unsuspend' => 'เปิดใช้งาน', + 'unsuspend' => 'ยกเลิกระงับการใช้งาน', 'delete' => 'ลบ', - 'show per user' => 'แสดงต่อผู้ใช้', - 'login as' => 'เข้าสู่ระบบด้วย', + 'show per user' => 'แสดงผลต่อผู้ใช้', + 'login as' => 'เข้าสู่ระบบในนาม', 'logout' => 'ออกจากระบบ', 'edit' => 'แก้ไข', 'open webstats' => 'เปิดสถิติเว็บ', - 'view logs' => 'ดู Logs', - 'list records' => 'รายการ %s records', - 'add record' => 'เพิ่ม Record', - 'list accounts' => 'รายการ %s บัญชี', + 'view logs' => 'ดูบันทึกเหตุการณ์', + 'list records' => 'แสดงรายการ', + 'add record' => 'เพิ่มรายการ', + 'list accounts' => 'แสดงบัญชี', 'add account' => 'เพิ่มบัญชี', - 'open webmail' => 'เปิด Webmail', + 'open webmail' => 'เปิดเว็บเมล', 'list fail2ban' => 'รายการ fail2ban', 'open %s' => 'เปิด %s', 'download' => 'ดาวน์โหลด', @@ -106,48 +107,48 @@ $LANG['th'] = array( 'update' => 'อัพเดท', 'generate' => 'สร้าง', 'Generate CSR' => 'สร้าง CSR', - 'reread IP' => 'อ่าน IP ใหม่', + 'reread IP' => 'อ่าน IP ซ้ำ', 'enable autoupdate' => 'เปิดการอัพเดทอัตโนมัติ', 'disable autoupdate' => 'ปิดการอัพเดทอัตโนมัติ', - 'turn on notifications' => 'เปิดใช้งานการแจ้งเตือน', - 'turn off notifications' => 'ปิดใช้งานการแจ้งเตือน', + 'turn on notifications' => 'เปิดการแจ้งเตือน', + 'turn off notifications' => 'ปิดการแจ้งเตือน', 'configure' => 'ปรับแต่ง', 'Adding User' => 'เพิ่มผู้ใช้', 'Editing User' => 'แก้ไขผู้ใช้', 'Adding Domain' => 'เพิ่มโดเมน', 'Editing Domain' => 'แก้ไขโดเมน', - 'Adding DNS Domain' => 'เพิ่ม DNS Domain', - 'Editing DNS Domain' => 'แก้ไข DNS Domain', - 'Adding DNS Record' => 'เพิ่ม DNS Record', - 'Editing DNS Record' => 'แก้ไข DNS Record', - 'Adding Mail Domain' => 'เพิ่ม Mail Domain', - 'Editing Mail Domain' => 'แก้ไข Mail Domain', - 'Adding Mail Account' => 'เพิ่มบัญชีเมล์', - 'Editing Mail Account' => 'แก้ไขบัญชีเมล์', + 'Adding DNS Domain' => 'เพิ่ม DNS สำหรับโดเมน', + 'Editing DNS Domain' => 'แก้ไข DNS สำหรับโดเมน', + 'Adding DNS Record' => 'เพิ่มรายการ DNS', + 'Editing DNS Record' => 'แก้ไขรายการ DNS', + 'Adding Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Editing Mail Domain' => 'แก้ไขโดเมนสำหรับเมล', + 'Adding Mail Account' => 'เพิ่มบัญชีเมล', + 'Editing Mail Account' => 'แก้ไขบัญชีเมล', 'Adding database' => 'เพิ่มฐานข้อมูล', - 'Editing Cron Job' => 'แก้ไข Cron Job', - 'Adding Cron Job' => 'เพิ่ม Cron Job', + 'Editing Cron Job' => 'แก้ไขงาน CRON', + 'Adding Cron Job' => 'เพิ่มงาน CRON', 'Editing Database' => 'แก้ไขฐานข้อมูล', 'Adding Package' => 'เพิ่มแพ็กเกจ', 'Editing Package' => 'แก้ไขแพ็กเกจ', - 'Adding IP address' => 'เพิ่ม IP address', - 'Editing IP Address' => 'แก้ไข IP Address', + 'Adding IP address' => 'เพิ่มที่อยู่ IP', + 'Editing IP Address' => 'แก้ไขที่อยู่ IP', 'Editing Backup Exclusions' => 'แก้ไขการยกเว้นสำรองข้อมูล', 'Generating CSR' => 'สร้าง CSR', 'Listing' => 'รายการ', - 'Search Results' => 'ผลลัพธ์ของการค้นหา', - 'Adding Firewall Rule' => 'การเพิ่ม Firewall Rule', - 'Editing Firewall Rule' => 'การแก้ไข Firewall Rule', - 'Adding IP Address to Banlist' => 'การแบน IP Address', + 'Search Results' => 'ผลลัพธ์การค้นหา', + 'Adding Firewall Rule' => 'การเพิ่มกฎ Firewall', + 'Editing Firewall Rule' => 'การแก้ไขกฎ Firewall', + 'Adding IP Address to Banlist' => 'เพิ่มที่อยู่ IP ในรายการแบน', 'active' => 'เปิดใช้งาน', 'spnd' => 'ระงับการใช้งาน', 'suspended' => 'ระงับการใช้งานแล้ว', 'running' => 'กำลังทำงาน', 'stopped' => 'หยุดทำงานแล้ว', - 'outdated' => 'ตกรุ่น', - 'updated' => 'อัพเดท', + 'outdated' => 'ตกรุ่นแล้ว', + 'updated' => 'อัพเดทแล้ว', 'yes' => 'ใช่', 'no' => 'ไม่ใช่', @@ -164,37 +165,37 @@ $LANG['th'] = array( 'minutes' => 'นาที', 'month' => 'เดือน', 'package' => 'แพ็กเกจ', - 'Bandwidth' => 'แบนด์วิดธ์', + 'Bandwidth' => 'ปริมาณรับส่งข้อมูล', 'Disk' => 'พื้นที่จัดเก็บข้อมูล', 'Web' => 'เว็บ', - 'Mail' => 'เมล์', + 'Mail' => 'เมล', 'Databases' => 'ฐานข้อมูล', 'User Directories' => 'ไดเร็กทอรี่ของผู้ใช้', - 'Template' => 'Template', - 'Web Template' => 'Web Template', - 'Backend Template' => 'Backend Template', - 'Proxy Template' =>'Proxy Template', - 'DNS Template' => 'DNS Template', - 'Web Domains' => 'Web Domains', - 'SSL Domains' => 'SSL Domains', - 'Web Aliases' => 'Web Aliases', - 'per domain' => 'ต่อ Domain', - 'DNS Domains' => 'DNS Domains', - 'DNS domains' => 'DNS domains', - 'DNS records' => 'DNS records', + 'Template' => 'ตัวแบบ', + 'Web Template' => 'ตัวแบบเว็บ', + 'Backend Template' => 'ตัวเแบบ Backend', + 'Proxy Template' =>'ตัวแบบ Proxy', + 'DNS Template' => 'ตัวแบบ DNS', + 'Web Domains' => 'โดเมนสำหรับเว็บ', + 'SSL Domains' => 'โดเมนสำหรับ SSL', + 'Web Aliases' => 'ชื่อแทนเว็บ', + 'per domain' => 'ต่อโดเมน', + 'DNS Domains' => 'โดเมนสำหรับ DNS', + 'DNS domains' => 'โดเมนสำหรับ DNS', + 'DNS records' => 'รายการ DNS', 'Name Servers' => 'Name Servers', - 'Mail Domains' => 'Mail Domains', - 'Mail Accounts' => 'บัญชีเมล์', - 'Cron Jobs' => 'Cron Jobs', - 'SSH Access' => 'การเข้าถึง SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'IP Addresses', + 'Mail Domains' => 'โดเมนสำหรับเมล', + 'Mail Accounts' => 'บัญชีเมล', + 'Cron Jobs' => 'งาน CRON', + 'SSH Access' => 'การเข้าใช้ SSH', + 'IP Address' => 'ที่อยู่ IP', + 'IP Addresses' => 'ที่อยู่ IP', 'Backups' => 'สำรองข้อมูล', 'Backup System' => 'ระบบสำรองข้อมูล', 'backup exclusions' => 'ยกเว้นการสำรองข้อมูล', - 'template' => 'template', + 'template' => 'ตัวแบบ', 'SSL Support' => 'สนับสนุน SSL', - 'SSL Home Directory' => 'หน้าแรกของ SSL', + 'SSL Home Directory' => 'ไดเร็กทอรี่หลักของ SSL', 'Lets Encrypt Support' => 'สนับสนุน Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', 'Your certificate will be automatically issued in 5 minutes' => 'ใบรับรองของคุณจะได้รับการออกโดยอัตโนมัติภายใน 5 นาที', @@ -206,17 +207,17 @@ $LANG['th'] = array( 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'หมดอายุ', - 'Records' => 'Records', + 'Records' => 'รายการ', 'Serial' => 'Serial', - 'Catchall email' => 'Catchall email', - 'AntiVirus Support' => 'สนับสนุน AntiVirus', - 'AntiSpam Support' => 'สนับสนุน AntiSpam', + 'Catchall email' => 'อีเมล Catchall', + 'AntiVirus Support' => 'สนับสนุนการป้องกันไวรัส', + 'AntiSpam Support' => 'สนับสนุนการป้องกันเมลขยะ', 'DKIM Support' => 'สนับสนุน DKIM', 'Accounts' => 'บัญชี', 'Quota' => 'โควตา', 'Autoreply' => 'ตอบกลับอัตโนมัติ', 'Forward to' => 'ส่งต่อไปยัง', - 'Do not store forwarded mail' => 'อย่าเก็บเมล์ที่ส่งต่อไว้', + 'Do not store forwarded mail' => 'ไม่เก็บเมลที่ส่งต่อแล้วไว้', 'IMAP hostname' => 'IMAP hostname', 'IMAP port' => 'IMAP port', 'IMAP security' => 'IMAP security', @@ -240,7 +241,7 @@ $LANG['th'] = array( 'Run Time' => 'เวลาทำงาน', 'Backup Size' => 'ขนาดสำรองข้อมูล', 'SYS' => 'SYS', - 'Domains' => 'Domains', + 'Domains' => 'โดเมน', 'Status' => 'สถานะ', 'shared' => 'shared', 'dedicated' => 'dedicated', @@ -253,72 +254,72 @@ $LANG['th'] = array( 'NGINX Usage' => 'การใช้ NGINX', 'MySQL Usage on localhost' => 'การใช้ MySQL บน localhost', 'PostgreSQL Usage on localhost' => 'การใช้ PostgreSQL บน localhost', - 'Bandwidth Usage eth0' => 'การใช้ แบนด์วิดธ์ ของ eth0', - 'Bandwidth Usage eth1' => 'การใช้ แบนด์วิดธ์ ของ eth1', + 'Bandwidth Usage eth0' => 'ขนาดการรับส่งข้อมูลของ eth0', + 'Bandwidth Usage eth1' => 'ขนาดการรับส่งข้อมูลของ eth1', 'Exim Usage' => 'การใช้ Exim', 'FTP Usage' => 'การใช้ FTP', 'SSH Usage' => 'การใช้ SSH', 'reverse proxy' => 'reverse proxy', - 'web server' => 'web server', - 'dns server' => 'dns server', - 'mail server' => 'mail server', - 'pop/imap server' => 'pop/imap server', - 'email antivirus' => 'email antivirus', - 'email antispam' => 'email antispam', - 'database server' => 'database server', - 'ftp server' => 'ftp server', + 'web server' => 'เซิร์ฟเวอร์เว็บ', + 'dns server' => 'เซิร์ฟเวอร์ dns', + 'mail server' => 'เซิร์ฟเวอร์เมล', + 'pop/imap server' => 'เซิร์ฟเวอร์ pop/imap', + 'email antivirus' => 'การป้องกันไวรัสอีเมล', + 'email antispam' => 'การป้องกันอีเมลขยะ', + 'database server' => 'เซิร์ฟเวอร์ฐานข้อมูล', + 'ftp server' => 'เซิร์ฟเวอร์ ftp', 'job scheduler' => 'job scheduler', 'firewall' => 'firewall', - 'brute-force monitor' => 'ตรวจสอบการ brute-force', + 'brute-force monitor' => 'ดักจับ brute-force', 'CPU' => 'CPU', 'Memory' => 'หน่วยความจำ', - 'Uptime' => 'เวลาทำงาน', + 'Uptime' => 'ระบบทำงานมาแล้ว', 'core package' => 'แพ็กเกจหลัก', - 'php interpreter' => 'ตัวแปลคำสั่ง php', + 'php interpreter' => 'ตัวแปลภาษา php', 'internal web server' => 'เว็บเซิร์ฟเวอร์ภายใน', 'Version' => 'เวอร์ชั่น', - 'Release' => 'เวอร์ชั่นการปล่อย', + 'Release' => 'ลำดับที่', 'Architecture' => 'สถาปัตยกรรม', 'Object' => 'วัตถุ', 'Username' => 'ชื่อผู้ใช้', 'Password' => 'รหัสผ่าน', - 'Email' => 'อีเมล์', + 'Email' => 'อีเมล', 'Package' => 'แพ็กเกจ', 'Language' => 'ภาษา', 'First Name' => 'ชื่อ', 'Last Name' => 'นามสกุล', 'Send login credentials to email address' => 'ชื่ออีเมล์สำหรับส่งข้อมูลการเข้าสู่ระบบ', - 'Default Template' => 'Template มาตรฐาน', - 'Default Name Servers' => 'Name Servers มาตรฐาน', + 'Default Template' => 'ตัวแบบเริ่มต้น', + 'Default Name Servers' => 'Name Servers เริ่มต้น', 'Domain' => 'โดเมน', 'DNS Support' => 'สนับสนุน DNS', - 'Mail Support' => 'สนับสนุนเมล์', + 'Mail Support' => 'สนับสนุนเมล', 'Advanced options' => 'ตัวเลือกขั้นสูง', 'Basic options' => 'ตัวเลือกพื้นฐาน', - 'Aliases' => 'Aliases', + 'Aliases' => 'ชื่อแทน', 'SSL Certificate' => 'SSL Certificate', 'SSL Key' => 'SSL Key', 'SSL Certificate Authority / Intermediate' => 'SSL Certificate Authority / Intermediate', 'SSL CSR' => 'SSL CSR', 'optional' => 'ทางเลือกเพิ่มเติม', 'internal' => 'ภายใน', - 'Statistics Authorization' => 'การตรวจสอบสถิติ', - 'Statistics Auth' => 'รับรองความถูกต้องของสถิติ', + 'Statistics Authorization' => 'กำหนดสิทธิการเข้าดูสถิติ', + 'Statistics Auth' => 'ลงทะเบียนเข้าดูสถิติ', 'Account' => 'บัญชี', - 'Prefix will be automaticaly added to username' => 'คำนำหน้า %s จะถูกเพิ่มลงในชื่อผู้ใช้โดยอัตโนมัติ', - 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งข้อมูล FTP', + 'Prefix will be automaticaly added to username' => 'จะมีการใส่คำนำหน้าลงในชื่อผู้ใช้โดยอัตโนมัติ', + 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งรหัสผ่าน FTP', 'Expiration Date' => 'วันหมดอายุ', 'YYYY-MM-DD' => 'ปี-เดือน-วัน', 'Name servers' => 'Name servers', - 'Record' => 'Record', + 'Record' => 'รายการ', 'IP or Value' => 'IP หรือ ค่า', 'Priority' => 'ลำดับความสำคัญ', - 'Record Number' => 'ตัวเลข record', + 'Record Number' => 'หมายเลขรายการ', 'in megabytes' => 'หน่วย megabytes', 'Message' => 'ข้อความ', 'use local-part' => 'ใช้ส่วนภายใน', 'one or more email addresses' => 'อย่างน้อย 1 ที่อยู่อีเมล์', - 'Prefix will be automaticaly added to database name and database user' => 'คำนำหน้า %s จะถูกเพิ่มชื่อในฐานข้อมูลและฐานข้อมูลผู้ใช้โดยอัตโนมัติ', + 'Prefix will be automaticaly added to database name and database user' => 'จะมีการเพิ่มคำนำหน้าชื่อฐานข้อมูลและชื่อผู้ใช้ฐานข้อมูลโดยอัตโนมัติ', 'Database' => 'ฐานข้อมูล', 'Type' => 'ชนิด', 'Minute' => 'นาที', @@ -327,35 +328,35 @@ $LANG['th'] = array( 'Netmask' => 'Netmask', 'Interface' => 'Interface', 'Shared' => 'แชร์', - 'Assigned user' => 'กำหนดผู้ใช้แล้ว', - 'Assigned domain' => 'โดเมนที่กำหนด', + 'Assigned user' => 'ผู้ใช้ที่กำหนดไว้', + 'Assigned domain' => 'โดเมนที่กำหนดไว้', 'NAT IP association' => 'NAT IP association', 'shell' => 'shell', - 'web domains' => 'web domains', - 'web aliases' => 'web aliases', - 'dns records' => 'dns records', - 'mail domains' => 'mail domains', - 'mail accounts' => 'บัญชีเมล์', + 'web domains' => 'โดเมนสำหรับเว็บ', + 'web aliases' => 'ชื่อแทนเว็บ', + 'dns records' => 'รายการ dns', + 'mail domains' => 'โดเมนสำหรับเมล', + 'mail accounts' => 'บัญชีเมล', 'accounts' => 'บัญชี', 'databases' => 'ฐานข้อมูล', - 'cron jobs' => 'cron jobs', + 'cron jobs' => 'งาน cron', 'backups' => 'สำรองข้อมูล', 'quota' => 'โควต้า', - 'day of week' => 'วันในสัปดาห์', - 'cmd' => 'cmd', + 'day of week' => 'วันของสัปดาห์', + 'cmd' => 'คำสั่ง', 'users' => 'ผู้ใช้', 'domains' => 'โดนเมน', - 'aliases' => 'aliases', - 'records' => 'records', - 'jobs' => 'jobs', + 'aliases' => 'ชื่อแทน', + 'records' => 'รายการ', + 'jobs' => 'งาน', 'username' => 'ชื่อผู้ใช้', 'password' => 'รหัสผ่าน', 'type' => 'ชนิด', 'charset' => 'charset', 'domain' => 'โดเมน', 'ip' => 'ip', - 'ip address' => 'ip address', - 'IP address' => 'IP address', + 'ip address' => 'ที่อยู่ ip', + 'IP address' => 'ที่อยู่ IP', 'netmask' => 'netmask', 'interface' => 'interface', 'assigned user' => 'กำหนดผู้ใช้แล้ว', @@ -368,11 +369,11 @@ $LANG['th'] = array( 'account' => 'บัญชี', 'ssl certificate' => 'ssl certificate', 'ssl key' => 'ssl key', - 'stats user password' => 'stats user password', - 'stats username' => 'stats username', - 'stats password' => 'stats password', - 'ftp user password' => 'FTP ชื่อผู้ใช้ รหัสผ่าน', - 'ftp user' => 'ผู้ใช้ FTP', + 'stats user password' => 'รหัสผ่านของผู้ใช้สถิติ', + 'stats username' => 'ชื่อผู้ใช้สถิติ', + 'stats password' => 'รหัสผ่านสถิติ', + 'ftp user password' => 'รหัสผ่านของผู้ใช้สำหรับ ftp', + 'ftp user' => 'ผู้ใช้ ftp', 'Last 70 lines of %s.%s.log' => '70 บรรทัดสุดท้ายของ %s.%s.log', 'AccessLog' => 'AccessLog', 'ErrorLog' => 'ErrorLog', @@ -383,13 +384,13 @@ $LANG['th'] = array( 'State / Province' => 'ถนน / แขวง', 'City / Locality' => 'เมือง / ท้องถิ่น', 'Organization' => 'องค์กร', - 'Action' => 'การกระทำ', + 'Action' => 'ดำเนินการ', 'Protocol' => 'โปรโตคอล', 'Port' => 'Port', 'Comment' => 'หมายเหตุ', 'Banlist' => 'รายชื่อที่โดนแบน', 'ranges are acceptable' => 'ช่วงที่ยอมรับได้', - 'CIDR format is supported' => 'การสนับสนุน CIDR', + 'CIDR format is supported' => 'สนับสนุนรูปแบบ CIDR', 'ACCEPT' => 'ยอมรับ', 'DROP' => 'บล็อค', 'TCP' => 'TCP', @@ -400,12 +401,12 @@ $LANG['th'] = array( 'VESTA' => 'VESTA', 'Add one more Name Server' => 'เพิ่ม Name Server อีก', - 'web domain' => 'web domain', - 'dns domain' => 'dns domain', - 'dns record' => 'dns record', - 'mail domain' => 'mail domain', + 'web domain' => 'โดเมนสำหรับเว็บ', + 'dns domain' => 'โดเมนสำหรบ dns', + 'dns record' => 'รายการ dns', + 'mail domain' => 'โดเมนสำหรับเมล', 'mail account' => 'บัญชีเมล์', - 'cron job' => 'cron job', + 'cron job' => 'งาน cron', 'cron' => 'cron', 'user dir' => 'ไดเร็กทอรี่ของผู้ใช้', @@ -415,91 +416,91 @@ $LANG['th'] = array( '%s accounts' => '%s บัญชี', '1 domain' => '1 โดเมน', '%s domains' => '%s โดเมน', - '1 record' => '1 record', - '%s records' => '%s records', - '1 mail account' => '1 บัญชีเมล์', - '%s mail accounts' => '%s บัญชีเมล์', + '1 record' => '1 รายการ', + '%s records' => '%s รายการ', + '1 mail account' => '1 บัญชีเมล', + '%s mail accounts' => '%s บัญชีเมล', '1 database' => '1 ฐานข้อมูล', '%s databases' => '%s ฐานข้อมูล', - '1 cron job' => '1 cron job', - '%s cron jobs' => '%s cron jobs', - '1 archive' => '1 เก็บถาวร', - '%s archives' => '%s เก็บถาวร', + '1 cron job' => '1 งาน cron', + '%s cron jobs' => '%s งาน cron', + '1 archive' => '1 ข้อมูลสำรอง', + '%s archives' => '%s ข้อมูลสำรอง', '1 item' => '1 รายการ', '%s items' => '%s รายการ', '1 package' => '1 แพ็กเกจ', - '%s packages' => '%s packages', - '1 IP address' => '1 IP address', - '%s IP addresses' => '%s IP addresses', + '%s packages' => '%s แพ็กเกจ', + '1 IP address' => '1 ที่อยู่ IP', + '%s IP addresses' => '%s ที่อยู่ IP', '1 month' => '1 เดือน', '%s months' => '%s เดือน', - '1 log record' => '1 log record', - '%s log records' => '%s log record', + '1 log record' => '1 บันทึกเหตุการณ์', + '%s log records' => '%s บันทึกเหตุการณ์', '1 object' => '1 วัตถุ', '%s objects' => '%s วัตถุ', 'no exclusions' => 'ไม่มีการยกเว้น', - '1 rule' => '1 rule', - '%s rules' => '%s rules', + '1 rule' => '1 กฎ', + '%s rules' => '%s กฎ', 'There are no currently banned IP' => 'ไม่มี IP ที่ถูกแบน', - 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s สำเร็จแล้ว', - 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดนเมน %s สำเร็จแล้ว', - 'DNS_DOMAIN_CREATED_OK' => 'สร้าง DNS domain %s สำเร็จแล้ว', - 'DNS_RECORD_CREATED_OK' => 'สร้าง Record %s.%s ได้ถูกสร้างสำเร็จแล้ว', - 'MAIL_DOMAIN_CREATED_OK' => 'สร้าง Mail domain %s สำเร็จแล้ว', - 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล์ %s@%s สำเร็จแล้ว', - 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s สำเร็จแล้ว', - 'CRON_CREATED_OK' => 'สร้าง Cron job ได้ถูกสร้างแล้ว', - 'IP_CREATED_OK' => 'สร้าง IP address %s สำเร็จแล้ว', - 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s สำเร็จแล้ว', - 'SSL_GENERATED_OK' => 'สร้างใบรับรองสำเร็จแล้ว', - 'RULE_CREATED_OK' => 'สร้าง Rule สำเร็จแล้ว', - 'BANLIST_CREATED_OK' => 'สร้าง IP address สำเร็จแล้ว', + 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s แล้ว', + 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดเมน %s แล้ว', + 'DNS_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับ DNS %s แล้ว', + 'DNS_RECORD_CREATED_OK' => 'สร้างรายการ %s.%s แล้ว', + 'MAIL_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับเมล %s แล้ว', + 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล %s@%s แล้ว', + 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s แล้ว', + 'CRON_CREATED_OK' => 'สร้างงาน Cron แล้ว', + 'IP_CREATED_OK' => 'สร้างที่อยู่ IP %s แล้ว', + 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s แล้ว', + 'SSL_GENERATED_OK' => 'สร้าง SSL Certificate แล้ว', + 'RULE_CREATED_OK' => 'สร้างกฎแล้ว', + 'BANLIST_CREATED_OK' => 'สร้างรายการแบนหมายเลข IP แล้ว', 'Autoupdate has been successfully enabled' => 'เปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', 'Autoupdate has been successfully disabled' => 'ปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', - 'Cronjob email reporting has been successfully enabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการเปิดใช้งานเรียบร้อยแล้ว', - 'Cronjob email reporting has been successfully disabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการปิดใช้งานเรียบร้อยแล้ว', + 'Cronjob email reporting has been successfully enabled' => 'เปิดการรายงานทางอีเมลของ Cronjob แล้ว', + 'Cronjob email reporting has been successfully disabled' => 'ปิดการรายงานทางอีเมลของ Cronjob แล้ว', 'Changes has been saved.' => 'บันทึกการเปลี่ยนแปลงแล้ว', 'Confirmation' => 'การยืนยัน', - 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s?', - 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s?', - 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s?', - 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s?', - 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ Record %s?', - 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ Record %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน Record %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล์ %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล์ %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล์ %s?', - 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s?', - 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ cron job?', - 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ cron job?', - 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron job?', - 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น?', - 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s?', - 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ IP address %s?', - 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ rule #%s?', - 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ rule #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน rule #%s?', - 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้?', - 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s?', + 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s', + 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s', + 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s', + 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s', + 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s', + 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบรายการ %s', + 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับรายการ %s', + 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานรายการ %s', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล %s', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล %s', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล %s', + 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s', + 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s', + 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s', + 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบงาน cron', + 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับงาน cron', + 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron', + 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s', + 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น', + 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s', + 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบที่อยู่ IP %s', + 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบกฎ #%s', + 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับกฎ #%s', + 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานกฎ #%s', + 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้', + 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s', 'Welcome' => 'ยินดีต้อนรับ', 'LOGGED_IN_AS' => 'เข้าสู่ระบบในฐานะผู้ใช้ %s', 'Error' => 'เกิดข้อผิดพลาด', 'Invalid username or password' => 'ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง', 'Invalid username or code' => 'ชื่อผู้ใช้หรือรหัสไม่ถูกต้อง', 'Passwords not match' => 'รหัสผ่านทั้งสองไม่ตรงกัน', - 'Please enter valid email address.' => 'กรุณาใส่เมล์ที่ถูกต้อง', + 'Please enter valid email address.' => 'กรุณาใส่เมลที่ถูกต้อง', 'Field "%s" can not be blank.' => 'ช่อง "%s" ไม่สามารถเว้นว่างไว้', 'Password is too short.' => 'รหัสผ่านสั้นเกินไป (ต่ำสุด 6 ตัวอักษร)', 'Error code:' => 'รหัสข้อผิดพลาด: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ล้มเหลว', - 'IP address is in use' => 'IP address กำลังใช้งานอยู่', + 'IP address is in use' => 'ที่อยู่ IP ถูกใช้งานอยู่', 'BACKUP_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับอีเมลแจ้งเตือนเมื่อการสำรองข้อมูลของคุณพร้อมสำหรับการดาวน์โหลด', 'BACKUP_EXISTS' => 'มีการสำรองข้อมูลอยู่ โปรดรอให้การสำรองข้อมูลในปัจจุบันเสร็จสิ้น', 'RESTORE_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับการแจ้งเตือนทางอีเมลเมื่อการคืนค่าเสร็จสิ้น', @@ -521,7 +522,7 @@ $LANG['th'] = array( 'FTP login credentials' => 'ข้อมูลการเข้าสู่ระบบ FTP', 'FTP_ACCOUNT_READY' => "มีการสร้างบัญชี FTP และพร้อมใช้งานแล้ว\n\nโฮสต์: %s\nชื่อผู้ใช้: %s_%s\nรหัสผ่าน: %s\n\n--\nVesta Control Panel\n", - 'Database Credentials' => 'ข้อมูลของฐานข้อมูล', + 'Database Credentials' => 'ข้อมูลการใช้งานฐานข้อมูล', 'DATABASE_READY' => "สร้างฐานข้อมูลเรียบร้อยแล้ว\n\nDatabase: %s\nชื่อ: %s\nรหัสผ่าน: %s\n%s\n\n--\nVesta Control Panel\n", 'forgot password' => 'ลืมรหัสผ่าน', @@ -530,7 +531,7 @@ $LANG['th'] = array( 'Confirm Password' => 'ยืนยันรหัสผ่าน', 'Reset' => 'รีเซ็ต', 'Reset Code' => 'รหัสสำหรับรีเซ็ต', - 'RESET_NOTICE' => '', + 'RESET_NOTICE' => 'แจ้งการ', 'RESET_CODE_SENT' => 'รหัสสำหรับรีเซ็ตรหัสผ่านถูกส่งไปยังที่อยู่อีเมลของคุณแล้ว
', 'MAIL_RESET_SUBJECT' => 'ตั้งค่ารหัสผ่านใหม่ที่ %s', 'PASSWORD_RESET_REQUEST' => "หากต้องการรีเซ็ตรหัสผ่านของแผงควบคุมโปรดไปที่ลิงก์นี้:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nAlternatively, คุณอาจจะไปที่ https://%s/reset/?action=code&user=%s และใส่รหัสรีเซ็ตดังต่อไปนี้:\n%s\n\nหากคุณไม่ได้ขอรหัสผ่านใหม่โปรดละเว้นข้อความนี้และยอมรับคำขอโทษของเรา\n\n--\nVesta Control Panel\n", @@ -548,41 +549,42 @@ $LANG['th'] = array( 'Nov' => 'พ.ย.', 'Dec' => 'ธ.ค.', - 'Configuring Server' => 'การกำหนดค่าเซิฟเวอร์', + 'Configuring Server' => 'การกำหนดค่าเซิร์ฟเวอร์', 'Hostname' => 'Hostname', 'Time Zone' => 'เขตเวลา', 'Default Language' => 'ภาษาเริ่มต้น', - 'Proxy Server' => 'Proxy Server', - 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', - 'DNS Server' => 'DNS Server', + 'Proxy Server' => 'เซิร์ฟเวอร์ Proxy', + 'Web Server' => 'เซิร์ฟเวอร์เว็บ', + 'Backend Server' => 'เซิร์ฟเวอร์ Backend', + 'Backend Pool Mode' => 'โหมด Backend Pool', + 'DNS Server' => 'เซิร์ฟเวอร์ DNS', 'DNS Cluster' => 'DNS Cluster', - 'MAIL Server' => 'MAIL Server', - 'Antivirus' => 'Antivirus', - 'AntiSpam' => 'AntiSpam', + 'MAIL Server' => 'เซิร์ฟเวอร์เมล', + 'Antivirus' => 'ป้องกันไวรัส', + 'AntiSpam' => 'ป้องกันเมลขยะ', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'สนับสนุน MySQL', - 'phpMyAdmin URL' => 'ที่อยู่ของ phpMyAdmin', + 'phpMyAdmin URL' => 'phpMyAdmin URL', 'PostgreSQL Support' => 'สนับสนุน PostgreSQL', - 'phpPgAdmin URL' => 'ที่อยู่ของ phpPgAdmin', + 'phpPgAdmin URL' => 'phpPgAdmin URL', 'Maximum Number Of Databases' => 'จำนวนฐานข้อมูลสูงสุด', 'Current Number Of Databases' => 'จำนวนฐานข้อมูลปัจจุบัน', - 'Local backup' => 'สำรองข้อมูลท้องถิ่น', + 'Local backup' => 'สำรองข้อมูลภายใน', 'Compression level' => 'ระดับการบีบอัด', 'Directory' => 'ไดเร็กทอรี่', - 'Remote backup' => 'การสำรองข้อมูลระยะไกล', + 'Remote backup' => 'การสำรองข้อมูลภายนอก', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', + 'FileSystem Disk Quota' => 'โควต้าการเก็บข้อมูลในระบบ', 'Vesta Control Panel Plugins' => 'ปลั๊กอิน Vesta Control Panel', 'preview' => 'ดูตัวอย่าง', 'Reseller Role' => 'บทบาท Reseller', 'Web Config Editor' => 'เครื่องมือแก้ไขการตั้งค่าเว็บ', 'Template Manager' => 'ตัวจัดการ Template', 'Backup Migration Manager' => 'ตัวจัดการการย้ายข้อมูลสำรอง', - 'FileManager' => 'FileManager', + 'FileManager' => 'ตัวจัดการไฟล์', 'show: CPU / MEM / NET / DISK' => 'แสดง: CPU / MEM / NET / DISK', 'sort by' => 'จัดเรียงโดย', @@ -592,7 +594,7 @@ $LANG['th'] = array( 'save to favorites' => 'บันทึกในรายการโปรด', - 'File Manager' => 'File Manager', + 'File Manager' => 'ตัวจัดการไฟล์', 'size' => 'ขนาด', 'date' => 'วันที่', 'name' => 'ชื่อ', @@ -608,8 +610,8 @@ $LANG['th'] = array( 'ARCHIVE' => 'เก็บถาวร', 'EXTRACT' => 'แตกไฟล์', 'DOWNLOAD' => 'ดาวน์โหลด', - 'Are you sure?' => 'คุณแน่ใจ?', - 'Hit' => 'Hit', + 'Are you sure?' => 'คุณแน่ใจหรือไม่', + 'Hit' => 'จำนวนการเข้าถึง', 'to reload the page' => 'เพื่อโหลดหน้าเว็บใหม่', 'Directory name cannot be empty' => 'ชื่อไดเร็กทอรี่ต้องไม่ว่างเปล่า', 'File name cannot be empty' => 'ชื่อไฟล์ต้องไม่ว่างเปล่า', @@ -629,7 +631,7 @@ $LANG['th'] = array( 'Extract' => 'แตกไฟล์', 'Create' => 'สร้าง', 'Compress' => 'บีบอัด', - 'OK' => 'โอเค', + 'OK' => 'ตกลง', 'YOU ARE COPYING' => 'คุณกำลังคัดลอก', 'YOU ARE REMOVING' => 'คุณกำลังลบ', 'Delete items' => 'ลบรายการ', @@ -667,7 +669,7 @@ $LANG['th'] = array( 'Go to CRON list' => 'ไปที่รายการ CRON', 'Go to BACKUP list' => 'ไปที่รายการ สำรองข้อมูล', 'Focus on search' => 'มุ่งเน้นการค้นหา', - 'Display/Close shortcuts' => 'แสดง/ปิด shortcuts', + 'Display/Close shortcuts' => 'แสดง/ปิดทางลัด', 'Move backward through top menu' => 'เลื่อนกลับไปที่เมนูด้านบน', 'Move forward through top menu' => 'เลื่อนไปข้างหน้าผ่านเมนูด้านบน', 'Enter focused element' => 'ใส่องค์ประกอบที่เน้น', @@ -696,7 +698,7 @@ $LANG['th'] = array( 'Add File to the Current Selection' => 'เพิ่มไฟล์ในการเลือกปัจจุบัน', 'Select All Files' => 'เลือกไฟล์ทั้งหมด', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'shortcuts are inspired by magnificent GNU Midnight Commander file manager', + 'ทางลัดต่างๆ ได้แรงบันดาลใจจากตัวจัดการไฟล์ magnificent GNU Midnight Commander', 'Licence Key' => 'License Key', 'Enter License Key' => 'กรอก License Key', @@ -705,7 +707,7 @@ $LANG['th'] = array( 'Disable and Cancel License' => 'ปิดการใช้งาน และยกเลิก License', 'Licence Activated' => 'เปิดใช้งาน License แล้ว', 'Licence Deactivated' => 'ปิดการใช้งาน License แล้ว', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่บ้านเท่านั้น', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่ของตนเองเท่านั้น', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'เรียกดู, คัดลอก, แก้ไข, ดู, และเรียกค้นหาไฟล์โดเมนทั้งหมดของเว็บโดยใช้ตัวจัดการไฟล์ที่มีคุณลักษณะครบถ้วน', 'This is a commercial module, you would need to purchace license key to enable it.' => 'สิ่งนี้ไม่ใช่โมดูลฟรี, คุณจะต้องซื้อ License Key เพื่อเปิดใช้งาน', @@ -746,14 +748,14 @@ $LANG['th'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'ใช้ server hostname', - 'Use domain hostname' => 'ใช้ domain hostname', + 'Use server hostname' => 'ใช้ hostname ของเซิร์ฟเวอร์', + 'Use domain hostname' => 'ใช้ hostname ของโดเมน', 'Use STARTTLS' => 'ใช้ STARTTLS', 'Use SSL / TLS' => 'ใช้ SSL / TLS', - 'No encryption' => 'ไม่มี encryption', - 'Do not use encryption' => 'ไม่ใช้ encryption', + 'No encryption' => 'ไม่มีการเข้ารหัส', + 'Do not use encryption' => 'ไม่ใช้การเข้ารหัส', 'maximum characters length, including prefix' => 'ความยาว charset สูงสุด %s ตัว, รวมถึงคำนำหน้า', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'ข้อมูลการใช้อีเมล', ); diff --git a/web/inc/i18n/tr.php b/web/inc/i18n/tr.php index 7f2875b9..a7fadc43 100644 --- a/web/inc/i18n/tr.php +++ b/web/inc/i18n/tr.php @@ -560,6 +560,7 @@ $LANG['tr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 02b5a29a..163bee62 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -2,16 +2,13 @@ /** * Vesta language file * This language file is translate by - * Peter Dave Hello Blog (https://www.peterdavehello.org) - * Peter Dave Hello GitHub (https://github.com/PeterDaveHello) - * Peter Dave Hello Twitter (https://twitter.com/PeterDaveHello) - * Clark's Computer Knowledge Journal (https://www.clark-chen.com) * Clark's Hosting Service (https://host.clark-chen.com) * Clark Chen (clark@clark-chen.com) */ $LANG['tw'] = array( + 'Packages' => '方案設定', - 'IP' => 'IP管理', + 'IP' => 'IP 管理', 'Graphs' => '資源使用圖表', 'Statistics' => '統計資料', 'Log' => '系統紀錄', @@ -33,7 +30,7 @@ $LANG['tw'] = array( 'LOGIN' => '登入', 'RESET PASSWORD' => '重設密碼', 'SEARCH' => '搜尋', - 'PACKAGE' => '套件', + 'PACKAGE' => '方案', 'RRD' => 'RRD', 'STATS' => '狀態', 'LOG' => '日誌', @@ -45,7 +42,7 @@ $LANG['tw'] = array( 'NETWORK' => '網路', 'Web Log Manager' => 'Web 日誌管理員', - 'no notifications' => 'no notifications', + 'no notifications' => '沒有通知', 'Add User' => '新增使用者', 'Add Domain' => '新增網域', @@ -58,7 +55,7 @@ $LANG['tw'] = array( 'Add Cron Job' => '新增任務排程', 'Create Backup' => '建立備份', 'Configure' => '設定', - 'Restore All' => '全部回復', + 'Restore All' => '全部還原', 'Add Package' => '新增方案', 'Add IP' => '新增 IP', 'Add Rule' => '新增規則', @@ -66,9 +63,9 @@ $LANG['tw'] = array( 'Search' => '搜尋', 'Add one more FTP Account' => '新增 FTP 帳號', 'Overall Statistics' => '整理統計資料', - 'Daily' => '天', - 'Weekly' => '周', - 'Monthly' => '月', + 'Daily' => '每天', + 'Weekly' => '每週', + 'Monthly' => '每月', 'Yearly' => '每年', 'Add' => '新增', 'Back' => '返回', @@ -83,16 +80,16 @@ $LANG['tw'] = array( 'rebuild mail' => '重建信箱', 'rebuild db' => '重建資料庫', 'rebuild cron' => '重建任務排程', - 'update counters' => '更新計數器', - 'suspend' => '封鎖', - 'unsuspend' => '解除封鎖', + 'update counters' => '更新計數器', + 'suspend' => '停用', + 'unsuspend' => '解除停用', 'delete' => '刪除', - 'show per user' => '依照選擇的使用者', + 'show per user' => '依選擇的使用者', 'login as' => '登入帳號', 'logout' => '登出', 'edit' => '編輯', 'open webstats' => '開啟網站統計資料', - 'view logs' => '查看系統紀錄', + 'view logs' => '檢視系統紀錄', 'list records' => '列出 %s 紀錄', 'add record' => '新增紀錄', 'list accounts' => '列出 %s 帳號', @@ -101,29 +98,29 @@ $LANG['tw'] = array( 'list fail2ban' => '列出登入失敗遭封鎖名單', 'open %s' => '開啟 %s', 'download' => '下載', - 'restore' => '回復', - 'configure restore settings' => '配置回復設定', + 'restore' => '還原', + 'configure restore settings' => '配置還原設定', 'stop' => '停止', 'start' => '啟動', 'restart' => '重新啟動', 'update' => '更新', 'generate' => '產生', 'Generate CSR' => '產生憑證簽署請求 (CSR)', - 'reread IP' => '重新取得IP', + 'reread IP' => '重新取得 IP', 'enable autoupdate' => '啟用自動更新', 'disable autoupdate' => '停用自動更新', 'turn on notifications' => '啟用通知', 'turn off notifications' => '停用通知', - 'configure' => 'configure', + 'configure' => '配置', 'Adding User' => '新增使用者', 'Editing User' => '編輯使用者', 'Adding Domain' => '新增網域', 'Editing Domain' => '編輯網域', - 'Adding DNS Domain' => '新增DNS網域', - 'Editing DNS Domain' => '編輯DNS網域', - 'Adding DNS Record' => '新增DNS紀錄', - 'Editing DNS Record' => '編輯DNS紀錄', + 'Adding DNS Domain' => '新增 DNS 網域', + 'Editing DNS Domain' => '編輯 DNS 網域', + 'Adding DNS Record' => '新增 DNS 紀錄', + 'Editing DNS Record' => '編輯 DNS 紀錄', 'Adding Mail Domain' => '新增信箱網域', 'Editing Mail Domain' => '編輯信箱網域', 'Adding Mail Account' => '新增信箱帳號', @@ -134,10 +131,10 @@ $LANG['tw'] = array( 'Editing Database' => '編輯資料庫', 'Adding Package' => '新增方案', 'Editing Package' => '編輯方案', - 'Adding IP address' => '新增IP', - 'Editing IP Address' => '編輯IP', + 'Adding IP address' => '新增 IP', + 'Editing IP Address' => '編輯 IP', 'Editing Backup Exclusions' => '編輯備份排除項目', - 'Generating CSR' => '產生憑證簽署請求(CSR)中...', + 'Generating CSR' => '產生憑證簽署請求 (CSR) 中...', 'Listing' => '列出', 'Search Results' => '搜尋結果', 'Adding Firewall Rule' => '新增防火牆規則', @@ -145,11 +142,11 @@ $LANG['tw'] = array( 'Adding IP Address to Banlist' => '新增IP至黑名單', 'active' => '正常', - 'spnd' => '封鎖', - 'suspended' => '已封鎖', + 'spnd' => '停用', + 'suspended' => '已停用', 'running' => '執行中', 'stopped' => '已停止', - 'outdated' => '有新版本可升級', + 'outdated' => '有可升級的新版本', 'updated' => '已是最新版本', 'yes' => '是', @@ -161,8 +158,8 @@ $LANG['tw'] = array( 'mb' => 'MB', 'minute' => '分鐘', 'hour' => '小時', - 'day' => '天', - 'days' => '天', + 'day' => '日', + 'days' => '日', 'hours' => '小時', 'minutes' => '分鐘', 'month' => '月', @@ -173,15 +170,15 @@ $LANG['tw'] = array( 'Mail' => '信箱', 'Databases' => '資料庫', 'User Directories' => '使用者目錄', - 'Template' => '模板', - 'Web Template' => 'Apache 模板', - 'Backend Template' => 'Backend 模板', - 'Proxy Template' => 'Proxy 模板', - 'DNS Template' => 'DNS 模板', + 'Template' => '範本', + 'Web Template' => 'Apache 範本', + 'Backend Template' => 'Backend 範本', + 'Proxy Template' => 'Proxy 範本', + 'DNS Template' => 'DNS 範本', 'Web Domains' => '網站網域', 'SSL Domains' => 'SSL 網域', 'Web Aliases' => '網站子網域', - 'per domain' => '(每網域)', + 'per domain' => '(每個網域)', 'DNS Domains' => 'DNS 網域', 'DNS domains' => 'DNS 網域', 'DNS records' => 'DNS 紀錄', @@ -195,14 +192,14 @@ $LANG['tw'] = array( 'Backups' => '備份', 'Backup System' => '備份系統', 'backup exclusions' => '備份例外', - 'template' => '模板', + 'template' => '範本', 'SSL Support' => 'SSL 支援', 'SSL Home Directory' => 'SSL 主目錄', 'Lets Encrypt Support' => 'Lets Encrypt 支援', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '您的憑證會在五分鐘內完成簽署', + 'Your certificate will be automatically issued in 5 minutes' => '您的憑證會在五分鐘內完成簽發', 'Proxy Support' => 'Proxy 支援', - 'Proxy Extensions' => 'Proxy 擴充', + 'Proxy Extensions' => 'Proxy 副檔名', 'Web Statistics' => '網站統計', 'Additional FTP Account' => '其他 FTP 帳號', 'Path' => '路徑', @@ -210,11 +207,11 @@ $LANG['tw'] = array( 'TTL' => 'TTL', 'Expire' => '過期', 'Records' => '紀錄', - 'Serial' => 'Serial', + 'Serial' => '序列 (Serial)', 'Catchall email' => '收到所有郵件', 'AntiVirus Support' => '防毒支援', 'AntiSpam Support' => '防垃圾郵件支援', - 'DKIM Support' => 'DKIM支援', + 'DKIM Support' => 'DKIM 支援', 'Accounts' => '帳號', 'Quota' => '配額', 'Autoreply' => '自動回覆', @@ -229,7 +226,7 @@ $LANG['tw'] = array( 'SMTP security' => 'SMTP 安全性', 'SMTP auth method' => 'SMTP 驗證方式', 'STARTTLS' => 'STARTTLS', - 'Normal password' => 'Normal password', + 'Normal password' => '普通密碼', 'database' => '資料庫', 'User' => '使用者', 'Host' => '主機', @@ -251,16 +248,16 @@ $LANG['tw'] = array( 'Users' => '使用者', 'Load Average' => '平均負載量', 'Memory Usage' => '記憶體使用量', - 'APACHE2 Usage' => 'APACHE2 使用情形', - 'HTTPD Usage' => 'HTTPD 使用情形', - 'NGINX Usage' => 'NGINX 使用情形', - 'MySQL Usage on localhost' => '本機 MySQL 使用情形', - 'PostgreSQL Usage on localhost' => '本機 PostgreSQL 使用情形', - 'Bandwidth Usage eth0' => 'eth0 頻寬使用情形', - 'Bandwidth Usage eth1' => 'eth1 頻寬使用情形', - 'Exim Usage' => 'Exim 使用情形', - 'FTP Usage' => 'FTP 使用情形', - 'SSH Usage' => 'SSH 使用情形', + 'APACHE2 Usage' => 'APACHE2 使用量', + 'HTTPD Usage' => 'HTTPD 使用量', + 'NGINX Usage' => 'NGINX 使用量', + 'MySQL Usage on localhost' => '本機 MySQL 使用量', + 'PostgreSQL Usage on localhost' => '本機 PostgreSQL 使用量', + 'Bandwidth Usage eth0' => 'eth0 頻寬使用量', + 'Bandwidth Usage eth1' => 'eth1 頻寬使用量', + 'Exim Usage' => 'Exim 使用量', + 'FTP Usage' => 'FTP 使用量', + 'SSH Usage' => 'SSH 使用量', 'reverse proxy' => '反向代理伺服器', 'web server' => '網站伺服器', 'dns server' => 'DNS 伺服器', @@ -277,12 +274,12 @@ $LANG['tw'] = array( 'Memory' => '記憶體', 'Uptime' => '已啟動時間', 'core package' => '核心系統', - 'php interpreter' => 'PHP解析', + 'php interpreter' => 'PHP 解析', 'internal web server' => '管理系統伺服器', 'Version' => '版本', 'Release' => '發佈號碼', 'Architecture' => '架構', - 'Object' => 'Object', + 'Object' => '物件', 'Username' => '使用者名稱', 'Password' => '密碼', 'Email' => '電子信箱', @@ -291,7 +288,7 @@ $LANG['tw'] = array( 'First Name' => '名字', 'Last Name' => '姓氏', 'Send login credentials to email address' => '傳送登入資訊至使用者的信箱', - 'Default Template' => '預設模板', + 'Default Template' => '預設範本', 'Default Name Servers' => '預設域名伺服器', 'Domain' => '網域', 'DNS Support' => 'DNS 支援', @@ -317,7 +314,7 @@ $LANG['tw'] = array( 'IP or Value' => 'IP 或值', 'Priority' => '優先順序', 'Record Number' => '記錄編號', - 'in megabytes' => '以MB為單位', + 'in megabytes' => '以 MB 為單位', 'Message' => '訊息', 'use local-part' => '使用本地部分', 'one or more email addresses' => '一個或更多電子郵件信箱', @@ -357,8 +354,8 @@ $LANG['tw'] = array( 'charset' => '編碼', 'domain' => '網域', 'ip' => 'IP', - 'ip address' => 'IP位置', - 'IP address' => 'IP位置', + 'ip address' => 'IP 位置', + 'IP address' => 'IP 位置', 'netmask' => '子網路遮罩', 'interface' => '介面卡', 'assigned user' => '指定使用者', @@ -370,19 +367,19 @@ $LANG['tw'] = array( 'last name' => '姓氏', 'account' => '帳號', 'ssl certificate' => 'SSL 憑證', - 'ssl key' => 'SSL密鑰', + 'ssl key' => 'SSL 密鑰', 'stats user password' => '統計使用者帳號密碼', 'stats username' => '統計使用者名稱', 'stats password' => '統計密碼', - 'ftp user password' => 'FTP使用者帳號密碼', - 'ftp user' => 'FTP使用者', - 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最後70行', + 'ftp user password' => 'FTP 使用者帳號密碼', + 'ftp user' => 'FTP 使用者', + 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最後 70 行', 'AccessLog' => '存取記錄', 'ErrorLog' => '錯誤紀錄', 'Download AccessLog' => '下載存取記錄', 'Download ErrorLog' => '下載錯誤記錄', 'Country' => '國家', - '2 letter code' => '國家簡碼(台灣是TW/香港是HK)', + '2 letter code' => '國家簡碼(台灣 TW、香港 HK)', 'State / Province' => '州 / 省', 'City / Locality' => '市 / 地區', 'Organization' => '組織名稱', @@ -391,10 +388,10 @@ $LANG['tw'] = array( 'Port' => '連線埠', 'Comment' => '備註', 'Banlist' => '封鎖清單', - 'ranges are acceptable' => 'ranges are acceptable', - 'CIDR format is supported' => 'CIDR format is supported', - 'ACCEPT' => 'ACCEPT', - 'DROP' => 'DROP', + 'ranges are acceptable' => '可接受陣列', + 'CIDR format is supported' => '支援 CIDR 格式', + 'ACCEPT' => '允許', + 'DROP' => '封鎖', 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP' => 'ICMP', @@ -403,11 +400,11 @@ $LANG['tw'] = array( 'VESTA' => 'VESTA', 'Add one more Name Server' => '新增至少一個域名伺服器', - 'web domain' => 'web 網域', - 'dns domain' => 'dns 網域', - 'dns record' => 'dns 紀錄', - 'mail domain' => 'mail 紀錄', - 'mail account' => 'mail 帳號', + 'web domain' => 'Web 網域', + 'dns domain' => 'DNS 網域', + 'dns record' => 'DNS 紀錄', + 'mail domain' => 'Mail 紀錄', + 'mail account' => 'Mail 帳號', 'cron job' => '任務排程', 'cron' => '任務排程', @@ -426,71 +423,71 @@ $LANG['tw'] = array( '%s databases' => '%s 個資料庫', '1 cron job' => '1 個任務排程', '%s cron jobs' => '%s 個任務排程', - '1 archive' => '1 壓縮', - '%s archives' => '%s 壓縮', + '1 archive' => '1 個壓縮', + '%s archives' => '%s 個壓縮', '1 item' => '1 個項目', '%s items' => '%s 個項目', '1 package' => '1 種方案', - '%s packages' => '%s 整方案', + '%s packages' => '%s 種方案', '1 IP address' => '1 個 IP 位置', '%s IP addresses' => '%s 個 IP 位置', - '1 month' => '1 月', - '%s months' => '%s 月', - '1 log record' => '1 系統記錄', - '%s log records' => '%s 系統記錄', + '1 month' => '1 個月', + '%s months' => '%s 個月', + '1 log record' => '1 筆系統記錄', + '%s log records' => '%s 筆系統記錄', '1 object' => '1 個物件', '%s objects' => '%s 個物件', 'no exclusions' => '取消排除', '1 rule' => '1 條規則', '%s rules' => '%s 條規則', - 'There are no currently banned IP' => '目前沒有任何已封鎖的IP', + 'There are no currently banned IP' => '目前沒有任何已封鎖的 IP', - 'USER_CREATED_OK' => '使用者 %s has been 已加入成功!', - 'WEB_DOMAIN_CREATED_OK' => '網域 %s 已加入成功!', - 'DNS_DOMAIN_CREATED_OK' => 'DNS網域 %s 已加入成功!', - 'DNS_RECORD_CREATED_OK' => '記錄 %s.%s 已加入成功!', - 'MAIL_DOMAIN_CREATED_OK' => '信箱網域 %s 已加入成功!', - 'MAIL_ACCOUNT_CREATED_OK' => '信箱帳號 %s@%s 已加入成功!', - 'DATABASE_CREATED_OK' => '資料庫 %s 已加入成功!', - 'CRON_CREATED_OK' => '任務排程 已加入成功!', - 'IP_CREATED_OK' => 'IP位置 %s 已加入成功!', - 'PACKAGE_CREATED_OK' => '方案 %s 已加入成功!', - 'SSL_GENERATED_OK' => '已成功產生 SSL 憑證!', - 'RULE_CREATED_OK' => '已成功加入規則!', + 'USER_CREATED_OK' => '使用者 %s has been 已加入成功!', + 'WEB_DOMAIN_CREATED_OK' => '網域 %s 已加入成功!', + 'DNS_DOMAIN_CREATED_OK' => 'DNS 網域 %s 已加入成功!', + 'DNS_RECORD_CREATED_OK' => '記錄 %s.%s 已加入成功!', + 'MAIL_DOMAIN_CREATED_OK' => '信箱網域 %s 已加入成功!', + 'MAIL_ACCOUNT_CREATED_OK' => '信箱帳號 %s@%s 已加入成功!', + 'DATABASE_CREATED_OK' => '資料庫 %s 已加入成功!', + 'CRON_CREATED_OK' => '任務排程 已加入成功!', + 'IP_CREATED_OK' => 'IP 位置 %s 已加入成功!', + 'PACKAGE_CREATED_OK' => '方案 %s 已加入成功!', + 'SSL_GENERATED_OK' => '已成功產生 SSL 憑證!', + 'RULE_CREATED_OK' => '已成功加入規則!', 'BANLIST_CREATED_OK' => 'IP 位置已經成功封鎖', - 'Autoupdate has been successfully enabled' => '自動更新已成功啟動', - 'Autoupdate has been successfully disabled' => '自動更新已成功關閉', - 'Cronjob email reporting has been successfully enabled' => '任務排程 電子郵件回報已成功啟動', - 'Cronjob email reporting has been successfully disabled' => '任務排程 電子郵件回報已成功關閉', - 'Changes has been saved.' => '已儲存更改', + 'Autoupdate has been successfully enabled' => '「自動更新」已成功啟動', + 'Autoupdate has been successfully disabled' => '「自動更新」已成功關閉', + 'Cronjob email reporting has been successfully enabled' => '「任務排程電子郵件回報」已成功啟動', + 'Cronjob email reporting has been successfully disabled' => '「任務排程電子郵件回報」已成功關閉', + 'Changes has been saved.' => '已儲存變更', 'Confirmation' => '確認', - 'DELETE_USER_CONFIRMATION' => '確定要刪除使用者 %s 嗎?', - 'SUSPEND_USER_CONFIRMATION' => '確定要封鎖使用者 %s 嗎?', - 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除封鎖使用者 %s 嗎?', - 'DELETE_DOMAIN_CONFIRMATION' => '確定要刪除網域 %s 嗎?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要封鎖網域 %s 嗎?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除封鎖網域 %s 嗎?', - 'DELETE_RECORD_CONFIRMATION' => '確定要刪除記錄 %s 嗎?', - 'SUSPEND_RECORD_CONFIRMATION' => '確定要封鎖記錄 %s 嗎?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除封鎖紀錄 %s 嗎?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '確定要刪除 %s 嗎?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要封鎖 %s 嗎?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除封鎖 %s 嗎?', - 'DELETE_DATABASE_CONFIRMATION' => '確定要刪除資料庫 %s 嗎?', - 'SUSPEND_DATABASE_CONFIRMATION' => '確定要封鎖資料庫 %s 嗎?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除封鎖資料庫 %s 嗎?', - 'DELETE_CRON_CONFIRMATION' => '確定要刪除 任務排程嗎?', - 'SUSPEND_CRON_CONFIRMATION' => '確定要封鎖 任務排程嗎?', - 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除封鎖 任務排程嗎?', - 'DELETE_BACKUP_CONFIRMATION' => '確定要刪除 %s 備份嗎?', - 'DELETE_EXCLUSION_CONFIRMATION' => '確定要刪除 %s 例外嗎?', - 'DELETE_PACKAGE_CONFIRMATION' => '確定要方案 %s 嗎?', - 'DELETE_IP_CONFIRMATION' => '確定要刪除IP地址 %s 嗎?', - 'DELETE_RULE_CONFIRMATION' => '確定要刪除規則 #%s 嗎?', - 'SUSPEND_RULE_CONFIRMATION' => '確定要封鎖規則 #%s 嗎?', - 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除封鎖規則 #%s 嗎?', - 'LEAVE_PAGE_CONFIRMATION' => '離開?', - 'RESTART_CONFIRMATION' => '確定要重新啟動 %s 嗎?', + 'DELETE_USER_CONFIRMATION' => '確定要刪除使用者 %s 嗎?', + 'SUSPEND_USER_CONFIRMATION' => '確定要停用使用者 %s 嗎?', + 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除停用使用者 %s 嗎?', + 'DELETE_DOMAIN_CONFIRMATION' => '確定要刪除網域 %s 嗎?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要停用網域 %s 嗎?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除停用網域 %s 嗎?', + 'DELETE_RECORD_CONFIRMATION' => '確定要刪除記錄 %s 嗎?', + 'SUSPEND_RECORD_CONFIRMATION' => '確定要停用記錄 %s 嗎?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除停用紀錄 %s 嗎?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '確定要刪除 %s 嗎?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要停用 %s 嗎?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除停用 %s 嗎?', + 'DELETE_DATABASE_CONFIRMATION' => '確定要刪除資料庫 %s 嗎?', + 'SUSPEND_DATABASE_CONFIRMATION' => '確定要停用資料庫 %s 嗎?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除停用資料庫 %s 嗎?', + 'DELETE_CRON_CONFIRMATION' => '確定要刪除 任務排程嗎?', + 'SUSPEND_CRON_CONFIRMATION' => '確定要停用 任務排程嗎?', + 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除停用 任務排程嗎?', + 'DELETE_BACKUP_CONFIRMATION' => '確定要刪除 %s 備份嗎?', + 'DELETE_EXCLUSION_CONFIRMATION' => '確定要刪除 %s 例外嗎?', + 'DELETE_PACKAGE_CONFIRMATION' => '確定要刪除方案 %s 嗎?', + 'DELETE_IP_CONFIRMATION' => '確定要刪除 IP 地址 %s 嗎?', + 'DELETE_RULE_CONFIRMATION' => '確定要刪除防火牆規則 #%s 嗎?', + 'SUSPEND_RULE_CONFIRMATION' => '確定要停用防火牆規則 #%s 嗎?', + 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除停用防火牆規則 #%s 嗎?', + 'LEAVE_PAGE_CONFIRMATION' => '確定離開嗎?', + 'RESTART_CONFIRMATION' => '確定要重新啟動 %s 嗎?', 'Welcome' => '歡迎', 'LOGGED_IN_AS' => '以使用者身份 %s 登入', 'Error' => '錯誤', @@ -498,20 +495,20 @@ $LANG['tw'] = array( 'Invalid username or code' => '無效的使用者名稱或驗證碼.', 'Passwords not match' => '密碼錯誤', 'Please enter valid email address.' => '請輸入正確的信箱', - 'Field "%s" can not be blank.' => '"%s" 不能為空白', - 'Password is too short.' => '密碼太短', - 'Error code:' => '錯誤代碼: %s', + 'Field "%s" can not be blank.' => '"%s" 欄位不能空白', + 'Password is too short.' => '密碼太短。', + 'Error code:' => '錯誤代碼:%s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失敗', 'IP address is in use' => 'IP 位置正在使用中', 'BACKUP_SCHEDULED' => '您的要求已加入隊列中,備份完成後會再以電子郵件通知您', - 'BACKUP_EXISTS' => '已經有一個備份正在執行中,請等待備份完成後再操作', - 'RESTORE_SCHEDULED' => '您的要求已加入隊列中,回復完成後會再以電子郵件通知您', - 'RESTORE_EXISTS' => '已經有一個回復正在執行中,請等待備份完成後再操作', + 'BACKUP_EXISTS' => '已經有一個備份正在執行中,請等待備份完成後再動作', + 'RESTORE_SCHEDULED' => '您的要求已加入隊列中,還原完成後會再以電子郵件通知您', + 'RESTORE_EXISTS' => '已經有一個還原正在執行中,請等待備份完成後再動作', - 'WEB_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用*。排除特定的資料夾請依照這個格式: Example.com:public_html/cache:public_html/tmp', - 'DNS_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用*', - 'MAIL_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用*。要排除特定使用者請依照這個格式: Example.com:info:support:postmaster', - 'DB_EXCLUSIONS' => '輸入完整資料庫名城,每行一個資料庫。如要排除備份所有資料庫請使用*', + 'WEB_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用「*」。排除特定的資料夾請依照這個格式:Example.com:public_html/cache:public_html/tmp', + 'DNS_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用「*」', + 'MAIL_EXCLUSIONS' => '輸入網域名稱,每行一個網域。如要排除備份所有網域請使用「*」。要排除特定使用者請依照這個格式:Example.com:info:support:postmaster', + 'DB_EXCLUSIONS' => '輸入完整資料庫名城,每行一個資料庫。如要排除備份所有資料庫請使用「*」', 'CRON_EXCLUSIONS' => '要排除備份所有任務排程請使用*', 'USER_EXCLUSIONS' => '輸入要排除備份的資料夾名稱,每行一個資料夾。如要排除備份所有資料夾請使用*', @@ -519,13 +516,13 @@ $LANG['tw'] = array( 'MAIL_FROM' => 'Vesta 管理系統 ', 'GREETINGS_GORDON_FREEMAN' => "您好, %s %s,\n", 'GREETINGS' => "您好,\n", - 'ACCOUNT_READY' => "您的帳號已成功建立,並可以開始使用了!\n\nhttps://%s/login/\n使用者名稱: %s\n密碼: %s\n\n--\nVesta Control Panel\n", + 'ACCOUNT_READY' => "您的帳號已成功建立,並可以開始使用了!\n\nhttps://%s/login/\n使用者名稱:%s\n密碼:%s\n\n--\nVesta Control Panel\n", 'FTP login credentials' => 'FTP 登入資料', - 'FTP_ACCOUNT_READY' => "FTP帳號已成功建立,並可以開始使用了!\n\n主機名稱: %s\n使用者名稱: %s_%s\n密碼: %s\n\n--\nVesta Control Panel\n", + 'FTP_ACCOUNT_READY' => "FTP 帳號已成功建立,並可以開始使用了!\n\n主機名稱:%s\n使用者名稱:%s_%s\n密碼:%s\n\n--\nVesta Control Panel\n", 'Database Credentials' => '資料庫 登入資料', - 'DATABASE_READY' => "資料庫已加入成功!\n\n資料庫名稱: %s\n使用者名稱: %s\n密碼: %s\n%s\n\n--\nVesta Control Panel\n", + 'DATABASE_READY' => "資料庫已加入成功!\n\n資料庫名稱:%s\n使用者名稱:%s\n密碼:%s\n%s\n\n--\nVesta Control Panel\n", 'forgot password' => '忘記密碼', 'Confirm' => '確認', @@ -534,22 +531,22 @@ $LANG['tw'] = array( 'Reset' => '重設', 'Reset Code' => '重設代碼', 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => '密買重設代碼已發送到您的信箱
', - 'MAIL_RESET_SUBJECT' => '密碼重置在 %s', - 'PASSWORD_RESET_REQUEST' => "重置密碼請點擊連結:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 輸入密碼重設代碼:\n%s\n\n如果您沒有要求重設密碼,請忽略此郵件\n\n—\nVesta Control Panel\n", + 'RESET_CODE_SENT' => '密碼重設代碼已傳送到您的信箱
', + 'MAIL_RESET_SUBJECT' => '密碼重設在 %s', + 'PASSWORD_RESET_REQUEST' => "重設密碼請點擊連結:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 輸入密碼重設代碼:\n%s\n\n如果您沒有要求重設密碼,請忽略此郵件\n\n—\nVesta Control Panel\n", - 'Jan' => '1月', - 'Feb' => '2月', - 'Mar' => '3月', - 'Apr' => '4月', - 'May' => '5月', - 'Jun' => '6月', - 'Jul' => '7月', - 'Aug' => '8月', - 'Sep' => '9月', - 'Oct' => '10月', - 'Nov' => '11月', - 'Dec' => '12月', + 'Jan' => '一月', + 'Feb' => '二月', + 'Mar' => '三月', + 'Apr' => '四月', + 'May' => '五月', + 'Jun' => '六月', + 'Jul' => '七月', + 'Aug' => '八月', + 'Sep' => '九月', + 'Oct' => '十月', + 'Nov' => '十一月', + 'Dec' => '十二月', 'Configuring Server' => '設定主機', 'Hostname' => '主機名稱', @@ -558,12 +555,13 @@ $LANG['tw'] = array( 'Proxy Server' => 'Proxy 伺服器', 'Web Server' => 'Web 伺服器', 'Backend Server' => 'Backend 伺服器', - 'Backend Pool Mode' => 'Backend Pool Mode', + 'Backend Pool Mode' => 'Backend 池模式', 'DNS Server' => 'DNS 伺服器', 'DNS Cluster' => 'DNS 叢集', 'MAIL Server' => 'MAIL 伺服器', 'Antivirus' => '病毒防護', 'AntiSpam' => '垃圾郵件防護', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail 路徑', 'MySQL Support' => 'MySQL 支援', 'phpMyAdmin URL' => 'phpMyAdmin 路徑', @@ -573,7 +571,7 @@ $LANG['tw'] = array( 'Current Number Of Databases' => '目前的資料庫數量', 'Local backup' => '本機備份', 'Compression level' => '壓縮等級', - 'Directory' => 'Directory', + 'Directory' => '路徑', 'Remote backup' => '遠端備份', 'ftp' => 'FTP', 'sftp' => 'SFTP', @@ -586,9 +584,9 @@ $LANG['tw'] = array( 'Template Manager' => '模組管理員', 'Backup Migration Manager' => '備份轉移管理員', 'FileManager' => '檔案管理員', - 'show: CPU / MEM / NET / DISK' => '顯示: 處理器 / 記憶體 / 網路 / 硬碟', + 'show: CPU / MEM / NET / DISK' => '顯示:處理器 / 記憶體 / 網路 / 硬碟', - 'sort by' => '排序按照', + 'sort by' => '排序依', 'Date' => '日期', 'Starred' => '加註星號', 'Name' => '名稱', @@ -611,8 +609,8 @@ $LANG['tw'] = array( 'ARCHIVE' => '壓縮', 'EXTRACT' => '解壓縮', 'DOWNLOAD' => '下載', - 'Are you sure?' => '確定嗎?', - 'Hit' => 'Hit', + 'Are you sure?' => '確定嗎?', + 'Hit' => '點擊', 'to reload the page' => '重新整理頁面', 'Directory name cannot be empty' => '資料夾名稱不能為空白', 'File name cannot be empty' => '檔案名稱不能為空白', @@ -664,18 +662,18 @@ $LANG['tw'] = array( 'Cancel saving form' => '不要儲存設定', 'Go to USER list' => '回到使用者列表', 'Go to WEB list' => '回到網站列表', - 'Go to DNS list' => '回到DNS列表', + 'Go to DNS list' => '回到 DNS 列表', 'Go to MAIL list' => '回到郵件列表', 'Go to DB list' => '回到資料庫列表', 'Go to CRON list' => '回到任務排程列表', 'Go to BACKUP list' => '回到備份列表', 'Focus on search' => '搜尋', 'Display/Close shortcuts' => '顯示/關閉 快捷鍵列表', - 'Move backward through top menu' => '在頂置選單中向左移動', - 'Move forward through top menu' => '在頂置選單中向右移動', + 'Move backward through top menu' => '在頂部選單中向左移動', + 'Move forward through top menu' => '在頂部選單中向右移動', 'Enter focused element' => '進入選擇的選項', - 'Move up through elements list' => '往上查看列表', - 'Move down through elements list' => '往下查看列表', + 'Move up through elements list' => '往上檢視列表', + 'Move down through elements list' => '往下檢視列表', 'Upload' => '上傳', 'New File' => '新增檔案', @@ -708,13 +706,13 @@ $LANG['tw'] = array( 'Disable and Cancel Licence' => '刪除並且取消授權', 'Licence Activated' => '授權已啟用', 'Licence Deactivated' => '授權已停用', - 'Restrict users so that they cannot use SSH and access only their home directory.' => '禁止使用者使用SSH,並且只能存取他們自己的資料夾', - 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '瀏覽、複製、編輯、存取你所有的網站資料使用全能的檔案管理員', + 'Restrict users so that they cannot use SSH and access only their home directory.' => '禁止使用者使用 SSH,並且只能存取他們自己的資料夾', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '使用全能的檔案管理員瀏覽、複製、編輯、存取你所有的網站資料', 'This is a commercial module, you would need to purchace license key to enable it.' => '這是一個付費模組,您需要購買授權金鑰才能啟用它。', - 'Minutes' => '分', + 'Minutes' => '分鐘', 'Hourly' => '小時', - 'Run Command' => '執行命令', + 'Run Command' => '執行指令', 'every month' => '每月', 'every odd month' => '奇數月', 'every even month' => '偶數月', @@ -740,14 +738,14 @@ $LANG['tw'] = array( 'webalizer' => 'webalizer', 'awstats' => 'awstats', - 'Vesta SSL' => 'Vesta SSL', - 'SUBJECT' => 'SUBJECT', - 'ALIASES' => 'ALIASES', - 'NOT_BEFORE' => 'NOT_BEFORE', - 'NOT_AFTER' => 'NOT_AFTER', - 'SIGNATURE' => 'SIGNATURE', - 'PUB_KEY' => 'PUB_KEY', - 'ISSUER' => 'ISSUER', + 'Vesta SSL' => 'Vesta 後台 SSL', + 'SUBJECT' => '主體名稱', + 'ALIASES' => '主體別名', + 'NOT_BEFORE' => '有效期自', + 'NOT_AFTER' => '有效期到', + 'SIGNATURE' => '簽章演算法', + 'PUB_KEY' => '公開金鑰', + 'ISSUER' => '簽發者', 'Use server hostname' => '使用伺服器主機名稱', 'Use domain hostname' => '使用網域主機名稱', @@ -756,7 +754,7 @@ $LANG['tw'] = array( 'No encryption' => '不加密', 'Do not use encryption' => '不要使用加密', - 'maximum characters length, including prefix' => '最多 %s 字元(包含前綴)', + 'maximum characters length, including prefix' => '最多 %s 字元 (包含前綴)', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => '信箱登入資訊', ); diff --git a/web/inc/i18n/ua.php b/web/inc/i18n/ua.php index cf47496d..136cc73f 100644 --- a/web/inc/i18n/ua.php +++ b/web/inc/i18n/ua.php @@ -560,6 +560,7 @@ $LANG['ua'] = array( 'MAIL Server' => 'MAIL сервер', 'Antivirus' => 'Антивірус', 'AntiSpam' => 'АнтиСпам', + 'Use Web Domain SSL Certificate' => 'Використовувати SSL сертифікат веб домену', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Підтримка MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ur.php b/web/inc/i18n/ur.php index d01a401d..2c95e821 100644 --- a/web/inc/i18n/ur.php +++ b/web/inc/i18n/ur.php @@ -70,6 +70,7 @@ $LANG['ur'] = array( 'Back' => 'پیچھے', 'Save' => 'محفوظ کریں', 'Submit' => 'جمع', + 'toggle all' => 'تمام ٹاگل', 'apply to selected' => 'منتخب شدہ پر لاگو', 'rebuild' => 'تعمیر نو', @@ -108,6 +109,7 @@ $LANG['ur'] = array( 'enable autoupdate' => 'آٹو اپ ڈیٹ کو چالو', 'disable autoupdate' => 'غیر فعال آٹو اپ ڈیٹ', 'configure' => 'ترتیب دے', + 'Adding User' => 'شامل کرنے صارف', 'Editing User' => 'ترمیم صارف', 'Adding Domain' => 'ڈومین کو شامل کرنے سے', @@ -135,6 +137,7 @@ $LANG['ur'] = array( 'Adding Firewall Rule' => 'فصیل اصول کو شامل کرنے سے', 'Editing Firewall Rule' => 'ترمیم فصیل اصول', 'Adding IP Address to Banlist' => 'Banlist کرنے IP ایڈریس کو شامل کرنے سے', + 'active' => 'فعال', 'spnd' => 'معطل', 'suspended' => 'معطل', @@ -142,6 +145,7 @@ $LANG['ur'] = array( 'stopped' => 'بند کر دیا', 'outdated' => 'فرسودہ', 'updated' => 'اپ ڈیٹ', + 'yes' => 'جی ہاں', 'no' => 'نہیں', 'none' => 'کوئی بھی', @@ -392,14 +396,17 @@ $LANG['ur'] = array( 'FTP' => 'FTP', 'VESTA' => 'Vesta کی', 'Add one more Name Server' => 'ایک اور نام سرور شامل کریں', + 'web domain' => 'ویب ڈومین', 'dns domain' => 'DNS ڈومین', 'dns record' => 'DNS ریکارڈ', 'mail domain' => 'میل ڈومین', 'mail account' => 'میل اکاؤنٹ', 'cron job' => 'کرون کام', + 'cron' => 'کرون', 'user dir' => 'صارف دیر', + 'unlimited' => 'لامحدود', '1 account' => '1 اکاؤنٹ', '%s accounts' => '٪s کے اکاؤنٹس', @@ -494,12 +501,14 @@ $LANG['ur'] = array( 'BACKUP_EXISTS' => 'ایک موجودہ بیک اپ کو پہلے ہی چل رہا ہے. کہ بیک اپ کو ختم کرنے کے لئے براہ کرم انتظار کریں.', 'RESTORE_SCHEDULED' => 'ٹاسک قطار میں شامل کیا گیا ہے. جب آپ کو بحال مکمل کیا گیا ہے آپ کو ایک ای میل کی اطلاع وصول کریں گے.', 'RESTORE_EXISTS' => 'ایک موجودہ بحالی کا کام پہلے سے ہی چل رہا ہے. جو اسے دوبارہ شروع کرنے سے پہلے ختم کرنے کے لئے براہ کرم انتظار کریں.', + 'WEB_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *. شکل مندرجہ ذیل مخصوص dirs استعمال کو خارج کرنے کے لئے: domain.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *', 'MAIL_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *. شکل مندرجہ ذیل مخصوص اکاؤنٹس کے استعمال کو خارج کرنے کے لئے: domain.com:info:support:postmaster', 'DB_EXCLUSIONS' => 'مکمل ڈیٹا بیس کا نام ٹائپ کریں، فی لائن ایک. تمام ڈیٹا بیس کا استعمال کرتے خارج کرنے کے *', 'CRON_EXCLUSIONS' => 'تمام ملازمتوں کا استعمال کرتے خارج کرنے کے *', 'USER_EXCLUSIONS' => 'قسم ڈائریکٹری کا نام ہے، ایک فی لائن. تمام dirs استعمال کرتے exlude کرنے *', + 'Welcome to Vesta Control Panel' => 'Vesta کی کنٹرول پینل میں خوش آمدید', 'MAIL_FROM' => ' Vesta کی کنٹرول پینل ', 'GREETINGS_GORDON_FREEMAN' => "ہیلو, %s %s,\n", @@ -535,6 +544,7 @@ $LANG['ur'] = array( 'Oct' => 'اکتوبر', 'Nov' => 'نومبر', 'Dec' => 'دسمبر', + 'Configuring Server' => 'ترتیب سرور', 'Hostname' => 'میزبان کا نام', 'Time Zone' => 'ٹائم زون', @@ -548,6 +558,7 @@ $LANG['ur'] = array( 'MAIL Server' => 'میل سرور', 'Antivirus' => 'اینٹی وائرس', 'AntiSpam' => 'اینٹی سپیم', + 'Use Web Domain SSL Certificate' => 'ایس ایس ایل ویب ڈومین سرٹیفکیٹ کااستعمال کریں', 'Webmail URL' => 'ویب میل URL', 'MySQL Support' => 'ایس کیو ایل کی معاونت کی', 'phpMyAdmin URL' => 'phpMyAdmin کے یو آر ایل', @@ -571,11 +582,14 @@ $LANG['ur'] = array( 'Backup Migration Manager' => 'بیک اپ مائیگریشن مینیجر', 'FileManager' => 'فائل مینیجر', 'show: CPU / MEM / NET / DISK' => 'دکھائیں: CPU / MEM / NET / ڈسک', + 'sort by' => 'بہ ترتیب', 'Date' => 'تاریخ', 'Starred' => 'ستارے کے نشان', 'Name' => 'نام', + 'save to favorites' => 'پسندیدہ میں محفوظ کریں', + 'File Manager' => 'فائل منیجر', 'size' => 'سائز', 'date' => 'تاریخ', @@ -638,6 +652,7 @@ $LANG['ur'] = array( 'read by others' => 'دوسروں کی طرف سے پڑھا', 'write by others' => 'دوسروں کی طرف سے لکھ', 'execute/search by others' => 'پھانسی دوسروں کی طرف سے / تلاش', + 'Shortcuts' => 'شارٹ کٹ', 'Add New object' => 'نیا اعتراض شامل کریں', 'Save Form' => 'فارم محفوظ کریں', @@ -656,6 +671,7 @@ $LANG['ur'] = array( 'Enter focused element' => 'مرکوز عنصر درج', 'Move up through elements list' => 'عناصر فہرست کے ذریعے اوپر منتقل کریں', 'Move down through elements list' => 'عناصر فہرست کے ذریعے نیچے لے جائیں', + 'Upload' => 'اپ لوڈ کریں', 'New File' => 'نئی فائل', 'New Folder' => 'نیا فولڈر', @@ -679,6 +695,7 @@ $LANG['ur'] = array( 'Select All Files' => 'تمام فائلوں کو منتخب', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => '.فائل مینیجر Midnight Commander شارٹ کٹ شاندار GNU سے متاثر ہیں', + 'Licence Key' => 'لائسنس کلید', 'Enter License Key' => 'لائسنس کلید درج کریں', 'Buy Licence' => 'ابھی لائسنس', @@ -689,6 +706,7 @@ $LANG['ur'] = array( 'Restrict users so that they cannot use SSH and access only their home directory.' => 'وہ SSH اور رسائی صرف ان کے گھر کی ڈائریکٹری کا استعمال نہیں کر سکتے ہیں تاکہ صارفین کو محدود کریں.', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'براؤز کریں، کاپی، ترمیم، دیکھیں، اور مکمل طور پر نمایاں فائل مینیجر کا استعمال کرتے ہوئے آپ کی ویب ڈومین فائلوں کی تمام بازیافت.', 'This is a commercial module, you would need to purchace license key to enable it.' => 'یہ ایک تجارتی ماڈیول ہے، آپ اسے چالو کرنے کے لئے لائسنس کی چابی purchace کرنے کی ضرورت گا.', + 'Minutes' => 'منٹس', 'Hourly' => 'گھنٹہ وار', 'Run Command' => 'چلائیں کمان', @@ -713,8 +731,10 @@ $LANG['ur'] = array( 'every two minutes' => 'ہر دو منٹ', 'every' => 'ہر کوئی', 'Generate' => 'بنائیں', + 'webalizer' => 'webalizer', 'awstats' => 'awstats', + 'Vesta SSL' => 'Vesta کی SSL', 'SUBJECT' => 'مضمون', 'ALIASES' => 'عرفیتیں', @@ -723,14 +743,18 @@ $LANG['ur'] = array( 'SIGNATURE' => 'دستخط', 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', + 'Use server hostname' => 'سرور استعمال میزبان نام', 'Use domain hostname' => 'ڈومین کا استعمال میزبان نام', 'Use STARTTLS' => 'STARTTLS استعمال', 'Use SSL' => 'SSL استعمال کریں', 'No encryption' => 'کوئی خفیہ کاری', 'Do not use encryption' => 'خفیہ کاری کا استعمال نہ کریں', + 'maximum characters length, including prefix' => 'زیادہ سے زیادہ ٪s کو حروف لمبائی، سابقہ سم', + 'Email Credentials' => 'ای میل کی سند', + '%s rule' => 'قواعد %s', 'MainDomain' => 'اہم ڈومین', 'SubDomain' => 'ذیلی ڈومین', diff --git a/web/inc/i18n/vi.php b/web/inc/i18n/vi.php index 40d40cbe..2de145b4 100644 --- a/web/inc/i18n/vi.php +++ b/web/inc/i18n/vi.php @@ -562,6 +562,7 @@ $LANG['vi'] = array( 'MAIL Server' => 'Máy chủ MAIL', 'Antivirus' => 'Trình diệt virus', 'AntiSpam' => 'Trình chống spam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Đường dẫn Webmail', 'MySQL Support' => 'Hỗ trợ MySQL', 'phpMyAdmin URL' => 'Đường dẫn phpMyAdmin', diff --git a/web/list/directory/index.php b/web/list/directory/index.php index 737e19db..12919b14 100644 --- a/web/list/directory/index.php +++ b/web/list/directory/index.php @@ -24,8 +24,8 @@ if (empty($panel)) { $panel = json_decode(implode('', $output), true); } -$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : ''; -$path_b = !empty($_REQUEST['dir_b']) ? $_REQUEST['dir_b'] : ''; +$path_a = !empty($_REQUEST['dir_a']) ? htmlentities($_REQUEST['dir_a']) : ''; +$path_b = !empty($_REQUEST['dir_b']) ? htmlentities($_REQUEST['dir_b']) : ''; $GLOBAL_JS = ''; $GLOBAL_JS .= ''; $GLOBAL_JS .= ''; diff --git a/web/list/dns/index.php b/web/list/dns/index.php index df5b4a83..c98b8e47 100644 --- a/web/list/dns/index.php +++ b/web/list/dns/index.php @@ -14,7 +14,7 @@ if (empty($_GET['domain'])){ render_page($user, $TAB, 'list_dns'); } else { - exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-dns-records ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); $data = json_decode(implode('', $output), true); $data = array_reverse($data, true); unset($output); diff --git a/web/list/mail/index.php b/web/list/mail/index.php index 6b767768..56c42a73 100644 --- a/web/list/mail/index.php +++ b/web/list/mail/index.php @@ -14,7 +14,7 @@ if (empty($_GET['domain'])){ render_page($user, $TAB, 'list_mail'); } else { - exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var); + exec (VESTA_CMD."v-list-mail-accounts ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); $data = json_decode(implode('', $output), true); $data = array_reverse($data, true); unset($output); diff --git a/web/list/stats/index.php b/web/list/stats/index.php index c758705a..3c730632 100644 --- a/web/list/stats/index.php +++ b/web/list/stats/index.php @@ -20,7 +20,7 @@ if ($user == 'admin') { unset($output); } - exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); } else { diff --git a/web/login/index.php b/web/login/index.php index 4be64ecc..08074b3e 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -14,9 +14,6 @@ if (isset($_GET['logout'])) { session_destroy(); } - - - // Login as someone else if (isset($_SESSION['user'])) { if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) { @@ -36,62 +33,85 @@ if (isset($_SESSION['user'])) { if (isset($_POST['user']) && isset($_POST['password'])) { if(isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) { $v_user = escapeshellarg($_POST['user']); + $v_ip = escapeshellarg($_SERVER['REMOTE_ADDR']); - // Send password via tmp file - $v_password = exec('mktemp -p /tmp'); - $fp = fopen($v_password, "w"); - fwrite($fp, $_POST['password']."\n"); - fclose($fp); - - // Check user & password - exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']), $output, $return_var); - unset($output); - - // Remove tmp file - unlink($v_password); - - // Check API answer + // Get user's salt + $output = ''; + exec (VESTA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var); + $pam = json_decode(implode('', $output), true); if ( $return_var > 0 ) { $ERROR = "".__('Invalid username or password').""; - } else { + $user = $_POST['user']; + $password = $_POST['password']; + $salt = $pam[$user]['SALT']; + $method = $pam[$user]['METHOD']; - // Make root admin user - if ($_POST['user'] == 'root') $v_user = 'admin'; - - // Get user speciefic parameters - exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var); - $data = json_decode(implode('', $output), true); - - // Define session user - $_SESSION['user'] = key($data); - $v_user = $_SESSION['user']; - - // Get user favorites - get_favourites(); - - // Define language - $output = ''; - exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); - $languages = json_decode(implode('', $output), true); - if(in_array($data[$v_user]['LANGUAGE'], $languages)){ - $_SESSION['language'] = $data[$v_user]['LANGUAGE']; + if ($method == 'md5' ) { + $hash = crypt($password, '$1$'.$salt.'$'); } - else { - $_SESSION['language'] = 'en'; + if ($method == 'sha-512' ) { + $hash = crypt($password, '$6$rounds=5000$'.$salt.'$'); + $hash = str_replace('$rounds=5000','',$hash); + } + if ($method == 'des' ) { + $hash = crypt($password, $salt); } - - // Regenerate session id to prevent session fixation - session_regenerate_id(); - // Redirect request to control panel interface - if (!empty($_SESSION['request_uri'])) { - header("Location: ".$_SESSION['request_uri']); - unset($_SESSION['request_uri']); - exit; + // Send hash via tmp file + $v_hash = exec('mktemp -p /tmp'); + $fp = fopen($v_hash, "w"); + fwrite($fp, $hash."\n"); + fclose($fp); + + // Check user hash + exec(VESTA_CMD ."v-check-user-hash ".$v_user." ".$v_hash." ".$v_ip, $output, $return_var); + unset($output); + + // Remove tmp file + unlink($v_hash); + + // Check API answer + if ( $return_var > 0 ) { + $ERROR = "".__('Invalid username or password').""; } else { - header("Location: /"); - exit; + + // Make root admin user + if ($_POST['user'] == 'root') $v_user = 'admin'; + + // Get user speciefic parameters + exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var); + $data = json_decode(implode('', $output), true); + + // Define session user + $_SESSION['user'] = key($data); + $v_user = $_SESSION['user']; + + // Get user favorites + get_favourites(); + + // Define language + $output = ''; + exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); + $languages = json_decode(implode('', $output), true); + if (in_array($data[$v_user]['LANGUAGE'], $languages)){ + $_SESSION['language'] = $data[$v_user]['LANGUAGE']; + } else { + $_SESSION['language'] = 'en'; + } + + // Regenerate session id to prevent session fixation + session_regenerate_id(); + + // Redirect request to control panel interface + if (!empty($_SESSION['request_uri'])) { + header("Location: ".$_SESSION['request_uri']); + unset($_SESSION['request_uri']); + exit; + } else { + header("Location: /"); + exit; + } } } } else { diff --git a/web/reset/index.php b/web/reset/index.php index abde3c14..842dd2f3 100644 --- a/web/reset/index.php +++ b/web/reset/index.php @@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); $rkey = $data[$user]['RKEY']; - if ($rkey == $_POST['code']) { + if (hash_equals($rkey, $_POST['code'])) { $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php index 9315d041..2e7d8c72 100644 --- a/web/reset/mail/index.php +++ b/web/reset/mail/index.php @@ -5,6 +5,23 @@ error_reporting(NULL); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Checking IP of incoming connection, checking is it NAT address +$ok=0; +$ip=$_SERVER['REMOTE_ADDR']; +exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var); +$output=implode('', $output); +$arr=json_decode($output, true); +foreach ($arr as $arr_key => $arr_val) { + // search for NAT IPs and allow them + if ($ip==$arr_key || $ip==$arr_val['NAT']) { + $ok=1; + break; + } +} +if ($ip == $_SERVER['SERVER_ADDR']) $ok=1; +if ($ip == '127.0.0.1') $ok=1; +if ($ok==0) exit; + // // sourceforge.net/projects/postfixadmin/ // md5crypt @@ -107,15 +124,15 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $v_password = $_POST['password']; // Get domain owner - exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var); - if ($return_var == 0) { - $v_user = $output[0]; + exec (VESTA_CMD."v-search-domain-owner ".$v_domain." mail", $output, $return_var); + if (($return_var == 0) && (!empty($output[0]))) { + $v_user = escapeshellarg($output[0]); } unset($output); // Get current md5 hash if (!empty($v_user)) { - exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var); + exec (VESTA_CMD."v-get-mail-account-value ".$v_user." ".$v_domain." ".$v_account." md5", $output, $return_var); if ($return_var == 0) { $v_hash = $output[0]; } @@ -134,7 +151,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $fp = fopen($v_new_password, "w"); fwrite($fp, $_POST['new']."\n"); fclose($fp); - exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); + exec (VESTA_CMD."v-change-mail-account-password ".$v_user." ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); if ($return_var == 0) { echo "ok"; exit; diff --git a/web/restart/service/index.php b/web/restart/service/index.php index 5f42e5e5..eb07e856 100644 --- a/web/restart/service/index.php +++ b/web/restart/service/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['srv'])) { if ($_GET['srv'] == 'iptables') { diff --git a/web/restart/system/index.php b/web/restart/system/index.php index 4facc5a5..4e09745e 100644 --- a/web/restart/system/index.php +++ b/web/restart/system/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['hostname'])) { exec (VESTA_CMD."v-restart-system yes", $output, $return_var); diff --git a/web/templates/admin/add_db.html b/web/templates/admin/add_db.html index fb369af0..74903241 100644 --- a/web/templates/admin/add_db.html +++ b/web/templates/admin/add_db.html @@ -148,6 +148,8 @@ + + diff --git a/web/templates/admin/add_dns_rec.html b/web/templates/admin/add_dns_rec.html index 2c8bebd7..33b4a9be 100644 --- a/web/templates/admin/add_dns_rec.html +++ b/web/templates/admin/add_dns_rec.html @@ -82,6 +82,7 @@ + diff --git a/web/templates/admin/add_mail_acc.html b/web/templates/admin/add_mail_acc.html index 0f2ea2d0..43821cd9 100644 --- a/web/templates/admin/add_mail_acc.html +++ b/web/templates/admin/add_mail_acc.html @@ -158,7 +158,7 @@ : -
william.cage@
+
example@
: diff --git a/web/templates/admin/edit_mail_acc.html b/web/templates/admin/edit_mail_acc.html index c9b7ed85..cf38065d 100644 --- a/web/templates/admin/edit_mail_acc.html +++ b/web/templates/admin/edit_mail_acc.html @@ -165,7 +165,7 @@ : -
william.cage@
+
example@
: diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index 4f142a6a..59683b6d 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -280,13 +280,115 @@

- + + + + + + + + + + + + + + + + + +
+ +
+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+
+ + - @@ -503,7 +605,8 @@ ">

- + + @@ -513,9 +616,10 @@ - + +
- -
+ +
@@ -580,13 +684,54 @@
- +
+ + + + + + + @@ -604,7 +749,7 @@ @@ -615,16 +760,16 @@ : - + @@ -633,7 +778,7 @@ : @@ -641,7 +786,7 @@ : @@ -649,16 +794,15 @@ : - @@ -666,7 +810,7 @@ :
+ +
+ + + + + + + +
+ +
+ +

+
+
@@ -594,7 +739,7 @@
- +
- +
- +
: - +
- +
- +
- +
: - +
- +
@@ -787,7 +931,7 @@ 2Checkout.com Inc. (Ohio, USA) is a payment facilitator for goods and services provided by vestacp.com.'; diff --git a/web/templates/admin/list_dns_rec.html b/web/templates/admin/list_dns_rec.html index a74b8574..24f28103 100644 --- a/web/templates/admin/list_dns_rec.html +++ b/web/templates/admin/list_dns_rec.html @@ -74,11 +74,11 @@ v_unit_id="" v_section="dns_rec">
-
 ↵
+
 ↵
- + diff --git a/web/templates/admin/list_mail.html b/web/templates/admin/list_mail.html index 02536441..6bd27cca 100644 --- a/web/templates/admin/list_mail.html +++ b/web/templates/admin/list_mail.html @@ -74,7 +74,7 @@ } else { $status = 'active'; $spnd_action = 'suspend' ; - $spnd_confirmation = 'UNSUSPEND_DOMAIN_CONFIRMATION' ; + $spnd_confirmation = 'SUSPEND_DOMAIN_CONFIRMATION' ; } if (empty($data[$key]['CATCHALL'])) { $data[$key]['CATCHALL'] = '/dev/null'; diff --git a/web/templates/admin/list_mail_acc.html b/web/templates/admin/list_mail_acc.html index 5433d732..13495ff6 100644 --- a/web/templates/admin/list_mail_acc.html +++ b/web/templates/admin/list_mail_acc.html @@ -90,11 +90,11 @@ sort-star="
-
 ↵
+
 ↵
- + @@ -104,7 +104,7 @@ sort-star=" - + diff --git a/web/templates/admin/list_services.html b/web/templates/admin/list_services.html index 346370e6..6012d2a3 100644 --- a/web/templates/admin/list_services.html +++ b/web/templates/admin/list_services.html @@ -54,7 +54,7 @@
 ↵
-
 R
+
 R
diff --git a/web/templates/user/list_mail.html b/web/templates/user/list_mail.html index 84d9a56c..40284380 100644 --- a/web/templates/user/list_mail.html +++ b/web/templates/user/list_mail.html @@ -72,7 +72,7 @@ } else { $status = 'active'; $spnd_action = 'suspend' ; - $spnd_confirmation = 'UNSUSPEND_DOMAIN_CONFIRMATION' ; + $spnd_confirmation = 'SUSPEND_DOMAIN_CONFIRMATION' ; } if (empty($data[$key]['CATCHALL'])) { $data[$key]['CATCHALL'] = '/dev/null'; diff --git a/web/templates/user/list_mail_acc.html b/web/templates/user/list_mail_acc.html index c7334fa1..8c5ef567 100644 --- a/web/templates/user/list_mail_acc.html +++ b/web/templates/user/list_mail_acc.html @@ -88,11 +88,11 @@ sort-star="
-
 ↵
+
 ↵
- + diff --git a/web/update/vesta/index.php b/web/update/vesta/index.php index a025c7bf..fa7ca2c4 100644 --- a/web/update/vesta/index.php +++ b/web/update/vesta/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['pkg'])) { $v_pkg = escapeshellarg($_GET['pkg']); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 2c9de8af..aedd747c 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1117,37 +1117,12 @@ class UploadHandler $append_file = $content_range && is_file($file_path) && $file->size > $this->get_file_size($file_path); if ($uploaded_file && is_uploaded_file($uploaded_file)) { - // multipart/formdata uploads (POST method uploads) - if ($append_file) { - file_put_contents( - $file_path, - fopen($uploaded_file, 'r'), - FILE_APPEND - ); - } else { - chmod($uploaded_file, 0644); -// move_uploaded_file($uploaded_file, $file_path); - exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." {$uploaded_file} '{$file_path}'", $output, $return_var); - - $error = check_return_code($return_var, $output); - if ($return_var != 0) { - //var_dump(VESTA_CMD . "v-copy-fs-file {$user} {$fn} {$path}"); - //var_dump($path); - //var_dump($output); - $file->error = 'Error while saving file '; -// var_dump(VESTA_CMD . "v-copy-fs-file ". USERNAME ." {$uploaded_file} {$file_path}"); -// var_dump($return_var); -// var_dump($output); -// exit(); - } + chmod($uploaded_file, 0644); + exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." ".$uploaded_file." ".escapeshellarg($file_path), $output, $return_var); + $error = check_return_code($return_var, $output); + if ($return_var != 0) { + $file->error = 'Error while saving file '; } - } else { - // Non-multipart uploads (PUT method support) - file_put_contents( - $file_path, - fopen('php://input', 'r'), - $append_file ? FILE_APPEND : 0 - ); } $file_size = $this->get_file_size($file_path, $append_file); diff --git a/web/view/file/index.php b/web/view/file/index.php index 6605607c..e3e77249 100644 --- a/web/view/file/index.php +++ b/web/view/file/index.php @@ -13,10 +13,10 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) { } if (!empty($_REQUEST['path'])) { - $path = $_REQUEST['path']; + $path = htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8'); if (!empty($_REQUEST['raw'])) { header('content-type: image/jpeg'); - passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($_REQUEST['path'])); + passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path)); exit; } }